# Flog Txt Version 1 # Analyzer Version: 2025.1.1 # Analyzer Build Date: Feb 18 2025 06:34:29 # Log Creation Date: 24.03.2025 11:25:10.541 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\office16\\winword.exe" page_root = "0x45e1a000" os_pid = "0xb30" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x784" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f05b" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4 start_va = 0x40000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 5 start_va = 0x140000 end_va = 0x143fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 6 start_va = 0x150000 end_va = 0x1b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 8 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 9 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 10 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 11 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 12 start_va = 0x210000 end_va = 0x211fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 13 start_va = 0x220000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 14 start_va = 0x230000 end_va = 0x231fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 15 start_va = 0x240000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 16 start_va = 0x340000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 17 start_va = 0x440000 end_va = 0x441fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 18 start_va = 0x450000 end_va = 0x451fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 19 start_va = 0x460000 end_va = 0x461fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 20 start_va = 0x470000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 21 start_va = 0x4c0000 end_va = 0x4c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 22 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 23 start_va = 0x500000 end_va = 0x687fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 24 start_va = 0x690000 end_va = 0x810fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 25 start_va = 0x820000 end_va = 0x1c1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 26 start_va = 0x1c20000 end_va = 0x1cfefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c20000" filename = "" Region: id = 27 start_va = 0x1d50000 end_va = 0x1d50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d50000" filename = "" Region: id = 28 start_va = 0x1d60000 end_va = 0x1d60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 29 start_va = 0x1d70000 end_va = 0x1d74fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d70000" filename = "" Region: id = 30 start_va = 0x1d80000 end_va = 0x1d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 31 start_va = 0x1d90000 end_va = 0x1e4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 32 start_va = 0x1e50000 end_va = 0x1e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e50000" filename = "" Region: id = 33 start_va = 0x1e60000 end_va = 0x1e60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 34 start_va = 0x1e70000 end_va = 0x1e74fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 35 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 36 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 37 start_va = 0x1ea0000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 38 start_va = 0x1f20000 end_va = 0x1f21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 39 start_va = 0x1f30000 end_va = 0x1f3cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 40 start_va = 0x1f40000 end_va = 0x1f40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 41 start_va = 0x1f50000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 42 start_va = 0x1f60000 end_va = 0x1f60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 43 start_va = 0x1f70000 end_va = 0x206ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 44 start_va = 0x2070000 end_va = 0x216ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 45 start_va = 0x21e0000 end_va = 0x21fbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000f.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000f.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000f.db") Region: id = 46 start_va = 0x2200000 end_va = 0x2200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 47 start_va = 0x2210000 end_va = 0x2211fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002210000" filename = "" Region: id = 48 start_va = 0x2220000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 49 start_va = 0x2320000 end_va = 0x25eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 50 start_va = 0x25f0000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 51 start_va = 0x2680000 end_va = 0x2690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 52 start_va = 0x27d0000 end_va = 0x284ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 53 start_va = 0x28b0000 end_va = 0x29affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 54 start_va = 0x29b0000 end_va = 0x2a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 55 start_va = 0x2a30000 end_va = 0x2b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a30000" filename = "" Region: id = 56 start_va = 0x2b60000 end_va = 0x2c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 57 start_va = 0x2c60000 end_va = 0x305ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c60000" filename = "" Region: id = 58 start_va = 0x3060000 end_va = 0x398ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 59 start_va = 0x39e0000 end_va = 0x3adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039e0000" filename = "" Region: id = 60 start_va = 0x3ae0000 end_va = 0x3bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ae0000" filename = "" Region: id = 61 start_va = 0x3be0000 end_va = 0x3cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003be0000" filename = "" Region: id = 62 start_va = 0x3cf0000 end_va = 0x3deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cf0000" filename = "" Region: id = 63 start_va = 0x3df0000 end_va = 0x45effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003df0000" filename = "" Region: id = 64 start_va = 0x4730000 end_va = 0x47aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 65 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 66 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 67 start_va = 0x4800000 end_va = 0x487ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 68 start_va = 0x4880000 end_va = 0x497ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004880000" filename = "" Region: id = 69 start_va = 0x4980000 end_va = 0x4a2afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 70 start_va = 0x4a50000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a50000" filename = "" Region: id = 71 start_va = 0x4b50000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 72 start_va = 0x4d50000 end_va = 0x4e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 73 start_va = 0x4e50000 end_va = 0x4f0cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 74 start_va = 0x5020000 end_va = 0x511ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 75 start_va = 0x5120000 end_va = 0x611ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005120000" filename = "" Region: id = 76 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 77 start_va = 0x6300000 end_va = 0x637ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 78 start_va = 0x6380000 end_va = 0x677ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006380000" filename = "" Region: id = 79 start_va = 0x6780000 end_va = 0x6b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006780000" filename = "" Region: id = 80 start_va = 0x6b80000 end_va = 0x737ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006b80000" filename = "" Region: id = 81 start_va = 0x7380000 end_va = 0x7780fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007380000" filename = "" Region: id = 82 start_va = 0x7790000 end_va = 0x7b90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007790000" filename = "" Region: id = 83 start_va = 0x7ba0000 end_va = 0x7fa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ba0000" filename = "" Region: id = 84 start_va = 0x7fb0000 end_va = 0x81affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fb0000" filename = "" Region: id = 85 start_va = 0x81b0000 end_va = 0x85affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000081b0000" filename = "" Region: id = 86 start_va = 0x37240000 end_va = 0x3724ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000037240000" filename = "" Region: id = 87 start_va = 0x728e0000 end_va = 0x72912fff monitored = 0 entry_point = 0x728e1a80 region_type = mapped_file name = "osppc.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll") Region: id = 88 start_va = 0x77230000 end_va = 0x77329fff monitored = 0 entry_point = 0x7724a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 89 start_va = 0x77330000 end_va = 0x7744efff monitored = 0 entry_point = 0x77345340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 90 start_va = 0x77450000 end_va = 0x775f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 91 start_va = 0x77620000 end_va = 0x77626fff monitored = 0 entry_point = 0x7762106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 92 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 93 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 94 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 95 start_va = 0x13f470000 end_va = 0x13f649fff monitored = 0 entry_point = 0x13f471530 region_type = mapped_file name = "winword.exe" filename = "\\Program Files\\Microsoft Office\\Office16\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\office16\\winword.exe") Region: id = 96 start_va = 0x7febdb30000 end_va = 0x7febdb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007febdb30000" filename = "" Region: id = 97 start_va = 0x7fee4b00000 end_va = 0x7fee55f8fff monitored = 0 entry_point = 0x7fee4bb7a3c region_type = mapped_file name = "chart.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\CHART.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\chart.dll") Region: id = 98 start_va = 0x7fee5600000 end_va = 0x7fee5822fff monitored = 0 entry_point = 0x7fee5602bf0 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\riched20.dll") Region: id = 99 start_va = 0x7fee5830000 end_va = 0x7fee58d8fff monitored = 0 entry_point = 0x7fee5831010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 100 start_va = 0x7fee58e0000 end_va = 0x7fee5a5dfff monitored = 0 entry_point = 0x7fee59e67fc region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 101 start_va = 0x7fee5a60000 end_va = 0x7fee5c2ffff monitored = 0 entry_point = 0x7fee5beef5c region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 102 start_va = 0x7fee5c30000 end_va = 0x7fee5d9ffff monitored = 0 entry_point = 0x7fee5d63158 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msptls.dll") Region: id = 103 start_va = 0x7fee5da0000 end_va = 0x7fee5f1afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 104 start_va = 0x7fee5f20000 end_va = 0x7fee5fdbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\1033\\wwintl.dll") Region: id = 105 start_va = 0x7fee5fe0000 end_va = 0x7feeae1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msores.dll") Region: id = 106 start_va = 0x7feeae20000 end_va = 0x7feeb740fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lres.dll") Region: id = 107 start_va = 0x7feeb750000 end_va = 0x7feeba57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uires.dll") Region: id = 108 start_va = 0x7feeba60000 end_va = 0x7feecd3bfff monitored = 0 entry_point = 0x7feeba6caf0 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 109 start_va = 0x7feecd40000 end_va = 0x7feed50bfff monitored = 0 entry_point = 0x7feecdd5f94 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 110 start_va = 0x7feed510000 end_va = 0x7feeddfafff monitored = 0 entry_point = 0x7feed615a48 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 111 start_va = 0x7feede00000 end_va = 0x7feee277fff monitored = 0 entry_point = 0x7feede79154 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 112 start_va = 0x7feee280000 end_va = 0x7feee583fff monitored = 0 entry_point = 0x7feee326094 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 113 start_va = 0x7feee590000 end_va = 0x7feef6fbfff monitored = 0 entry_point = 0x7feee5953f0 region_type = mapped_file name = "oart.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\oart.dll") Region: id = 114 start_va = 0x7feef700000 end_va = 0x7fef1a9efff monitored = 0 entry_point = 0x7feef7117e0 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\WWLIB.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\wwlib.dll") Region: id = 115 start_va = 0x7fef2240000 end_va = 0x7fef227afff monitored = 0 entry_point = 0x7fef2241238 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 116 start_va = 0x7fef22c0000 end_va = 0x7fef232efff monitored = 0 entry_point = 0x7fef22c1134 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 117 start_va = 0x7fef2330000 end_va = 0x7fef2411fff monitored = 0 entry_point = 0x7fef23ad90c region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 118 start_va = 0x7fef2420000 end_va = 0x7fef24e5fff monitored = 0 entry_point = 0x7fef2480f3c region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 119 start_va = 0x7fef2910000 end_va = 0x7fef2936fff monitored = 0 entry_point = 0x7fef291e06c region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 120 start_va = 0x7fef2fe0000 end_va = 0x7fef31d1fff monitored = 0 entry_point = 0x7fef2fe101c region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 121 start_va = 0x7fef71a0000 end_va = 0x7fef71aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 122 start_va = 0x7fef71b0000 end_va = 0x7fef71b6fff monitored = 0 entry_point = 0x7fef71b1010 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 123 start_va = 0x7fef71c0000 end_va = 0x7fef71c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 124 start_va = 0x7fef8060000 end_va = 0x7fef8218fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 125 start_va = 0x7fef8220000 end_va = 0x7fef8535fff monitored = 0 entry_point = 0x7fef8223e98 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 126 start_va = 0x7fef8540000 end_va = 0x7fef8542fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 127 start_va = 0x7fef8550000 end_va = 0x7fef8554fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 128 start_va = 0x7fef8560000 end_va = 0x7fef8562fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 129 start_va = 0x7fef8570000 end_va = 0x7fef8572fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 130 start_va = 0x7fef8580000 end_va = 0x7fef8582fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 131 start_va = 0x7fef8590000 end_va = 0x7fef8592fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 132 start_va = 0x7fef85a0000 end_va = 0x7fef85abfff monitored = 0 entry_point = 0x7fef85a4150 region_type = mapped_file name = "vcruntime140_1.dll" filename = "\\Windows\\System32\\vcruntime140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll") Region: id = 133 start_va = 0x7fef85b0000 end_va = 0x7fef8640fff monitored = 0 entry_point = 0x7fef8602430 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 134 start_va = 0x7fef8650000 end_va = 0x7fef8653fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 135 start_va = 0x7fef8660000 end_va = 0x7fef8663fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 136 start_va = 0x7fef8670000 end_va = 0x7fef8673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 137 start_va = 0x7fef8680000 end_va = 0x7fef8682fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 138 start_va = 0x7fef8690000 end_va = 0x7fef8692fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 139 start_va = 0x7fef86a0000 end_va = 0x7fef86a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 140 start_va = 0x7fef86b0000 end_va = 0x7fef86b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 141 start_va = 0x7fef86c0000 end_va = 0x7fef86c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 142 start_va = 0x7fef86d0000 end_va = 0x7fef86d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 143 start_va = 0x7fef86e0000 end_va = 0x7fef87d1fff monitored = 0 entry_point = 0x7fef86e9060 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 144 start_va = 0x7fef87e0000 end_va = 0x7fef87f8fff monitored = 0 entry_point = 0x7fef87eee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 145 start_va = 0x7fef8dd0000 end_va = 0x7fef8dd2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 146 start_va = 0x7fef8df0000 end_va = 0x7fef8df3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 147 start_va = 0x7fef9160000 end_va = 0x7fef91d3fff monitored = 0 entry_point = 0x7fef91666f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 148 start_va = 0x7fefa1f0000 end_va = 0x7fefa1fbfff monitored = 0 entry_point = 0x7fefa1f602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 149 start_va = 0x7fefa9d0000 end_va = 0x7fefaa76fff monitored = 0 entry_point = 0x7fefa9e050c region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 150 start_va = 0x7fefaa80000 end_va = 0x7fefaad4fff monitored = 0 entry_point = 0x7fefaab6b20 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 151 start_va = 0x7fefaae0000 end_va = 0x7fefab13fff monitored = 0 entry_point = 0x7fefab07cac region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 152 start_va = 0x7fefaf40000 end_va = 0x7fefaf4afff monitored = 0 entry_point = 0x7fefaf44f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 153 start_va = 0x7fefb010000 end_va = 0x7fefb024fff monitored = 0 entry_point = 0x7fefb0160d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 154 start_va = 0x7fefb480000 end_va = 0x7fefb4f0fff monitored = 0 entry_point = 0x7fefb4becc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 155 start_va = 0x7fefb6f0000 end_va = 0x7fefb700fff monitored = 0 entry_point = 0x7fefb6f1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 156 start_va = 0x7fefb720000 end_va = 0x7fefb849fff monitored = 0 entry_point = 0x7fefb723810 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 157 start_va = 0x7fefb850000 end_va = 0x7fefb884fff monitored = 0 entry_point = 0x7fefb851064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 158 start_va = 0x7fefb890000 end_va = 0x7fefb8a7fff monitored = 0 entry_point = 0x7fefb891130 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 159 start_va = 0x7fefbaa0000 end_va = 0x7fefbcb4fff monitored = 0 entry_point = 0x7fefbc764b0 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 160 start_va = 0x7fefbcc0000 end_va = 0x7fefbd15fff monitored = 0 entry_point = 0x7fefbccbbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 161 start_va = 0x7fefbd20000 end_va = 0x7fefbe4bfff monitored = 0 entry_point = 0x7fefbd294bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 162 start_va = 0x7fefbea0000 end_va = 0x7fefc093fff monitored = 0 entry_point = 0x7fefc02c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 163 start_va = 0x7fefc390000 end_va = 0x7fefc3bcfff monitored = 0 entry_point = 0x7fefc391010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 164 start_va = 0x7fefc560000 end_va = 0x7fefc56bfff monitored = 0 entry_point = 0x7fefc561064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 165 start_va = 0x7fefc990000 end_va = 0x7fefc9d6fff monitored = 0 entry_point = 0x7fefc991064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 166 start_va = 0x7fefcc90000 end_va = 0x7fefcca7fff monitored = 0 entry_point = 0x7fefcc93b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 167 start_va = 0x7fefd230000 end_va = 0x7fefd23afff monitored = 0 entry_point = 0x7fefd231030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 168 start_va = 0x7fefd260000 end_va = 0x7fefd284fff monitored = 0 entry_point = 0x7fefd269658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 169 start_va = 0x7fefd290000 end_va = 0x7fefd29efff monitored = 0 entry_point = 0x7fefd291010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 170 start_va = 0x7fefd340000 end_va = 0x7fefd37cfff monitored = 0 entry_point = 0x7fefd3418f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 171 start_va = 0x7fefd380000 end_va = 0x7fefd393fff monitored = 0 entry_point = 0x7fefd3810e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 172 start_va = 0x7fefd3a0000 end_va = 0x7fefd3aefff monitored = 0 entry_point = 0x7fefd3a19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 173 start_va = 0x7fefd440000 end_va = 0x7fefd44efff monitored = 0 entry_point = 0x7fefd441020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 174 start_va = 0x7fefd450000 end_va = 0x7fefd4bbfff monitored = 0 entry_point = 0x7fefd452780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 175 start_va = 0x7fefd560000 end_va = 0x7fefd59afff monitored = 0 entry_point = 0x7fefd561324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 176 start_va = 0x7fefd5a0000 end_va = 0x7fefd70cfff monitored = 0 entry_point = 0x7fefd5a10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 177 start_va = 0x7fefd710000 end_va = 0x7fefd729fff monitored = 0 entry_point = 0x7fefd711558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 178 start_va = 0x7fefd730000 end_va = 0x7fefd765fff monitored = 0 entry_point = 0x7fefd731474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 179 start_va = 0x7fefd770000 end_va = 0x7fefd79dfff monitored = 0 entry_point = 0x7fefd771010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 180 start_va = 0x7fefd9c0000 end_va = 0x7fefd9defff monitored = 0 entry_point = 0x7fefd9c60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 181 start_va = 0x7fefd9e0000 end_va = 0x7fefdbe2fff monitored = 0 entry_point = 0x7fefda03330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 182 start_va = 0x7fefdbf0000 end_va = 0x7fefe977fff monitored = 0 entry_point = 0x7fefdc6cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 183 start_va = 0x7fefe980000 end_va = 0x7fefeaacfff monitored = 0 entry_point = 0x7fefe9ced50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 184 start_va = 0x7fefeab0000 end_va = 0x7fefeb8afff monitored = 0 entry_point = 0x7fefead0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 185 start_va = 0x7fefeb90000 end_va = 0x7fefec2efff monitored = 0 entry_point = 0x7fefeb925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 186 start_va = 0x7fefec30000 end_va = 0x7fefec7cfff monitored = 0 entry_point = 0x7fefec31070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 187 start_va = 0x7fefec80000 end_va = 0x7fefed88fff monitored = 0 entry_point = 0x7fefec81064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 188 start_va = 0x7fefee10000 end_va = 0x7fefeee6fff monitored = 0 entry_point = 0x7fefee13274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 189 start_va = 0x7fefeef0000 end_va = 0x7feff0c6fff monitored = 0 entry_point = 0x7fefeef1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 190 start_va = 0x7feff0d0000 end_va = 0x7feff0d7fff monitored = 0 entry_point = 0x7feff0d1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 191 start_va = 0x7feff210000 end_va = 0x7feff261fff monitored = 0 entry_point = 0x7feff2110d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 192 start_va = 0x7feff270000 end_va = 0x7feff338fff monitored = 0 entry_point = 0x7feff2ea874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 193 start_va = 0x7feff340000 end_va = 0x7feff34dfff monitored = 0 entry_point = 0x7feff341080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 194 start_va = 0x7feff350000 end_va = 0x7feff3e8fff monitored = 0 entry_point = 0x7feff351c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 195 start_va = 0x7feff670000 end_va = 0x7feff6d6fff monitored = 0 entry_point = 0x7feff67b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 196 start_va = 0x7feff6e0000 end_va = 0x7feff750fff monitored = 0 entry_point = 0x7feff6f1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 197 start_va = 0x7feff770000 end_va = 0x7feff770fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 198 start_va = 0x7fffff80000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 199 start_va = 0x7fffff90000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 200 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 201 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 202 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 203 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 204 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 205 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 206 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 207 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 208 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 209 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 210 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 211 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 212 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 213 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 214 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 354 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 355 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 356 start_va = 0x4e0000 end_va = 0x4e4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 357 start_va = 0x26a0000 end_va = 0x2768fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 358 start_va = 0x7fefb340000 end_va = 0x7fefb36bfff monitored = 0 entry_point = 0x7fefb3415c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 479 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 480 start_va = 0x45f0000 end_va = 0x46f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045f0000" filename = "" Region: id = 481 start_va = 0x7fefd7a0000 end_va = 0x7fefd917fff monitored = 0 entry_point = 0x7fefd7a10e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 482 start_va = 0x7feff0e0000 end_va = 0x7feff209fff monitored = 0 entry_point = 0x7feff0e10d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 483 start_va = 0x7feff3f0000 end_va = 0x7feff648fff monitored = 0 entry_point = 0x7feff3f1340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 484 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 485 start_va = 0x45f0000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "70fa2300d7932ab901c19878bf109bdd9e078e96380879ca2ce2c3f9fc5c7665.docx.doce96380879ca2ce2c3f9fc5c7665doc" filename = "\\Users\\kEecfMwgj\\Desktop\\70fa2300d7932ab901c19878bf109bdd9e078e96380879ca2ce2c3f9fc5c7665.docx.doce96380879ca2ce2c3f9fc5c7665doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\70fa2300d7932ab901c19878bf109bdd9e078e96380879ca2ce2c3f9fc5c7665.docx.doce96380879ca2ce2c3f9fc5c7665doc") Region: id = 486 start_va = 0x4670000 end_va = 0x46effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~dfe3e2fbacf26880ff.tmp" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\~DFE3E2FBACF26880FF.TMP" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\~dfe3e2fbacf26880ff.tmp") Region: id = 487 start_va = 0x7fef4230000 end_va = 0x7fef4660fff monitored = 1 entry_point = 0x7fef43933cc region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 488 start_va = 0x7fef3d60000 end_va = 0x7fef4190fff monitored = 1 entry_point = 0x7fef3ec33cc region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 489 start_va = 0x7fef4230000 end_va = 0x7fef4660fff monitored = 1 entry_point = 0x7fef43933cc region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 490 start_va = 0x7fef3d60000 end_va = 0x7fef4190fff monitored = 1 entry_point = 0x7fef3ec33cc region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 491 start_va = 0x7fef4230000 end_va = 0x7fef4660fff monitored = 1 entry_point = 0x7fef43933cc region_type = mapped_file name = "vbe7.dll" filename = "\\PROGRA~1\\COMMON~1\\MICROS~1\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common~1\\micros~1\\vba\\vba7.1\\vbe7.dll") Region: id = 492 start_va = 0x4d0000 end_va = 0x4d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 493 start_va = 0x74f90000 end_va = 0x75061fff monitored = 0 entry_point = 0x74fb14e4 region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\System32\\msvcr100.dll" (normalized: "c:\\windows\\system32\\msvcr100.dll") Region: id = 494 start_va = 0x1d00000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 495 start_va = 0x1d00000 end_va = 0x1d01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d00000" filename = "" Region: id = 496 start_va = 0x1d30000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d30000" filename = "" Region: id = 497 start_va = 0x1d10000 end_va = 0x1d11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d10000" filename = "" Region: id = 498 start_va = 0x4f10000 end_va = 0x4fc6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 499 start_va = 0x6120000 end_va = 0x61a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariali.ttf" filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf") Region: id = 500 start_va = 0x85b0000 end_va = 0x9295fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 501 start_va = 0x7fef6950000 end_va = 0x7fef6a09fff monitored = 0 entry_point = 0x7fef6951040 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 502 start_va = 0x7fef52b0000 end_va = 0x7fef5303fff monitored = 0 entry_point = 0x7fef52b104c region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 503 start_va = 0x1d20000 end_va = 0x1d20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 504 start_va = 0x1d40000 end_va = 0x1d40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 505 start_va = 0x2170000 end_va = 0x2170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 506 start_va = 0x92a0000 end_va = 0x939ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092a0000" filename = "" Region: id = 507 start_va = 0x93a0000 end_va = 0x975ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093a0000" filename = "" Region: id = 508 start_va = 0x1d40000 end_va = 0x1d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 509 start_va = 0x2180000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 510 start_va = 0x2190000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 511 start_va = 0x77610000 end_va = 0x77612fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 512 start_va = 0x7fefadc0000 end_va = 0x7fefadcbfff monitored = 0 entry_point = 0x7fefadc1380 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 513 start_va = 0x7fef7690000 end_va = 0x7fef770ffff monitored = 0 entry_point = 0x7fef7694a8c region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 514 start_va = 0x7fefd190000 end_va = 0x7fefd1b2fff monitored = 0 entry_point = 0x7fefd191198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 515 start_va = 0x7fefad00000 end_va = 0x7fefad0efff monitored = 0 entry_point = 0x7fefad01040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 516 start_va = 0x1d40000 end_va = 0x1d40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d40000" filename = "" Region: id = 517 start_va = 0x2180000 end_va = 0x2180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002180000" filename = "" Region: id = 518 start_va = 0x7fefce00000 end_va = 0x7fefce21fff monitored = 0 entry_point = 0x7fefce05d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 519 start_va = 0x7fefc8d0000 end_va = 0x7fefc91bfff monitored = 0 entry_point = 0x7fefc8d7950 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 520 start_va = 0x7fefd2a0000 end_va = 0x7fefd330fff monitored = 0 entry_point = 0x7fefd2a1440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 521 start_va = 0x9760000 end_va = 0x9840fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msword.olb" filename = "\\Program Files\\Microsoft Office\\Office16\\MSWORD.OLB" (normalized: "c:\\program files\\microsoft office\\office16\\msword.olb") Region: id = 522 start_va = 0x9850000 end_va = 0xa04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009850000" filename = "" Region: id = 523 start_va = 0xa050000 end_va = 0xa2d0fff monitored = 1 entry_point = 0xa064c98 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 524 start_va = 0x7fef3f10000 end_va = 0x7fef419efff monitored = 1 entry_point = 0x7fef3f24c98 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 525 start_va = 0x2180000 end_va = 0x2181fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002180000" filename = "" Region: id = 526 start_va = 0x2190000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 527 start_va = 0x7fef7240000 end_va = 0x7fef7265fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vbe7intl.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\1033\\vbe7intl.dll") Region: id = 528 start_va = 0x21a0000 end_va = 0x21a9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normnfd.nls" filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls") Region: id = 529 start_va = 0xa050000 end_va = 0xb04ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a050000" filename = "" Region: id = 530 start_va = 0xb050000 end_va = 0xb0cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrf{f397c520-46b5-405b-8f48-03051000bf76}.tmp" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{F397C520-46B5-405B-8F48-03051000BF76}.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word\\~wrf{f397c520-46b5-405b-8f48-03051000bf76}.tmp") Region: id = 531 start_va = 0x21b0000 end_va = 0x21b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 532 start_va = 0x21c0000 end_va = 0x21c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 533 start_va = 0x21d0000 end_va = 0x21d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 534 start_va = 0x2670000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 535 start_va = 0x2770000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 536 start_va = 0x27b0000 end_va = 0x27b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 537 start_va = 0x27c0000 end_va = 0x27c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 538 start_va = 0x2850000 end_va = 0x2857fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 539 start_va = 0x2860000 end_va = 0x289ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 540 start_va = 0x28a0000 end_va = 0x28a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 541 start_va = 0x2b30000 end_va = 0x2b46fff monitored = 1 entry_point = 0x2c933cc region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 542 start_va = 0x2b50000 end_va = 0x2b53fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 543 start_va = 0xb0d0000 end_va = 0xb158fff monitored = 0 entry_point = 0xb0dcaf0 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 544 start_va = 0x3990000 end_va = 0x3993fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003990000" filename = "" Region: id = 545 start_va = 0x39a0000 end_va = 0x39a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039a0000" filename = "" Region: id = 546 start_va = 0x39b0000 end_va = 0x39b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039b0000" filename = "" Region: id = 547 start_va = 0x39c0000 end_va = 0x39c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039c0000" filename = "" Region: id = 548 start_va = 0x39d0000 end_va = 0x39d2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039d0000" filename = "" Region: id = 549 start_va = 0x3ce0000 end_va = 0x3ce7fff monitored = 1 entry_point = 0x3e433cc region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 550 start_va = 0x46f0000 end_va = 0x472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 551 start_va = 0xb160000 end_va = 0xb25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b160000" filename = "" Region: id = 552 start_va = 0x47d0000 end_va = 0x47d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 553 start_va = 0x47e0000 end_va = 0x47e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 554 start_va = 0x47f0000 end_va = 0x47f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 555 start_va = 0x4a30000 end_va = 0x4a33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 556 start_va = 0x4a40000 end_va = 0x4a43fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 557 start_va = 0x4fd0000 end_va = 0x4fd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fd0000" filename = "" Region: id = 558 start_va = 0x4fe0000 end_va = 0x4fe3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 559 start_va = 0x4ff0000 end_va = 0x4ff3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 560 start_va = 0x5000000 end_va = 0x5003fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 561 start_va = 0x5010000 end_va = 0x5013fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005010000" filename = "" Region: id = 562 start_va = 0x61b0000 end_va = 0x61b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061b0000" filename = "" Region: id = 563 start_va = 0x61c0000 end_va = 0x61c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061c0000" filename = "" Region: id = 564 start_va = 0x61d0000 end_va = 0x61d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061d0000" filename = "" Region: id = 565 start_va = 0x61e0000 end_va = 0x61e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061e0000" filename = "" Region: id = 566 start_va = 0xb3d0000 end_va = 0xb4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3d0000" filename = "" Region: id = 567 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 568 start_va = 0x7fef7210000 end_va = 0x7fef7237fff monitored = 0 entry_point = 0x7fef7211070 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 569 start_va = 0x7fefad80000 end_va = 0x7fefad97fff monitored = 0 entry_point = 0x7fefad81010 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 570 start_va = 0x7fef71d0000 end_va = 0x7fef7203fff monitored = 0 entry_point = 0x7fef71d1064 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll") Region: id = 571 start_va = 0xb260000 end_va = 0xb273fff monitored = 0 entry_point = 0xb261070 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 572 start_va = 0x7fef3d30000 end_va = 0x7fef3f03fff monitored = 0 entry_point = 0x7fef3d66b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 573 start_va = 0x61f0000 end_va = 0x61f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 574 start_va = 0xb2a0000 end_va = 0xb31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2a0000" filename = "" Region: id = 575 start_va = 0xb350000 end_va = 0xb3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b350000" filename = "" Region: id = 576 start_va = 0xb5d0000 end_va = 0xb64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 577 start_va = 0xb760000 end_va = 0xb7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b760000" filename = "" Region: id = 578 start_va = 0xb7f0000 end_va = 0xb86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b7f0000" filename = "" Region: id = 579 start_va = 0xb930000 end_va = 0xb9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b930000" filename = "" Region: id = 580 start_va = 0xba50000 end_va = 0xbacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ba50000" filename = "" Region: id = 581 start_va = 0xbad0000 end_va = 0xbecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bad0000" filename = "" Region: id = 582 start_va = 0xb280000 end_va = 0xb29afff monitored = 0 entry_point = 0xb2b6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 583 start_va = 0xb320000 end_va = 0xb321fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b320000" filename = "" Region: id = 584 start_va = 0xb330000 end_va = 0xb33ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 585 start_va = 0xb340000 end_va = 0xb347fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 586 start_va = 0xb4d0000 end_va = 0xb4dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 587 start_va = 0x7fefcab0000 end_va = 0x7fefcb0afff monitored = 0 entry_point = 0x7fefcab6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 588 start_va = 0xbfa0000 end_va = 0xc01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bfa0000" filename = "" Region: id = 589 start_va = 0x7fefae90000 end_va = 0x7fefaeb6fff monitored = 0 entry_point = 0x7fefae998bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 590 start_va = 0x7fefae80000 end_va = 0x7fefae8afff monitored = 0 entry_point = 0x7fefae81198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 591 start_va = 0xb4e0000 end_va = 0xb4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4e0000" filename = "" Region: id = 592 start_va = 0xb500000 end_va = 0xb507fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 593 start_va = 0x7fef6100000 end_va = 0x7fef6161fff monitored = 0 entry_point = 0x7fef6101198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 594 start_va = 0x7fef60e0000 end_va = 0x7fef60fbfff monitored = 0 entry_point = 0x7fef60e11a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 595 start_va = 0x7fefb420000 end_va = 0x7fefb430fff monitored = 0 entry_point = 0x7fefb4214c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 596 start_va = 0xb510000 end_va = 0xb510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b510000" filename = "" Region: id = 597 start_va = 0xc0b0000 end_va = 0xc1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c0b0000" filename = "" Region: id = 598 start_va = 0x7fefb320000 end_va = 0x7fefb328fff monitored = 0 entry_point = 0x7fefb3214b4 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 599 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 600 start_va = 0xc1c0000 end_va = 0xc2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c1c0000" filename = "" Region: id = 601 start_va = 0x7fefcc30000 end_va = 0x7fefcc84fff monitored = 0 entry_point = 0x7fefcc31054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 602 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 603 start_va = 0x7fefc630000 end_va = 0x7fefc636fff monitored = 0 entry_point = 0x7fefc6314b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 604 start_va = 0xc470000 end_va = 0xc56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c470000" filename = "" Region: id = 605 start_va = 0x7fefc740000 end_va = 0x7fefc75dfff monitored = 0 entry_point = 0x7fefc7413b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 606 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 607 start_va = 0x7fefca20000 end_va = 0x7fefca76fff monitored = 0 entry_point = 0x7fefca25e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 608 start_va = 0xc440000 end_va = 0xc44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c440000" filename = "" Region: id = 609 start_va = 0x7fef9150000 end_va = 0x7fef9157fff monitored = 0 entry_point = 0x7fef9151414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 610 start_va = 0x7fefcc20000 end_va = 0x7fefcc26fff monitored = 0 entry_point = 0x7fefcc2142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 611 start_va = 0x7fefa870000 end_va = 0x7fefa8c2fff monitored = 0 entry_point = 0x7fefa872b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 612 start_va = 0xc360000 end_va = 0xc3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c360000" filename = "" Region: id = 613 start_va = 0xc6e0000 end_va = 0xc7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c6e0000" filename = "" Region: id = 614 start_va = 0x7fefc890000 end_va = 0x7fefc899fff monitored = 0 entry_point = 0x7fefc893cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 615 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 616 start_va = 0x7fefce30000 end_va = 0x7fefce7ffff monitored = 0 entry_point = 0x7fefce311e0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 617 start_va = 0x7fefc720000 end_va = 0x7fefc73afff monitored = 0 entry_point = 0x7fefc722068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 984 start_va = 0xb520000 end_va = 0xb529fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 985 start_va = 0xb530000 end_va = 0xb545fff monitored = 0 entry_point = 0xb5acebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 986 start_va = 0xb260000 end_va = 0xb26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 987 start_va = 0xb270000 end_va = 0xb27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b270000" filename = "" Region: id = 988 start_va = 0xb280000 end_va = 0xb28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b280000" filename = "" Region: id = 989 start_va = 0xb290000 end_va = 0xb29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b290000" filename = "" Region: id = 990 start_va = 0xb530000 end_va = 0xb53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b530000" filename = "" Region: id = 991 start_va = 0xb540000 end_va = 0xb54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 992 start_va = 0xb550000 end_va = 0xb55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b550000" filename = "" Region: id = 993 start_va = 0xc7e0000 end_va = 0xcfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c7e0000" filename = "" Region: id = 994 start_va = 0xb260000 end_va = 0xb261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 995 start_va = 0xb270000 end_va = 0xb270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b270000" filename = "" Region: id = 996 start_va = 0xb280000 end_va = 0xb280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b280000" filename = "" Region: id = 997 start_va = 0xb650000 end_va = 0xb71bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 998 start_va = 0xbed0000 end_va = 0xbf96fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 999 start_va = 0xb290000 end_va = 0xb291fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b290000" filename = "" Region: id = 1000 start_va = 0xb530000 end_va = 0xb531fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b530000" filename = "" Region: id = 1001 start_va = 0xb540000 end_va = 0xb541fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 1002 start_va = 0xb550000 end_va = 0xb551fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b550000" filename = "" Region: id = 1003 start_va = 0xc570000 end_va = 0xc63dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 1004 start_va = 0xb870000 end_va = 0xb929fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 1005 start_va = 0xcfe0000 end_va = 0xd0dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cfe0000" filename = "" Region: id = 1006 start_va = 0xb560000 end_va = 0xb561fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b560000" filename = "" Region: id = 1007 start_va = 0xb570000 end_va = 0xb571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b570000" filename = "" Region: id = 1008 start_va = 0xb580000 end_va = 0xb581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b580000" filename = "" Region: id = 1009 start_va = 0xb590000 end_va = 0xb591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b590000" filename = "" Region: id = 1010 start_va = 0xb5a0000 end_va = 0xb5a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5a0000" filename = "" Region: id = 1011 start_va = 0xb5b0000 end_va = 0xb5b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5b0000" filename = "" Region: id = 1012 start_va = 0xb5c0000 end_va = 0xb5c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5c0000" filename = "" Region: id = 1013 start_va = 0xb720000 end_va = 0xb721fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b720000" filename = "" Region: id = 1014 start_va = 0xb730000 end_va = 0xb731fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b730000" filename = "" Region: id = 1015 start_va = 0xb740000 end_va = 0xb741fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b740000" filename = "" Region: id = 1016 start_va = 0xd0e0000 end_va = 0xd1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 1017 start_va = 0xb7e0000 end_va = 0xb7e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b7e0000" filename = "" Region: id = 1018 start_va = 0xb9c0000 end_va = 0xb9c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9c0000" filename = "" Region: id = 1019 start_va = 0xb9d0000 end_va = 0xba49fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 1020 start_va = 0x93a0000 end_va = 0x96a9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093a0000" filename = "" Region: id = 1021 start_va = 0x96c0000 end_va = 0x96c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000096c0000" filename = "" Region: id = 1022 start_va = 0x96d0000 end_va = 0x96d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000096d0000" filename = "" Region: id = 1023 start_va = 0xd210000 end_va = 0xd30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d210000" filename = "" Region: id = 1024 start_va = 0x7fef68f0000 end_va = 0x7fef6943fff monitored = 0 entry_point = 0x7fef690cecc region_type = mapped_file name = "msproof7.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\msproof7.dll" (normalized: "c:\\program files\\microsoft office\\office16\\msproof7.dll") Region: id = 1025 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1026 start_va = 0x96b0000 end_va = 0x96b0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "custom.dic" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic") Region: id = 1027 start_va = 0x7fef3c60000 end_va = 0x7fef3d2cfff monitored = 0 entry_point = 0x7fef3c69d9c region_type = mapped_file name = "msspell7.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\msspell7.dll" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\msspell7.dll") Region: id = 1028 start_va = 0x7fef2880000 end_va = 0x7fef290cfff monitored = 0 entry_point = 0x7fef28877b8 region_type = mapped_file name = "msgr8en.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\1033\\MSGR8EN.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\1033\\msgr8en.dll") Region: id = 1029 start_va = 0x7fef1d10000 end_va = 0x7fef1e97fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mssp7en.lex" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\MSSP7EN.LEX" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\mssp7en.lex") Region: id = 1030 start_va = 0x7fef1c70000 end_va = 0x7fef1d05fff monitored = 0 entry_point = 0x7fef1c8282c region_type = mapped_file name = "mscss7en.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\mscss7en.dll" (normalized: "c:\\program files\\microsoft office\\office16\\mscss7en.dll") Region: id = 1031 start_va = 0x96b0000 end_va = 0x96b0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "excludedictionaryen0409.lex" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\ExcludeDictionaryEN0409.lex" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\excludedictionaryen0409.lex") Region: id = 1032 start_va = 0x96b0000 end_va = 0x96b0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "excludedictionaryen0409.lex" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\ExcludeDictionaryEN0409.lex" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\excludedictionaryen0409.lex") Region: id = 1033 start_va = 0x96b0000 end_va = 0x96b0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "custom.dic" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic") Region: id = 1034 start_va = 0x7fef1bd0000 end_va = 0x7fef1c69fff monitored = 0 entry_point = 0x7fef1be4d8c region_type = mapped_file name = "css7data0009.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\CSS7DATA0009.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\css7data0009.dll") Region: id = 1035 start_va = 0xd310000 end_va = 0xd497fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mssp7en.lex" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\MSSP7EN.LEX" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\mssp7en.lex") Region: id = 1036 start_va = 0x7fee45a0000 end_va = 0x7fee4afbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nl7models0009.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\NL7MODELS0009.dll" (normalized: "c:\\program files\\microsoft office\\office16\\nl7models0009.dll") Region: id = 1037 start_va = 0x7fefb310000 end_va = 0x7fefb312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mscss7cm_en.dub" filename = "\\Program Files\\Microsoft Office\\Office16\\mscss7cm_en.dub" (normalized: "c:\\program files\\microsoft office\\office16\\mscss7cm_en.dub") Region: id = 1038 start_va = 0x7fef6b60000 end_va = 0x7fef6b7afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mscss7wre_en.dub" filename = "\\Program Files\\Microsoft Office\\Office16\\mscss7wre_en.dub" (normalized: "c:\\program files\\microsoft office\\office16\\mscss7wre_en.dub") Region: id = 1039 start_va = 0xd4a0000 end_va = 0xdca1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgr8en.lex" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\MSGR8EN.LEX" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\msgr8en.lex") Region: id = 1040 start_va = 0x96b0000 end_va = 0x96b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgr8en.dub" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\msgr8en.dub" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\msgr8en.dub") Region: id = 1041 start_va = 0xdcb0000 end_va = 0xec7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dcb0000" filename = "" Region: id = 1042 start_va = 0x96f0000 end_va = 0x96f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000096f0000" filename = "" Region: id = 1043 start_va = 0x9700000 end_va = 0x9700fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009700000" filename = "" Region: id = 1044 start_va = 0x9710000 end_va = 0x9710fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009710000" filename = "" Region: id = 1045 start_va = 0x9720000 end_va = 0x9720fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009720000" filename = "" Region: id = 1046 start_va = 0x9730000 end_va = 0x9731fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009730000" filename = "" Region: id = 1047 start_va = 0x9740000 end_va = 0x9740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009740000" filename = "" Region: id = 1048 start_va = 0x9750000 end_va = 0x9751fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009750000" filename = "" Region: id = 1049 start_va = 0xb260000 end_va = 0xb26ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b260000" filename = "" Region: id = 1050 start_va = 0x7fefb340000 end_va = 0x7fefb36bfff monitored = 0 entry_point = 0x7fefb3415c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1051 start_va = 0x7fef97a0000 end_va = 0x7fef97adfff monitored = 0 entry_point = 0x7fef97a5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1052 start_va = 0x7fef9a40000 end_va = 0x7fef9ab6fff monitored = 0 entry_point = 0x7fef9a7e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1053 start_va = 0x7fef94c0000 end_va = 0x7fef94d2fff monitored = 0 entry_point = 0x7fef94c1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1054 start_va = 0x7fef97e0000 end_va = 0x7fef98b2fff monitored = 0 entry_point = 0x7fef9858b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1055 start_va = 0x7fef97b0000 end_va = 0x7fef97d6fff monitored = 0 entry_point = 0x7fef97b11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1088 start_va = 0x96e0000 end_va = 0x96effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000096e0000" filename = "" Region: id = 1089 start_va = 0x7fef9df0000 end_va = 0x7fef9e53fff monitored = 0 entry_point = 0x7fef9df1254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1090 start_va = 0x7fef9e60000 end_va = 0x7fef9ed0fff monitored = 0 entry_point = 0x7fef9e61010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1091 start_va = 0x7fefa840000 end_va = 0x7fefa850fff monitored = 0 entry_point = 0x7fefa8416ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1092 start_va = 0x7fefa820000 end_va = 0x7fefa837fff monitored = 0 entry_point = 0x7fefa821bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1093 start_va = 0x7fef2ae0000 end_va = 0x7fef2bfefff monitored = 0 entry_point = 0x7fef2ae1048 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 1270 start_va = 0x2230000 end_va = 0x2230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 1271 start_va = 0xd0e0000 end_va = 0xd1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d0e0000" filename = "" Region: id = 1272 start_va = 0xed20000 end_va = 0xee1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ed20000" filename = "" Region: id = 1273 start_va = 0x7fef7650000 end_va = 0x7fef7675fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 1274 start_va = 0x7fef7620000 end_va = 0x7fef7645fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 1275 start_va = 0x2240000 end_va = 0x2265fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 1276 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1277 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1278 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1279 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1280 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1281 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1282 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1283 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1284 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1285 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1286 start_va = 0xc570000 end_va = 0xc670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c570000" filename = "" Region: id = 1287 start_va = 0x7fefb310000 end_va = 0x7fefb31cfff monitored = 0 entry_point = 0x7fefb31307c region_type = mapped_file name = "wordcnvpxy.cnv" filename = "\\Program Files\\Microsoft Office\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office16\\wordcnvpxy.cnv") Region: id = 1288 start_va = 0x7fefa370000 end_va = 0x7fefa37cfff monitored = 0 entry_point = 0x7fefa37307c region_type = mapped_file name = "wordcnvpxy.cnv" filename = "\\Program Files\\Microsoft Office\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office16\\wordcnvpxy.cnv") Region: id = 1289 start_va = 0x7fefb310000 end_va = 0x7fefb31efff monitored = 0 entry_point = 0x7fefb312f9c region_type = mapped_file name = "recovr32.cnv" filename = "\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\RECOVR32.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\recovr32.cnv") Region: id = 1290 start_va = 0x7fef7650000 end_va = 0x7fef7676fff monitored = 0 entry_point = 0x7fef765efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 1291 start_va = 0xc570000 end_va = 0xc670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c570000" filename = "" Region: id = 1292 start_va = 0x7fef7640000 end_va = 0x7fef7678fff monitored = 0 entry_point = 0x7fef7661a4c region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 1293 start_va = 0x7fef7610000 end_va = 0x7fef7636fff monitored = 0 entry_point = 0x7fef761efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 1294 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1295 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1296 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1297 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1298 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1299 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1300 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1301 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1302 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1303 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1304 start_va = 0xc570000 end_va = 0xc670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c570000" filename = "" Region: id = 1305 start_va = 0xc570000 end_va = 0xc670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c570000" filename = "" Region: id = 1306 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1307 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1308 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1309 start_va = 0x7fef7630000 end_va = 0x7fef767efff monitored = 0 entry_point = 0x7fef765bd6c region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 1310 start_va = 0x7fef7600000 end_va = 0x7fef7626fff monitored = 0 entry_point = 0x7fef760efac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 1311 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1312 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1313 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1314 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1315 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1316 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1317 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1318 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1319 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1320 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1321 start_va = 0xc570000 end_va = 0xc670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c570000" filename = "" Region: id = 1322 start_va = 0xc570000 end_va = 0xc670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c570000" filename = "" Region: id = 1323 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1324 start_va = 0xd390000 end_va = 0xd48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d390000" filename = "" Region: id = 1325 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 1326 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1327 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1328 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1329 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1330 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1331 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1332 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1333 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1334 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1335 start_va = 0x93a0000 end_va = 0x94a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093a0000" filename = "" Region: id = 1336 start_va = 0x93a0000 end_va = 0x94a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093a0000" filename = "" Region: id = 1337 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1338 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1339 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1340 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1341 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1342 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1343 start_va = 0x2240000 end_va = 0x2251fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 1344 start_va = 0x2240000 end_va = 0x2251fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 1345 start_va = 0x7fef9130000 end_va = 0x7fef914dfff monitored = 0 entry_point = 0x7fef9131318 region_type = mapped_file name = "hlink.dll" filename = "\\Windows\\System32\\hlink.dll" (normalized: "c:\\windows\\system32\\hlink.dll") Region: id = 1346 start_va = 0xee20000 end_va = 0xf242fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 1347 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1348 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1349 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1350 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1351 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1352 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1353 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1354 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1355 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1356 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1357 start_va = 0x93a0000 end_va = 0x94a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093a0000" filename = "" Region: id = 1358 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1359 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1360 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1361 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1362 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1363 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1364 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1365 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1366 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1367 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1368 start_va = 0x93a0000 end_va = 0x94a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093a0000" filename = "" Region: id = 1369 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1370 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1371 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1372 start_va = 0xee20000 end_va = 0xf242fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 1373 start_va = 0x93a0000 end_va = 0x952cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1374 start_va = 0x93a0000 end_va = 0x952cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1375 start_va = 0xee20000 end_va = 0xfe1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ee20000" filename = "" Region: id = 1376 start_va = 0x2240000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrd0001.tmp" filename = "\\Users\\kEecfMwgj\\Desktop\\~WRD0001.tmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\~wrd0001.tmp") Region: id = 1377 start_va = 0x2240000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrl0002.tmp2ab901c19878bf109bdd9e078e96380879ca2ce2c3f9fc5c7665.docx.doce96380879ca2ce2c3f9fc5c7665doc" filename = "\\Users\\kEecfMwgj\\Desktop\\~WRL0002.tmp2ab901c19878bf109bdd9e078e96380879ca2ce2c3f9fc5c7665.docx.doce96380879ca2ce2c3f9fc5c7665doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\~wrl0002.tmp2ab901c19878bf109bdd9e078e96380879ca2ce2c3f9fc5c7665.docx.doce96380879ca2ce2c3f9fc5c7665doc") Region: id = 1378 start_va = 0x39e0000 end_va = 0x3a5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~df7b76fa08f50449e0.tmp" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\~DF7B76FA08F50449E0.TMP" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\~df7b76fa08f50449e0.tmp") Region: id = 1379 start_va = 0xee20000 end_va = 0xfe1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ee20000" filename = "" Region: id = 1380 start_va = 0x3a60000 end_va = 0x3adffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrd0001.tmp" filename = "\\Users\\kEecfMwgj\\Desktop\\~WRD0001.tmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\~wrd0001.tmp") Region: id = 1381 start_va = 0x45f0000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~dfc15a6bbc44c7ffff.tmp" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\~DFC15A6BBC44C7FFFF.TMP" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\~dfc15a6bbc44c7ffff.tmp") Region: id = 1382 start_va = 0x2220000 end_va = 0x2220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1383 start_va = 0x7fefb5b0000 end_va = 0x7fefb5bbfff monitored = 0 entry_point = 0x7fefb5b18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Thread: id = 1 os_tid = 0x9d0 Thread: id = 2 os_tid = 0xa24 Thread: id = 3 os_tid = 0x9d4 Thread: id = 4 os_tid = 0x83c Thread: id = 5 os_tid = 0x840 Thread: id = 6 os_tid = 0x88c Thread: id = 7 os_tid = 0x858 Thread: id = 8 os_tid = 0x84c Thread: id = 9 os_tid = 0x848 Thread: id = 10 os_tid = 0x85c Thread: id = 11 os_tid = 0x9c4 Thread: id = 12 os_tid = 0x860 Thread: id = 13 os_tid = 0xb2c [0052.694] DispCallFunc (pvInstance=0x99202b0, oVft=0x38, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x137330) returned 0x0 [0052.694] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x7fef4231498, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x136df0 | out: lpThreadId=0x136df0*=0xa04) returned 0x6d4 [0052.698] PeekMessageA (in: lpMsg=0x136d90, hWnd=0x2033a, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x3 | out: lpMsg=0x136d90) returned 0 [0052.702] GetActiveWindow () returned 0x201f8 [0052.702] CRetailMalloc_Alloc () returned 0x9978660 [0052.702] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x47d0000 [0052.703] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="WScript.Shell", cbMultiByte=13, lpWideCharStr=0x47d00dc, cchWideChar=28 | out: lpWideCharStr="WScript.Shell") returned 13 [0052.704] realloc (_Block=0x0, _Size=0x200) returned 0x1d3bb10 [0052.704] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CreateObject") returned 0x108af8 [0052.704] strcpy_s (in: _Dst=0x135490, _DstSize=0xd, _Src="CreateObject" | out: _Dst="CreateObject") returned 0x0 [0052.704] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="CreateObject", cbMultiByte=13, lpWideCharStr=0x1352e0, cchWideChar=13 | out: lpWideCharStr="CreateObject") returned 13 [0052.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateObject", cchWideChar=-1, lpMultiByteStr=0x135490, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateObject", lpUsedDefaultChar=0x0) returned 13 [0052.704] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CreateObject") returned 0x108af8 [0052.704] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="CreateObject", cbMultiByte=13, lpWideCharStr=0x135410, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13 [0052.704] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="CreateObject", cbMultiByte=13, lpWideCharStr=0x135570, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13 [0052.704] memcpy (in: _Dst=0x9938520, _Src=0x7fef45fa8e0, _Size=0x14 | out: _Dst=0x9938520) returned 0x9938520 [0052.704] memcpy (in: _Dst=0x9938518, _Src=0x7fef45fa930, _Size=0x58 | out: _Dst=0x9938518) returned 0x9938518 [0052.704] memcpy (in: _Dst=0x9938570, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9938570) returned 0x9938570 [0052.705] memcpy (in: _Dst=0x9938570, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x9938570) returned 0x9938570 [0052.705] memcpy (in: _Dst=0x9938590, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9938590) returned 0x9938590 [0052.705] memcpy (in: _Dst=0x9938590, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x9938590) returned 0x9938590 [0052.705] SysStringByteLen (bstr="") returned 0x0 [0052.705] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x1352a0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0052.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=0, lpWideCharStr=0x47d028c, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0052.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.706] strcpy_s (in: _Dst=0x9972d10, _DstSize=0x9, _Src="VBE7.DLL" | out: _Dst="VBE7.DLL") returned 0x0 [0052.706] CRetailMalloc_Alloc () returned 0x9978e80 [0052.706] CRetailMalloc_GetSize () returned 0x26d [0052.706] CRetailMalloc_GetSize () returned 0x26d [0052.706] CRetailMalloc_GetSize () returned 0x26d [0052.706] GetCurrentProcess () returned 0xffffffffffffffff [0052.706] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x9978e80, dwSize=0x4b) returned 1 [0052.706] CRetailMalloc_Free () returned 0x39d87101 [0052.707] memcpy (in: _Dst=0x9972d68, _Src=0x134f70, _Size=0x84 | out: _Dst=0x9972d68) returned 0x9972d68 [0052.707] CRetailMalloc_Alloc () returned 0x9978e80 [0052.707] memcpy (in: _Dst=0x9978f98, _Src=0x9978e98, _Size=0x0 | out: _Dst=0x9978f98) returned 0x9978f98 [0052.707] memcpy (in: _Dst=0x68d54b8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d54b8) returned 0x68d54b8 [0052.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Templates", cbMultiByte=9, lpWideCharStr=0x47d094a, cchWideChar=20 | out: lpWideCharStr="Templates") returned 9 [0052.707] memcpy (in: _Dst=0x68d54d0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d54d0) returned 0x68d54d0 [0052.707] memcpy (in: _Dst=0x68d54e8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d54e8) returned 0x68d54e8 [0052.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="SpecialFolders", cbMultiByte=16, lpWideCharStr=0x135390, cchWideChar=15 | out: lpWideCharStr="SpecialFolders") returned 0 [0052.707] wcscpy_s (in: _Destination=0x9972e18, _SizeInWords=0xf, _Source="SpecialFolders" | out: _Destination="SpecialFolders") returned 0x0 [0052.707] _mbscpy_s (in: _Dst=0x135990, _DstSizeInBytes=0x4, _Src=0x28a2c1a | out: _Dst=0x135990) returned 0x0 [0052.707] _mbscpy_s (in: _Dst=0x135990, _DstSizeInBytes=0x4, _Src=0x28a2c3e | out: _Dst=0x135990) returned 0x0 [0052.708] _mbscpy_s (in: _Dst=0x135990, _DstSizeInBytes=0x4, _Src=0x28a2c62 | out: _Dst=0x135990) returned 0x0 [0052.708] _mbscpy_s (in: _Dst=0x135990, _DstSizeInBytes=0x4, _Src=0x28a2c86 | out: _Dst=0x135990) returned 0x0 [0052.708] _mbscpy_s (in: _Dst=0x135990, _DstSizeInBytes=0x4, _Src=0x28a2caa | out: _Dst=0x135990) returned 0x0 [0052.708] _mbscpy_s (in: _Dst=0x135990, _DstSizeInBytes=0x4, _Src=0x28a2cf2 | out: _Dst=0x135990) returned 0x0 [0052.708] _mbscpy_s (in: _Dst=0x135990, _DstSizeInBytes=0x4, _Src=0x28a2d16 | out: _Dst=0x135990) returned 0x0 [0052.708] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="wdColorBlack") returned 0x104433 [0052.708] strcpy_s (in: _Dst=0x135490, _DstSize=0xd, _Src="wdColorBlack" | out: _Dst="wdColorBlack") returned 0x0 [0052.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wdColorBlack", cbMultiByte=13, lpWideCharStr=0x1352e0, cchWideChar=13 | out: lpWideCharStr="wdColorBlack") returned 13 [0052.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wdColorBlack", cchWideChar=-1, lpMultiByteStr=0x135490, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wdColorBlack", lpUsedDefaultChar=0x0) returned 13 [0052.708] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="wdColorBlack") returned 0x104433 [0052.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wdColorBlack", cbMultiByte=13, lpWideCharStr=0x135410, cchWideChar=14 | out: lpWideCharStr="wdColorBlack") returned 13 [0052.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wdColorBlack", cbMultiByte=13, lpWideCharStr=0x135570, cchWideChar=14 | out: lpWideCharStr="wdColorBlack") returned 13 [0052.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wdColorBlack", cbMultiByte=13, lpWideCharStr=0x135570, cchWideChar=14 | out: lpWideCharStr="wdColorBlack") returned 13 [0052.709] memcpy (in: _Dst=0x69d9990, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x69d9990) returned 0x69d9990 [0052.709] memcpy (in: _Dst=0x69d99a8, _Src=0x7fef45fa8e0, _Size=0x14 | out: _Dst=0x69d99a8) returned 0x69d99a8 [0052.709] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0052.709] strcpy_s (in: _Dst=0x135490, _DstSize=0xf, _Src="ActiveDocument" | out: _Dst="ActiveDocument") returned 0x0 [0052.709] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ActiveDocument", cbMultiByte=15, lpWideCharStr=0x1352e0, cchWideChar=15 | out: lpWideCharStr="ActiveDocument") returned 15 [0052.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ActiveDocument", cchWideChar=-1, lpMultiByteStr=0x135490, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ActiveDocument", lpUsedDefaultChar=0x0) returned 15 [0052.710] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ActiveDocument") returned 0x105cd3 [0052.710] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ActiveDocument", cbMultiByte=15, lpWideCharStr=0x135410, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0052.710] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ActiveDocument", cbMultiByte=15, lpWideCharStr=0x135570, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0052.710] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ActiveDocument", cbMultiByte=15, lpWideCharStr=0x135570, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0052.711] memcpy (in: _Dst=0x69d99c8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x69d99c8) returned 0x69d99c8 [0052.711] memcpy (in: _Dst=0x69d99e0, _Src=0x7fef45fa8e0, _Size=0x14 | out: _Dst=0x69d99e0) returned 0x69d99e0 [0052.713] CRetailMalloc_Alloc () returned 0x6a53c40 [0052.714] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="ActiveDocument", cbMultiByte=15, lpWideCharStr=0x135470, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15 [0052.714] memcpy (in: _Dst=0x69d9a08, _Src=0x7fef45fa8e0, _Size=0x14 | out: _Dst=0x69d9a08) returned 0x69d9a08 [0052.714] memcpy (in: _Dst=0x69d9a00, _Src=0x7fef45fa930, _Size=0x58 | out: _Dst=0x69d9a00) returned 0x69d9a00 [0052.714] memcpy (in: _Dst=0x69d9a58, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x69d9a58) returned 0x69d9a58 [0052.714] memcpy (in: _Dst=0x69d9a58, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x69d9a58) returned 0x69d9a58 [0052.716] CRetailMalloc_Alloc () returned 0x9973350 [0052.717] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.717] CRetailMalloc_GetSize () returned 0x26d [0052.717] CRetailMalloc_GetSize () returned 0x26d [0052.717] GetCurrentProcess () returned 0xffffffffffffffff [0052.717] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x4c) returned 1 [0052.717] CRetailMalloc_Free () returned 0x39d87101 [0052.717] memcpy (in: _Dst=0x68d5500, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5500) returned 0x68d5500 [0052.717] CRetailMalloc_Alloc () returned 0x6a53c80 [0052.718] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Range", cbMultiByte=6, lpWideCharStr=0x1354c0, cchWideChar=7 | out: lpWideCharStr="Range") returned 6 [0052.718] memcpy (in: _Dst=0x68d5800, _Src=0x7fef45fa8e0, _Size=0x14 | out: _Dst=0x68d5800) returned 0x68d5800 [0052.718] memcpy (in: _Dst=0x68d57f8, _Src=0x7fef45fa930, _Size=0x58 | out: _Dst=0x68d57f8) returned 0x68d57f8 [0052.718] memcpy (in: _Dst=0x68d5850, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5850) returned 0x68d5850 [0052.718] memcpy (in: _Dst=0x68d5850, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x68d5850) returned 0x68d5850 [0052.718] memcpy (in: _Dst=0x68d5870, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5870) returned 0x68d5870 [0052.718] memcpy (in: _Dst=0x68d5870, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x68d5870) returned 0x68d5870 [0052.718] memcpy (in: _Dst=0x68d5890, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5890) returned 0x68d5890 [0052.718] memcpy (in: _Dst=0x68d5890, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x68d5890) returned 0x68d5890 [0052.719] memcpy (in: _Dst=0x68d5518, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5518) returned 0x68d5518 [0052.719] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.719] CRetailMalloc_GetSize () returned 0x26d [0052.719] CRetailMalloc_GetSize () returned 0x26d [0052.719] CRetailMalloc_GetSize () returned 0x26d [0052.719] CRetailMalloc_GetSize () returned 0x26d [0052.719] GetCurrentProcess () returned 0xffffffffffffffff [0052.719] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x5c) returned 1 [0052.720] CRetailMalloc_Free () returned 0x39d87101 [0052.720] memcpy (in: _Dst=0x68d5530, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5530) returned 0x68d5530 [0052.720] CRetailMalloc_Alloc () returned 0x6a53cc0 [0052.720] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Font", cbMultiByte=5, lpWideCharStr=0x1354c0, cchWideChar=6 | out: lpWideCharStr="Font") returned 5 [0052.720] memcpy (in: _Dst=0x68d58c8, _Src=0x7fef45fa8e0, _Size=0x14 | out: _Dst=0x68d58c8) returned 0x68d58c8 [0052.720] memcpy (in: _Dst=0x68d58c0, _Src=0x7fef45fa930, _Size=0x58 | out: _Dst=0x68d58c0) returned 0x68d58c0 [0052.721] memcpy (in: _Dst=0x68d5918, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5918) returned 0x68d5918 [0052.721] memcpy (in: _Dst=0x68d5918, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x68d5918) returned 0x68d5918 [0052.722] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.722] CRetailMalloc_GetSize () returned 0x26d [0052.722] CRetailMalloc_GetSize () returned 0x26d [0052.722] GetCurrentProcess () returned 0xffffffffffffffff [0052.722] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x4c) returned 1 [0052.722] CRetailMalloc_Free () returned 0x39d87101 [0052.722] CRetailMalloc_Alloc () returned 0x99735a0 [0052.722] memcpy (in: _Dst=0x68d5548, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5548) returned 0x68d5548 [0052.722] CRetailMalloc_Alloc () returned 0x6a53d00 [0052.723] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Color", cbMultiByte=6, lpWideCharStr=0x1354c0, cchWideChar=7 | out: lpWideCharStr="Color") returned 6 [0052.723] memcpy (in: _Dst=0x68d5950, _Src=0x7fef45fa8e0, _Size=0x14 | out: _Dst=0x68d5950) returned 0x68d5950 [0052.723] memcpy (in: _Dst=0x68d5948, _Src=0x7fef45fa930, _Size=0x58 | out: _Dst=0x68d5948) returned 0x68d5948 [0052.723] memcpy (in: _Dst=0x68d59a0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d59a0) returned 0x68d59a0 [0052.723] memcpy (in: _Dst=0x68d59a0, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x68d59a0) returned 0x68d59a0 [0052.724] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.724] CRetailMalloc_GetSize () returned 0x26d [0052.724] CRetailMalloc_GetSize () returned 0x26d [0052.724] GetCurrentProcess () returned 0xffffffffffffffff [0052.724] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x4c) returned 1 [0052.724] CRetailMalloc_Free () returned 0x39d87101 [0052.724] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="microsoft.xmlhttp", cbMultiByte=17, lpWideCharStr=0x47d29e2, cchWideChar=36 | out: lpWideCharStr="microsoft.xmlhttp") returned 17 [0052.724] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=0, lpWideCharStr=0x47d2b9a, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0052.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.726] _mbscpy_s (in: _Dst=0x135990, _DstSizeInBytes=0x7, _Src=0x28a2e12 | out: _Dst=0x135990) returned 0x0 [0052.726] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Chr") returned 0x107e4b [0052.726] strcpy_s (in: _Dst=0x135490, _DstSize=0x4, _Src="Chr" | out: _Dst="Chr") returned 0x0 [0052.726] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Chr", cbMultiByte=4, lpWideCharStr=0x1352e0, cchWideChar=4 | out: lpWideCharStr="Chr") returned 4 [0052.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Chr", cchWideChar=-1, lpMultiByteStr=0x135490, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chr", lpUsedDefaultChar=0x0) returned 4 [0052.727] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Chr") returned 0x107e4b [0052.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Chr", cbMultiByte=4, lpWideCharStr=0x135410, cchWideChar=5 | out: lpWideCharStr="Chr") returned 4 [0052.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Chr", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="Chr") returned 4 [0052.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Chr", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="Chr") returned 4 [0052.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Chr", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="Chr") returned 4 [0052.727] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Chr") returned 0x107e4b [0052.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Chr", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="Chr") returned 4 [0052.727] CRetailMalloc_Alloc () returned 0x993a650 [0052.727] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.727] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.727] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.727] strcpy_s (in: _Dst=0x135680, _DstSize=0xb, _Src="_B_var_Chr" | out: _Dst="_B_var_Chr") returned 0x0 [0052.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="_B_var_Chr", cbMultiByte=11, lpWideCharStr=0x1354d0, cchWideChar=11 | out: lpWideCharStr="_B_var_Chr") returned 11 [0052.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_B_var_Chr", cchWideChar=-1, lpMultiByteStr=0x135680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_B_var_Chr", lpUsedDefaultChar=0x0) returned 11 [0052.728] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.728] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="_B_var_Chr", cbMultiByte=11, lpWideCharStr=0x135530, cchWideChar=12 | out: lpWideCharStr="_B_var_Chr") returned 11 [0052.729] memcpy (in: _Dst=0x9981280, _Src=0x7fef45fa8e0, _Size=0x14 | out: _Dst=0x9981280) returned 0x9981280 [0052.729] memcpy (in: _Dst=0x9981278, _Src=0x7fef45fa930, _Size=0x58 | out: _Dst=0x9981278) returned 0x9981278 [0052.729] memcpy (in: _Dst=0x99812d0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x99812d0) returned 0x99812d0 [0052.729] memcpy (in: _Dst=0x99812d0, _Src=0x7fef45fb468, _Size=0x20 | out: _Dst=0x99812d0) returned 0x99812d0 [0052.729] CRetailMalloc_Free () returned 0x700500301 [0052.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.729] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.729] CRetailMalloc_GetSize () returned 0x26d [0052.730] CRetailMalloc_GetSize () returned 0x26d [0052.730] GetCurrentProcess () returned 0xffffffffffffffff [0052.730] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x43) returned 1 [0052.730] CRetailMalloc_Free () returned 0x39d87101 [0052.730] CRetailMalloc_Alloc () returned 0x99737f0 [0052.730] memcpy (in: _Dst=0x9973818, _Src=0x134f70, _Size=0x7c | out: _Dst=0x9973818) returned 0x9973818 [0052.730] CRetailMalloc_Alloc () returned 0x993a650 [0052.730] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.730] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.730] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.730] CRetailMalloc_Free () returned 0x800500301 [0052.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.730] memcpy (in: _Dst=0x68d5560, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5560) returned 0x68d5560 [0052.731] CRetailMalloc_Alloc () returned 0x993a650 [0052.731] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.731] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.731] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.731] CRetailMalloc_Free () returned 0x900500301 [0052.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.731] memcpy (in: _Dst=0x68d5578, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5578) returned 0x68d5578 [0052.731] memcpy (in: _Dst=0x68d5590, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d5590) returned 0x68d5590 [0052.731] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x47e0000 [0052.731] CRetailMalloc_Alloc () returned 0x993a650 [0052.731] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.731] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.731] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.732] CRetailMalloc_Free () returned 0xa00500301 [0052.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.732] memcpy (in: _Dst=0x68d55a8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d55a8) returned 0x68d55a8 [0052.732] memcpy (in: _Dst=0x68d55c0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d55c0) returned 0x68d55c0 [0052.732] CRetailMalloc_Alloc () returned 0x993a650 [0052.732] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.732] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.732] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.732] CRetailMalloc_Free () returned 0xb00500301 [0052.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.732] memcpy (in: _Dst=0x68d55d8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x68d55d8) returned 0x68d55d8 [0052.733] memcpy (in: _Dst=0x9981ac0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981ac0) returned 0x9981ac0 [0052.733] CRetailMalloc_Alloc () returned 0x993a650 [0052.733] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.733] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.733] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.733] CRetailMalloc_Free () returned 0xc00500301 [0052.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.733] memcpy (in: _Dst=0x9981ad8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981ad8) returned 0x9981ad8 [0052.733] memcpy (in: _Dst=0x9981af0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981af0) returned 0x9981af0 [0052.733] CRetailMalloc_Alloc () returned 0x993a650 [0052.733] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.733] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.733] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.733] CRetailMalloc_Free () returned 0xd00500301 [0052.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.734] memcpy (in: _Dst=0x9981b08, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981b08) returned 0x9981b08 [0052.734] memcpy (in: _Dst=0x9981b20, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981b20) returned 0x9981b20 [0052.734] CRetailMalloc_Alloc () returned 0x993a650 [0052.734] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.734] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.734] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.734] CRetailMalloc_Free () returned 0xe00500301 [0052.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.734] memcpy (in: _Dst=0x9981b38, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981b38) returned 0x9981b38 [0052.734] memcpy (in: _Dst=0x9981b50, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981b50) returned 0x9981b50 [0052.734] CRetailMalloc_Alloc () returned 0x993a650 [0052.735] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.735] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.735] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.735] CRetailMalloc_Free () returned 0xf00500301 [0052.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.735] memcpy (in: _Dst=0x9981b68, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981b68) returned 0x9981b68 [0052.735] memcpy (in: _Dst=0x9981b80, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981b80) returned 0x9981b80 [0052.735] CRetailMalloc_Alloc () returned 0x993a650 [0052.735] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.735] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.735] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.736] CRetailMalloc_Free () returned 0x1000500301 [0052.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.736] memcpy (in: _Dst=0x9981b98, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981b98) returned 0x9981b98 [0052.736] memcpy (in: _Dst=0x9981bb0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981bb0) returned 0x9981bb0 [0052.736] CRetailMalloc_Alloc () returned 0x993a650 [0052.736] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.736] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.736] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.737] CRetailMalloc_Free () returned 0x1100500301 [0052.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.737] memcpy (in: _Dst=0x9981bc8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981bc8) returned 0x9981bc8 [0052.737] memcpy (in: _Dst=0x9981be0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981be0) returned 0x9981be0 [0052.737] CRetailMalloc_Alloc () returned 0x993a650 [0052.737] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.737] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.737] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.737] CRetailMalloc_Free () returned 0x1200500301 [0052.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.738] memcpy (in: _Dst=0x9981bf8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981bf8) returned 0x9981bf8 [0052.738] memcpy (in: _Dst=0x9981c10, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981c10) returned 0x9981c10 [0052.738] CRetailMalloc_Alloc () returned 0x993a650 [0052.738] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.738] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.738] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.738] CRetailMalloc_Free () returned 0x1300500301 [0052.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.738] memcpy (in: _Dst=0x9981c28, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981c28) returned 0x9981c28 [0052.738] memcpy (in: _Dst=0x9981c40, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981c40) returned 0x9981c40 [0052.738] CRetailMalloc_Alloc () returned 0x993a650 [0052.738] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.738] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.738] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.739] CRetailMalloc_Free () returned 0x1400500301 [0052.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.739] memcpy (in: _Dst=0x9981c58, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981c58) returned 0x9981c58 [0052.739] memcpy (in: _Dst=0x9981c70, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981c70) returned 0x9981c70 [0052.739] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x47f0000 [0052.739] CRetailMalloc_Alloc () returned 0x993a650 [0052.739] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.739] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.739] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.739] CRetailMalloc_Free () returned 0x1500500301 [0052.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.740] memcpy (in: _Dst=0x9981c88, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981c88) returned 0x9981c88 [0052.740] memcpy (in: _Dst=0x9981ca0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981ca0) returned 0x9981ca0 [0052.740] CRetailMalloc_Alloc () returned 0x993a650 [0052.740] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.740] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.740] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.740] CRetailMalloc_Free () returned 0x1600500301 [0052.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.740] memcpy (in: _Dst=0x9981cb8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981cb8) returned 0x9981cb8 [0052.740] memcpy (in: _Dst=0x9981cd0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981cd0) returned 0x9981cd0 [0052.740] CRetailMalloc_Alloc () returned 0x993a650 [0052.740] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.740] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.740] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.741] CRetailMalloc_Free () returned 0x1700500301 [0052.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.741] memcpy (in: _Dst=0x9981ce8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981ce8) returned 0x9981ce8 [0052.741] memcpy (in: _Dst=0x9981d00, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981d00) returned 0x9981d00 [0052.741] memcpy (in: _Dst=0x9981d18, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981d18) returned 0x9981d18 [0052.741] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=0, lpWideCharStr=0x47f3c9c, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0052.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.742] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4a30000 [0052.742] CRetailMalloc_Alloc () returned 0x993a650 [0052.742] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.742] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.742] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.742] CRetailMalloc_Free () returned 0x1800500301 [0052.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.743] CRetailMalloc_Alloc () returned 0x993a650 [0052.743] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.743] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.743] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.743] CRetailMalloc_Free () returned 0x1900500301 [0052.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.743] CRetailMalloc_Alloc () returned 0x993a650 [0052.743] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.743] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.743] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.743] CRetailMalloc_Free () returned 0x1a00500301 [0052.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.744] CRetailMalloc_Alloc () returned 0x993a650 [0052.744] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.744] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.744] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.744] CRetailMalloc_Free () returned 0x1b00500301 [0052.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.744] CRetailMalloc_Alloc () returned 0x993a650 [0052.744] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.744] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.744] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.745] CRetailMalloc_Free () returned 0x1c00500301 [0052.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.745] CRetailMalloc_Alloc () returned 0x993a650 [0052.745] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.745] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.745] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.745] CRetailMalloc_Free () returned 0x1d00500301 [0052.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.746] CRetailMalloc_Alloc () returned 0x993a650 [0052.746] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.746] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.746] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.746] CRetailMalloc_Free () returned 0x1e00500301 [0052.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.746] CRetailMalloc_Alloc () returned 0x993a650 [0052.746] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.746] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.746] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.746] CRetailMalloc_Free () returned 0x1f00500301 [0052.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.747] CRetailMalloc_Alloc () returned 0x993a650 [0052.747] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.747] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.747] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.747] CRetailMalloc_Free () returned 0x2000500301 [0052.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.747] CRetailMalloc_Alloc () returned 0x993a650 [0052.747] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.747] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.747] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.748] CRetailMalloc_Free () returned 0x2100500301 [0052.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.748] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4a40000 [0052.748] CRetailMalloc_Alloc () returned 0x993a650 [0052.748] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.748] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.748] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.748] CRetailMalloc_Free () returned 0x2200500301 [0052.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.749] CRetailMalloc_Alloc () returned 0x993a650 [0052.749] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.749] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.749] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.749] CRetailMalloc_Free () returned 0x2300500301 [0052.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.749] CRetailMalloc_Alloc () returned 0x993a650 [0052.749] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.749] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.749] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.750] CRetailMalloc_Free () returned 0x2400500301 [0052.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.750] CRetailMalloc_Alloc () returned 0x993a650 [0052.750] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.750] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.750] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.750] CRetailMalloc_Free () returned 0x2500500301 [0052.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.751] CRetailMalloc_Alloc () returned 0x993a650 [0052.751] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.751] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.751] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.751] CRetailMalloc_Free () returned 0x2600500301 [0052.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.751] CRetailMalloc_Alloc () returned 0x993a650 [0052.751] _mbscpy_s (in: _Dst=0x993a650, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x993a650) returned 0x0 [0052.751] memcpy (in: _Dst=0x993a657, _Src=0x993a650, _Size=0x4 | out: _Dst=0x993a657) returned 0x993a657 [0052.751] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.751] CRetailMalloc_Free () returned 0x2700500301 [0052.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.752] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4fd0000 [0052.752] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.752] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.752] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.752] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.752] CRetailMalloc_Free () returned 0x6106b201140001 [0052.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.753] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.753] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.753] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.753] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.753] CRetailMalloc_Free () returned 0x6106b301140001 [0052.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.753] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.753] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.753] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.753] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.753] CRetailMalloc_Free () returned 0x6106b401140001 [0052.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.754] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.754] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.754] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.754] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.754] CRetailMalloc_Free () returned 0x6106b501140001 [0052.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.754] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.754] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.754] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.754] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.755] CRetailMalloc_Free () returned 0x6106b601140001 [0052.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.755] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.755] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.755] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.755] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.755] CRetailMalloc_Free () returned 0x6106b701140001 [0052.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.756] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.756] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.756] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.756] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.756] CRetailMalloc_Free () returned 0x6106b801140001 [0052.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.756] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.756] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.756] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.756] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.756] CRetailMalloc_Free () returned 0x6106b901140001 [0052.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.757] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.757] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.757] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.757] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.757] CRetailMalloc_Free () returned 0x6106ba01140001 [0052.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.757] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.757] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.757] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.757] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.758] CRetailMalloc_Free () returned 0x6106bb01140001 [0052.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.758] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4fe0000 [0052.758] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.758] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.758] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.758] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.758] CRetailMalloc_Free () returned 0x6106bc01140001 [0052.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.759] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.759] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.759] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.759] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.759] CRetailMalloc_Free () returned 0x6106bd01140001 [0052.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.759] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.759] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.759] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.759] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.759] CRetailMalloc_Free () returned 0x6106be01140001 [0052.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.760] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.760] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.760] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.760] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.760] CRetailMalloc_Free () returned 0x6106bf01140001 [0052.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.760] memcpy (in: _Dst=0x9981d30, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981d30) returned 0x9981d30 [0052.760] memcpy (in: _Dst=0x9981d48, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981d48) returned 0x9981d48 [0052.760] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.760] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.761] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.761] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.761] CRetailMalloc_Free () returned 0x6106c001140001 [0052.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.761] memcpy (in: _Dst=0x9981d60, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981d60) returned 0x9981d60 [0052.761] memcpy (in: _Dst=0x9981d78, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981d78) returned 0x9981d78 [0052.761] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.761] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.761] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.761] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.761] CRetailMalloc_Free () returned 0x6106c101140001 [0052.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.762] memcpy (in: _Dst=0x9981d90, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981d90) returned 0x9981d90 [0052.762] memcpy (in: _Dst=0x9981da8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981da8) returned 0x9981da8 [0052.762] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.762] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.762] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.762] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.762] CRetailMalloc_Free () returned 0x6106c201140001 [0052.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.763] memcpy (in: _Dst=0x9981dc0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981dc0) returned 0x9981dc0 [0052.763] memcpy (in: _Dst=0x9981dd8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981dd8) returned 0x9981dd8 [0052.763] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.763] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.763] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.763] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.763] CRetailMalloc_Free () returned 0x6106c301140001 [0052.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.764] memcpy (in: _Dst=0x9981df0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981df0) returned 0x9981df0 [0052.764] memcpy (in: _Dst=0x9981e08, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981e08) returned 0x9981e08 [0052.764] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.764] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.764] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.764] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.764] CRetailMalloc_Free () returned 0x6106c401140001 [0052.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.764] memcpy (in: _Dst=0x9981e20, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981e20) returned 0x9981e20 [0052.764] memcpy (in: _Dst=0x9981e38, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981e38) returned 0x9981e38 [0052.765] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.765] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.765] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.765] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.765] CRetailMalloc_Free () returned 0x6106c501140001 [0052.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.765] memcpy (in: _Dst=0x9981e50, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981e50) returned 0x9981e50 [0052.765] memcpy (in: _Dst=0x9981e68, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981e68) returned 0x9981e68 [0052.765] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.765] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.765] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.765] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.766] CRetailMalloc_Free () returned 0x6106c601140001 [0052.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.766] memcpy (in: _Dst=0x9981e80, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981e80) returned 0x9981e80 [0052.766] memcpy (in: _Dst=0x9981e98, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x9981e98) returned 0x9981e98 [0052.766] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4ff0000 [0052.766] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.766] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.766] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.766] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.766] CRetailMalloc_Free () returned 0x6106c701140001 [0052.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.767] memcpy (in: _Dst=0x4d25f50, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d25f50) returned 0x4d25f50 [0052.767] memcpy (in: _Dst=0x4d25f68, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d25f68) returned 0x4d25f68 [0052.767] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.767] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.767] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.767] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.767] CRetailMalloc_Free () returned 0x6106c801140001 [0052.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.769] memcpy (in: _Dst=0x4d25f80, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d25f80) returned 0x4d25f80 [0052.769] memcpy (in: _Dst=0x4d25f98, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d25f98) returned 0x4d25f98 [0052.769] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.770] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.770] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.770] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.770] CRetailMalloc_Free () returned 0x6106c901140001 [0052.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.770] memcpy (in: _Dst=0x4d25fb0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d25fb0) returned 0x4d25fb0 [0052.770] memcpy (in: _Dst=0x4d25fc8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d25fc8) returned 0x4d25fc8 [0052.770] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.770] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.770] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.770] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.770] CRetailMalloc_Free () returned 0x6106ca01140001 [0052.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.771] memcpy (in: _Dst=0x4d25fe0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d25fe0) returned 0x4d25fe0 [0052.771] memcpy (in: _Dst=0x4d25ff8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d25ff8) returned 0x4d25ff8 [0052.771] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.771] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.771] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.771] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.771] CRetailMalloc_Free () returned 0x6106cb01140001 [0052.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.771] memcpy (in: _Dst=0x4d26010, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26010) returned 0x4d26010 [0052.771] memcpy (in: _Dst=0x4d26028, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26028) returned 0x4d26028 [0052.771] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.772] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.772] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.772] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.772] CRetailMalloc_Free () returned 0x6106cc01140001 [0052.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.772] memcpy (in: _Dst=0x4d26040, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26040) returned 0x4d26040 [0052.772] memcpy (in: _Dst=0x4d26058, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26058) returned 0x4d26058 [0052.772] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.772] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.772] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.772] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.772] CRetailMalloc_Free () returned 0x6106cd01140001 [0052.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.773] memcpy (in: _Dst=0x4d26070, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26070) returned 0x4d26070 [0052.773] memcpy (in: _Dst=0x4d26088, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26088) returned 0x4d26088 [0052.773] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.773] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.773] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.773] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.773] CRetailMalloc_Free () returned 0x6106ce01140001 [0052.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.773] memcpy (in: _Dst=0x4d260a0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d260a0) returned 0x4d260a0 [0052.773] memcpy (in: _Dst=0x4d260b8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d260b8) returned 0x4d260b8 [0052.773] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="zzz") returned 0x10fbec [0052.773] strcpy_s (in: _Dst=0x135490, _DstSize=0x4, _Src="zzz" | out: _Dst="zzz") returned 0x0 [0052.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="zzz", cbMultiByte=4, lpWideCharStr=0x1352e0, cchWideChar=4 | out: lpWideCharStr="zzz") returned 4 [0052.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="zzz", cbMultiByte=4, lpWideCharStr=0x135410, cchWideChar=5 | out: lpWideCharStr="zzz") returned 4 [0052.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="zzz", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="zzz") returned 4 [0052.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="zzz", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="zzz") returned 4 [0052.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="zzz", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="zzz") returned 4 [0052.774] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="zzz") returned 0x10fbec [0052.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="zzz", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="zzz") returned 4 [0052.774] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.774] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e5e | out: _Dst=0x6a19a60) returned 0x0 [0052.774] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.774] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_zzz") returned 0x10b8fd [0052.774] strcpy_s (in: _Dst=0x135680, _DstSize=0xb, _Src="_B_var_zzz" | out: _Dst="_B_var_zzz") returned 0x0 [0052.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="_B_var_zzz", cbMultiByte=11, lpWideCharStr=0x1354d0, cchWideChar=11 | out: lpWideCharStr="_B_var_zzz") returned 11 [0052.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="_B_var_zzz", cbMultiByte=11, lpWideCharStr=0x135530, cchWideChar=12 | out: lpWideCharStr="_B_var_zzz") returned 11 [0052.775] _mbscpy_s (in: _Dst=0x1356f0, _DstSizeInBytes=0x4, _Src=0x28a2e5e | out: _Dst=0x1356f0) returned 0x0 [0052.775] memcpy (in: _Dst=0x4d260d0, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d260d0) returned 0x4d260d0 [0052.775] CRetailMalloc_Free () returned 0x6106cf01140001 [0052.775] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x5000000 [0052.776] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.776] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.776] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.776] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.776] CRetailMalloc_Free () returned 0x6106d001140001 [0052.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.776] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x5010000 [0052.776] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.776] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.776] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.776] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.776] CRetailMalloc_Free () returned 0x6106d101140001 [0052.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.777] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.777] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.777] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.777] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.777] CRetailMalloc_Free () returned 0x6106d201140001 [0052.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.777] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.777] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.777] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.777] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.778] CRetailMalloc_Free () returned 0x6106d301140001 [0052.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.778] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.778] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.778] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.778] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.778] CRetailMalloc_Free () returned 0x6106d401140001 [0052.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.779] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.779] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.779] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.779] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.779] CRetailMalloc_Free () returned 0x6106d501140001 [0052.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.779] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.779] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.779] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.779] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.779] CRetailMalloc_Free () returned 0x6106d601140001 [0052.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.780] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.780] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.780] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.780] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.780] CRetailMalloc_Free () returned 0x6106d701140001 [0052.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.780] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.780] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.780] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.780] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.781] CRetailMalloc_Free () returned 0x6106d801140001 [0052.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.781] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.781] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.781] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.781] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.781] CRetailMalloc_Free () returned 0x6106d901140001 [0052.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.782] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.782] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.782] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.782] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.782] CRetailMalloc_Free () returned 0x6106da01140001 [0052.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.782] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.782] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.782] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.782] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.782] CRetailMalloc_Free () returned 0x6106db01140001 [0052.782] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x61b0000 [0052.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.783] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.783] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.783] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.784] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.785] CRetailMalloc_Free () returned 0x6106dc01140001 [0052.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.785] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.785] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.785] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.785] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.785] CRetailMalloc_Free () returned 0x6106dd01140001 [0052.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.786] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.786] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.786] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.786] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.786] CRetailMalloc_Free () returned 0x6106de01140001 [0052.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.786] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.786] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.786] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.787] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.787] CRetailMalloc_Free () returned 0x6106df01140001 [0052.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.787] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.787] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.787] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.787] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.787] CRetailMalloc_Free () returned 0x6106e001140001 [0052.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.788] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.788] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.788] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.788] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.788] CRetailMalloc_Free () returned 0x6106e101140001 [0052.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.788] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.788] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.788] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.788] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.789] CRetailMalloc_Free () returned 0x6106e201140001 [0052.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.789] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.789] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.789] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.789] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.789] CRetailMalloc_Free () returned 0x6106e301140001 [0052.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.789] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.789] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.790] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.790] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.790] CRetailMalloc_Free () returned 0x6106e401140001 [0052.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.790] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.790] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.790] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.790] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.790] CRetailMalloc_Free () returned 0x6106e501140001 [0052.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.791] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x61c0000 [0052.791] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.791] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.791] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.791] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.791] CRetailMalloc_Free () returned 0x6106e601140001 [0052.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.791] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.791] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.791] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.791] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.792] CRetailMalloc_Free () returned 0x6106e701140001 [0052.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.792] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.792] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.792] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.792] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.792] CRetailMalloc_Free () returned 0x6106e801140001 [0052.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.793] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.793] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.793] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.793] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.793] CRetailMalloc_Free () returned 0x6106e901140001 [0052.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.793] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.793] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e3a | out: _Dst=0x6a19a60) returned 0x0 [0052.793] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.793] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Chr") returned 0x103b5c [0052.793] CRetailMalloc_Free () returned 0x6106ea01140001 [0052.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.794] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="yyy") returned 0x10e071 [0052.794] strcpy_s (in: _Dst=0x135490, _DstSize=0x4, _Src="yyy" | out: _Dst="yyy") returned 0x0 [0052.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="yyy", cbMultiByte=4, lpWideCharStr=0x1352e0, cchWideChar=4 | out: lpWideCharStr="yyy") returned 4 [0052.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="yyy", cbMultiByte=4, lpWideCharStr=0x135410, cchWideChar=5 | out: lpWideCharStr="yyy") returned 4 [0052.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="yyy", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="yyy") returned 4 [0052.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="yyy", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="yyy") returned 4 [0052.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="yyy", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="yyy") returned 4 [0052.794] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="yyy") returned 0x10e071 [0052.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="yyy", cbMultiByte=4, lpWideCharStr=0x135570, cchWideChar=5 | out: lpWideCharStr="yyy") returned 4 [0052.795] CRetailMalloc_Alloc () returned 0x6a19a60 [0052.795] _mbscpy_s (in: _Dst=0x6a19a60, _DstSizeInBytes=0x4, _Src=0x28a2e82 | out: _Dst=0x6a19a60) returned 0x0 [0052.795] memcpy (in: _Dst=0x6a19a67, _Src=0x6a19a60, _Size=0x4 | out: _Dst=0x6a19a67) returned 0x6a19a67 [0052.795] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_yyy") returned 0x109d82 [0052.795] strcpy_s (in: _Dst=0x135680, _DstSize=0xb, _Src="_B_var_yyy" | out: _Dst="_B_var_yyy") returned 0x0 [0052.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="_B_var_yyy", cbMultiByte=11, lpWideCharStr=0x1354d0, cchWideChar=11 | out: lpWideCharStr="_B_var_yyy") returned 11 [0052.795] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="_B_var_yyy", cbMultiByte=11, lpWideCharStr=0x135530, cchWideChar=12 | out: lpWideCharStr="_B_var_yyy") returned 11 [0052.795] _mbscpy_s (in: _Dst=0x1356f0, _DstSizeInBytes=0x4, _Src=0x28a2e82 | out: _Dst=0x1356f0) returned 0x0 [0052.795] memcpy (in: _Dst=0x4d260e8, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d260e8) returned 0x4d260e8 [0052.795] CRetailMalloc_Free () returned 0x6106eb01140001 [0052.795] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x61d0000 [0052.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="get", cbMultiByte=3, lpWideCharStr=0x61d1ae4, cchWideChar=8 | out: lpWideCharStr="get") returned 3 [0052.796] memcpy (in: _Dst=0x4d26100, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26100) returned 0x4d26100 [0052.796] memcpy (in: _Dst=0x4d26118, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26118) returned 0x4d26118 [0052.796] memcpy (in: _Dst=0x4d26130, _Src=0x7fef45fa8f8, _Size=0x18 | out: _Dst=0x4d26130) returned 0x4d26130 [0052.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Open", cbMultiByte=6, lpWideCharStr=0x135390, cchWideChar=5 | out: lpWideCharStr="Open") returned 0 [0052.796] wcscpy_s (in: _Destination=0x99738b8, _SizeInWords=0x5, _Source="Open" | out: _Destination="Open") returned 0x0 [0052.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="send", cbMultiByte=6, lpWideCharStr=0x135390, cchWideChar=5 | out: lpWideCharStr="send") returned 0 [0052.796] wcscpy_s (in: _Destination=0x99738d0, _SizeInWords=0x5, _Source="send" | out: _Destination="send") returned 0x0 [0052.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="responseBody", cbMultiByte=14, lpWideCharStr=0x135390, cchWideChar=13 | out: lpWideCharStr="responseBody") returned 0 [0052.796] wcscpy_s (in: _Destination=0x99738e8, _SizeInWords=0xd, _Source="responseBody" | out: _Destination="responseBody") returned 0x0 [0052.796] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Status", cbMultiByte=8, lpWideCharStr=0x135390, cchWideChar=7 | out: lpWideCharStr="Status") returned 0 [0052.796] wcscpy_s (in: _Destination=0x9973910, _SizeInWords=0x7, _Source="Status" | out: _Destination="Status") returned 0x0 [0052.796] realloc (_Block=0x0, _Size=0xc0) returned 0x1d3bff0 [0052.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="adodb.stream$", cbMultiByte=12, lpWideCharStr=0x61d2ea8, cchWideChar=26 | out: lpWideCharStr="adodb.stream") returned 12 [0052.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=0, lpWideCharStr=0x61d3056, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0052.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Open", cbMultiByte=6, lpWideCharStr=0x135390, cchWideChar=5 | out: lpWideCharStr="Open") returned 0 [0052.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Type", cbMultiByte=6, lpWideCharStr=0x135390, cchWideChar=5 | out: lpWideCharStr="Type") returned 0 [0052.797] wcscpy_s (in: _Destination=0x9973950, _SizeInWords=0x5, _Source="Type" | out: _Destination="Type") returned 0x0 [0052.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Write", cbMultiByte=7, lpWideCharStr=0x135390, cchWideChar=6 | out: lpWideCharStr="Write") returned 0 [0052.797] wcscpy_s (in: _Destination=0x9973968, _SizeInWords=0x6, _Source="Write" | out: _Destination="Write") returned 0x0 [0052.797] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x61e0000 [0052.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="SaveToFile", cbMultiByte=12, lpWideCharStr=0x135390, cchWideChar=11 | out: lpWideCharStr="SaveToFile") returned 0 [0052.798] wcscpy_s (in: _Destination=0x9973980, _SizeInWords=0xb, _Source="SaveToFile" | out: _Destination="SaveToFile") returned 0x0 [0052.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Close", cbMultiByte=7, lpWideCharStr=0x135390, cchWideChar=6 | out: lpWideCharStr="Close") returned 0 [0052.798] wcscpy_s (in: _Destination=0x99739a0, _SizeInWords=0x6, _Source="Close" | out: _Destination="Close") returned 0x0 [0052.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Open", cbMultiByte=6, lpWideCharStr=0x135390, cchWideChar=5 | out: lpWideCharStr="Open") returned 0 [0052.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.799] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.799] CRetailMalloc_GetSize () returned 0x26d [0052.799] CRetailMalloc_GetSize () returned 0x26d [0052.800] GetCurrentProcess () returned 0xffffffffffffffff [0052.800] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x4c) returned 1 [0052.800] CRetailMalloc_Free () returned 0x39d87101 [0052.800] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.800] CRetailMalloc_GetSize () returned 0x26d [0052.800] CRetailMalloc_GetSize () returned 0x26d [0052.800] CRetailMalloc_GetSize () returned 0x26d [0052.800] CRetailMalloc_GetSize () returned 0x26d [0052.800] GetCurrentProcess () returned 0xffffffffffffffff [0052.800] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x5c) returned 1 [0052.800] CRetailMalloc_Free () returned 0x39d87101 [0052.800] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.800] CRetailMalloc_GetSize () returned 0x26d [0052.800] CRetailMalloc_GetSize () returned 0x26d [0052.800] GetCurrentProcess () returned 0xffffffffffffffff [0052.800] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x4c) returned 1 [0052.800] CRetailMalloc_Free () returned 0x39d87101 [0052.800] CRetailMalloc_Alloc () returned 0x98d6e00 [0052.800] CRetailMalloc_GetSize () returned 0x26d [0052.800] CRetailMalloc_GetSize () returned 0x26d [0052.801] GetCurrentProcess () returned 0xffffffffffffffff [0052.801] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x98d6e00, dwSize=0x4c) returned 1 [0052.801] CRetailMalloc_Free () returned 0x39d87101 [0052.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fef45f9cd0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0052.830] CRetailMalloc_Free () returned 0x3a037a0001 [0052.830] GetCurrentProcess () returned 0xffffffffffffffff [0052.831] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x9972699, dwSize=0x8) returned 1 [0052.831] GetCurrentProcess () returned 0xffffffffffffffff [0052.831] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x9972698, dwSize=0x8) returned 1 [0052.831] GetCurrentProcess () returned 0xffffffffffffffff [0052.831] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x9972699, dwSize=0x8) returned 1 [0052.831] GetCurrentProcess () returned 0xffffffffffffffff [0052.831] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x9972698, dwSize=0x8) returned 1 [0052.831] GetCurrentProcess () returned 0xffffffffffffffff [0052.831] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x99726a8, dwSize=0x2) returned 1 [0052.831] GetCurrentProcess () returned 0xffffffffffffffff [0052.831] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x99726fc, dwSize=0x45) returned 1 [0052.831] VirtualProtect (in: lpAddress=0x99726fc, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x13574c | out: lpflOldProtect=0x13574c*=0x40) returned 1 [0052.832] GetCurrentProcess () returned 0xffffffffffffffff [0052.832] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x997314c, dwSize=0x45) returned 1 [0052.832] VirtualProtect (in: lpAddress=0x997314c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x13574c | out: lpflOldProtect=0x13574c*=0x40) returned 1 [0052.833] SetErrorMode (uMode=0x8001) returned 0x8001 [0052.833] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0052.833] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fef4230000 [0052.833] DeactivateActCtx (dwFlags=0x0, ulCookie=0x111a87e900000534) returned 1 [0052.833] SetErrorMode (uMode=0x8001) returned 0x8001 [0052.834] GetProcAddress (hModule=0x7fef4230000, lpProcName=0x2cc) returned 0x7fef4569158 [0052.834] GetCurrentProcess () returned 0xffffffffffffffff [0052.834] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x9972d84, dwSize=0x4b) returned 1 [0052.834] RtlLookupFunctionEntry (in: ControlPc=0x9972d84, ImageBase=0x1355d8, HistoryTable=0x1355e0 | out: ImageBase=0x1355d8, HistoryTable=0x1355e0) returned 0x0 [0052.834] VirtualProtect (in: lpAddress=0x9972d84, dwSize=0x4c, flNewProtect=0x40, lpflOldProtect=0x1356dc | out: lpflOldProtect=0x1356dc*=0x40) returned 1 [0052.835] RtlAddFunctionTable (FunctionTable=0x9972ddc, EntryCount=0x1, BaseAddress=0x9972d00, TargetGp=0x1356dc) returned 1 [0052.835] GetCurrentProcess () returned 0xffffffffffffffff [0052.835] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x99733c4, dwSize=0x4c) returned 1 [0052.835] RtlLookupFunctionEntry (in: ControlPc=0x99733c4, ImageBase=0x135638, HistoryTable=0x135640 | out: ImageBase=0x135638, HistoryTable=0x135640) returned 0x0 [0052.835] VirtualProtect (in: lpAddress=0x99733c4, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x13573c | out: lpflOldProtect=0x13573c*=0x40) returned 1 [0052.835] RtlAddFunctionTable (FunctionTable=0x9973420, EntryCount=0x1, BaseAddress=0x9973300, TargetGp=0x13573c) returned 1 [0052.835] GetCurrentProcess () returned 0xffffffffffffffff [0052.835] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x9973468, dwSize=0x5c) returned 1 [0052.835] RtlLookupFunctionEntry (in: ControlPc=0x9973468, ImageBase=0x135638, HistoryTable=0x135640 | out: ImageBase=0x135638, HistoryTable=0x135640) returned 0x0 [0052.835] VirtualProtect (in: lpAddress=0x9973468, dwSize=0x60, flNewProtect=0x40, lpflOldProtect=0x13573c | out: lpflOldProtect=0x13573c*=0x40) returned 1 [0052.836] RtlAddFunctionTable (FunctionTable=0x99734d4, EntryCount=0x1, BaseAddress=0x9973400, TargetGp=0x13573c) returned 1 [0052.836] GetCurrentProcess () returned 0xffffffffffffffff [0052.836] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x99735ec, dwSize=0x4c) returned 1 [0052.836] RtlLookupFunctionEntry (in: ControlPc=0x99735ec, ImageBase=0x135638, HistoryTable=0x135640 | out: ImageBase=0x135638, HistoryTable=0x135640) returned 0x0 [0052.836] VirtualProtect (in: lpAddress=0x99735ec, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x13573c | out: lpflOldProtect=0x13573c*=0x40) returned 1 [0052.836] RtlAddFunctionTable (FunctionTable=0x9973648, EntryCount=0x1, BaseAddress=0x9973500, TargetGp=0x13573c) returned 1 [0052.837] GetCurrentProcess () returned 0xffffffffffffffff [0052.837] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x99736a4, dwSize=0x4c) returned 1 [0052.837] RtlLookupFunctionEntry (in: ControlPc=0x99736a4, ImageBase=0x135638, HistoryTable=0x135640 | out: ImageBase=0x135638, HistoryTable=0x135640) returned 0x0 [0052.837] VirtualProtect (in: lpAddress=0x99736a4, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x13573c | out: lpflOldProtect=0x13573c*=0x40) returned 1 [0052.837] RtlAddFunctionTable (FunctionTable=0x9973700, EntryCount=0x1, BaseAddress=0x9973600, TargetGp=0x13573c) returned 1 [0052.837] SetErrorMode (uMode=0x8001) returned 0x8001 [0052.837] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0052.837] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fef4230000 [0052.838] DeactivateActCtx (dwFlags=0x0, ulCookie=0x111a87e900000535) returned 1 [0052.838] SetErrorMode (uMode=0x8001) returned 0x8001 [0052.838] GetProcAddress (hModule=0x7fef4230000, lpProcName=0x260) returned 0x7fef437142c [0052.838] GetCurrentProcess () returned 0xffffffffffffffff [0052.838] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x9973834, dwSize=0x43) returned 1 [0052.838] RtlLookupFunctionEntry (in: ControlPc=0x9973834, ImageBase=0x1355d8, HistoryTable=0x1355e0 | out: ImageBase=0x1355d8, HistoryTable=0x1355e0) returned 0x0 [0052.838] VirtualProtect (in: lpAddress=0x9973834, dwSize=0x44, flNewProtect=0x40, lpflOldProtect=0x1356dc | out: lpflOldProtect=0x1356dc*=0x40) returned 1 [0052.839] RtlAddFunctionTable (FunctionTable=0x9973884, EntryCount=0x1, BaseAddress=0x9973800, TargetGp=0x1356dc) returned 1 [0052.841] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x136cf8 | out: lpclsid=0x136cf8*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0052.843] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0052.843] CoCreateInstance (in: rclsid=0x136cf8*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fef45baa48*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x136ca8 | out: ppv=0x136ca8*=0x84b32d8) returned 0x0 [0052.878] WshShell:IUnknown:QueryInterface (in: This=0x84b32d8, riid=0x7fef45d4590*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), ppvObject=0x136cc0 | out: ppvObject=0x136cc0*=0x0) returned 0x80004002 [0052.878] WshShell:IUnknown:QueryInterface (in: This=0x84b32d8, riid=0x7fef45d45a0*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), ppvObject=0x136cc8 | out: ppvObject=0x136cc8*=0x0) returned 0x80004002 [0052.878] WshShell:IUnknown:QueryInterface (in: This=0x84b32d8, riid=0x7fef45baa68*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x136d88 | out: ppvObject=0x136d88*=0x84b32b0) returned 0x0 [0052.878] WshShell:IUnknown:Release (This=0x84b32d8) returned 0x1 [0052.878] WshShell:IUnknown:AddRef (This=0x84b32b0) returned 0x2 [0052.878] WshShell:IUnknown:Release (This=0x84b32b0) returned 0x1 [0052.879] WshShell:IDispatch:GetIDsOfNames (in: This=0x84b32b0, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x136e90*="SpecialFolders", cNames=0x1, lcid=0x409, rgDispId=0x136e74 | out: rgDispId=0x136e74*=100) returned 0x0 [0052.889] WshShell:IDispatch:Invoke (in: This=0x84b32b0, dispIdMember=100, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x136e28*(rgvarg=([0]=0x98a4a78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Templates", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x98a5220, pExcepInfo=0x136e40, puArgErr=0x136e20 | out: pDispParams=0x136e28*(rgvarg=([0]=0x98a4a78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Templates", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x98a5220*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates", varVal2=0x0), pExcepInfo=0x136e40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x136e20*=0x409) returned 0x0 [0053.042] CLSIDFromProgIDEx (in: lpszProgID="microsoft.xmlhttp", lpclsid=0x136cf8 | out: lpclsid=0x136cf8*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0 [0053.044] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0053.044] CoCreateInstance (in: rclsid=0x136cf8*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fef45baa48*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x136ca8 | out: ppv=0x136ca8*=0xb355aa0) returned 0x0 [0053.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0xb355aa0, riid=0x7fef45d4590*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), ppvObject=0x136cc0 | out: ppvObject=0x136cc0*=0x0) returned 0x80004002 [0053.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0xb355aa0, riid=0x7fef45d45a0*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), ppvObject=0x136cc8 | out: ppvObject=0x136cc8*=0x0) returned 0x80004002 [0053.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0xb355aa0, riid=0x7fef45baa68*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x136d88 | out: ppvObject=0x136d88*=0xb355aa0) returned 0x0 [0053.075] XMLHTTPRequest:IUnknown:Release (This=0xb355aa0) returned 0x1 [0053.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Sd\x91\x98ª\x9c", cbMultiByte=1, lpWideCharStr=0x68c0818, cchWideChar=1 | out: lpWideCharStr="S") returned 1 [0053.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="hd\x91\x98ª\x9c", cbMultiByte=1, lpWideCharStr=0x68e0478, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0053.080] VarAdd (in: pvarLeft=0x98a5220, pvarRight=0x98a5120, pvarResult=0x98a50e0 | out: pvarResult=0x98a50e0) returned 0x0 [0053.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="e7\x97\x09", cbMultiByte=1, lpWideCharStr=0x68e0a48, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0053.080] VarBstrCat (in: bstrLeft="Sh", bstrRight="e", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="lJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x68c0728, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0053.080] VarBstrCat (in: bstrLeft="She", bstrRight="l", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="lJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993af78, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0053.080] VarBstrCat (in: bstrLeft="Shel", bstrRight="l", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=".J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b438, cchWideChar=1 | out: lpWideCharStr=".") returned 1 [0053.080] VarBstrCat (in: bstrLeft="Shell", bstrRight=".", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="AJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b458, cchWideChar=1 | out: lpWideCharStr="A") returned 1 [0053.080] VarBstrCat (in: bstrLeft="Shell.", bstrRight="A", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="pJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b478, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.A", bstrRight="p", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="pJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b498, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.Ap", bstrRight="p", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="lJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4b8, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.App", bstrRight="l", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="iJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4d8, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.Appl", bstrRight="i", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="cJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4f8, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.Appli", bstrRight="c", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="aJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b518, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.Applic", bstrRight="a", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="tJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b538, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.Applica", bstrRight="t", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="iJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b558, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.Applicat", bstrRight="i", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="oJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b578, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0053.081] VarBstrCat (in: bstrLeft="Shell.Applicati", bstrRight="o", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="nJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b598, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0053.082] VarBstrCat (in: bstrLeft="Shell.Applicatio", bstrRight="n", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.083] CLSIDFromProgIDEx (in: lpszProgID="Shell.Application", lpclsid=0x136cf8 | out: lpclsid=0x136cf8*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0 [0053.086] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0053.086] CoCreateInstance (in: rclsid=0x136cf8*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fef45baa48*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x136ca8 | out: ppv=0x136ca8*=0x6b64af0) returned 0x0 [0053.087] Shell:IUnknown:QueryInterface (in: This=0x6b64af0, riid=0x7fef45d4590*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), ppvObject=0x136cc0 | out: ppvObject=0x136cc0*=0x0) returned 0x80004002 [0053.087] Shell:IUnknown:QueryInterface (in: This=0x6b64af0, riid=0x7fef45d45a0*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), ppvObject=0x136cc8 | out: ppvObject=0x136cc8*=0x0) returned 0x80004002 [0053.087] Shell:IUnknown:QueryInterface (in: This=0x6b64af0, riid=0x7fef45baa68*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x136d88 | out: ppvObject=0x136d88*=0x6b64af0) returned 0x0 [0053.087] Shell:IUnknown:Release (This=0x6b64af0) returned 0x1 [0053.087] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="\\d\x91\x98ª\x9c", cbMultiByte=1, lpWideCharStr=0x6944ce8, cchWideChar=1 | out: lpWideCharStr="\\") returned 1 [0053.088] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates", bstrRight="\\", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="sJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x6944bc8, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0053.088] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", bstrRight="s", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="pJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x69491e8, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0053.088] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\s", bstrRight="p", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="oJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x68c0818, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0053.088] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\sp", bstrRight="o", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="lJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x69491b8, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0053.088] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spo", bstrRight="l", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="sJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x68e0478, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0053.088] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spol", bstrRight="s", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="vJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b478, cchWideChar=1 | out: lpWideCharStr="v") returned 1 [0053.088] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spols", bstrRight="v", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="eJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b458, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0053.088] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spolsv", bstrRight="e", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=".J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b438, cchWideChar=1 | out: lpWideCharStr=".") returned 1 [0053.089] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spolsve", bstrRight=".", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="eJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993af78, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0053.089] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spolsve.", bstrRight="e", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="xJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4b8, cchWideChar=1 | out: lpWideCharStr="x") returned 1 [0053.089] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spolsve.e", bstrRight="x", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="eJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b498, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0053.089] VarBstrCat (in: bstrLeft="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spolsve.ex", bstrRight="e", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.090] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="hJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x6944bc8, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0053.090] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="tJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x69491e8, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0053.090] VarBstrCat (in: bstrLeft="h", bstrRight="t", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.090] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="tJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x69491b8, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0053.090] VarBstrCat (in: bstrLeft="ht", bstrRight="t", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.090] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="pJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x6944ce8, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0053.090] VarBstrCat (in: bstrLeft="htt", bstrRight="p", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.090] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="sJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b478, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0053.090] VarBstrCat (in: bstrLeft="http", bstrRight="s", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.090] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=":J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b498, cchWideChar=1 | out: lpWideCharStr=":") returned 1 [0053.091] VarBstrCat (in: bstrLeft="https", bstrRight=":", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="/J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4b8, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0053.091] VarBstrCat (in: bstrLeft="https:", bstrRight="/", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="/J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993af78, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0053.091] VarBstrCat (in: bstrLeft="https:/", bstrRight="/", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b438, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0053.091] VarBstrCat (in: bstrLeft="https://", bstrRight="w", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b458, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0053.091] VarBstrCat (in: bstrLeft="https://w", bstrRight="w", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b558, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0053.091] VarBstrCat (in: bstrLeft="https://ww", bstrRight="w", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=".J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b538, cchWideChar=1 | out: lpWideCharStr=".") returned 1 [0053.091] VarBstrCat (in: bstrLeft="https://www", bstrRight=".", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="rJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b518, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0053.091] VarBstrCat (in: bstrLeft="https://www.", bstrRight="r", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="aJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4f8, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0053.092] VarBstrCat (in: bstrLeft="https://www.r", bstrRight="a", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="bJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b598, cchWideChar=1 | out: lpWideCharStr="b") returned 1 [0053.092] VarBstrCat (in: bstrLeft="https://www.ra", bstrRight="b", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="aJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4d8, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0053.092] VarBstrCat (in: bstrLeft="https://www.rab", bstrRight="a", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="dJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b578, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0053.092] VarBstrCat (in: bstrLeft="https://www.raba", bstrRight="d", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="aJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b5b8, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0053.092] VarBstrCat (in: bstrLeft="https://www.rabad", bstrRight="a", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="uJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b5d8, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0053.092] VarBstrCat (in: bstrLeft="https://www.rabada", bstrRight="u", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="nJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b5f8, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0053.092] VarBstrCat (in: bstrLeft="https://www.rabadau", bstrRight="n", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=".J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b618, cchWideChar=1 | out: lpWideCharStr=".") returned 1 [0053.092] VarBstrCat (in: bstrLeft="https://www.rabadaun", bstrRight=".", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="cJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b638, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0053.093] VarBstrCat (in: bstrLeft="https://www.rabadaun.", bstrRight="c", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="oJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b658, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0053.093] VarBstrCat (in: bstrLeft="https://www.rabadaun.c", bstrRight="o", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="mJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b678, cchWideChar=1 | out: lpWideCharStr="m") returned 1 [0053.093] VarBstrCat (in: bstrLeft="https://www.rabadaun.co", bstrRight="m", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="/J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b698, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0053.093] VarBstrCat (in: bstrLeft="https://www.rabadaun.com", bstrRight="/", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b6b8, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0053.093] VarBstrCat (in: bstrLeft="https://www.rabadaun.com/", bstrRight="w", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="oJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b6d8, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0053.093] VarBstrCat (in: bstrLeft="https://www.rabadaun.com/w", bstrRight="o", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="rJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b6f8, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0053.093] VarBstrCat (in: bstrLeft="https://www.rabadaun.com/wo", bstrRight="r", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="dJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b718, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0053.094] VarBstrCat (in: bstrLeft="https://www.rabadaun.com/wor", bstrRight="d", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.094] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="pJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b738, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0053.094] VarBstrCat (in: bstrLeft="https://www.rabadaun.com/word", bstrRight="p", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.094] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="rJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b758, cchWideChar=1 | out: lpWideCharStr="r") returned 1 [0053.094] VarBstrCat (in: bstrLeft="https://www.rabadaun.com/wordp", bstrRight="r", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.094] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="eJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b778, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0053.094] VarBstrCat (in: bstrLeft="https://www.rabadaun.com/wordpr", bstrRight="e", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.094] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="sJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b798, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0053.094] VarBstrCat (in: bstrLeft="https://www.rabadaun.com/wordpre", bstrRight="s", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="sJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x694a988, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0053.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="/J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x69490f8, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0053.101] VarBstrCat (in: bstrLeft="s", bstrRight="/", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="wJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x6944c28, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0053.101] VarBstrCat (in: bstrLeft="s/", bstrRight="w", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="pJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x69491e8, cchWideChar=1 | out: lpWideCharStr="p") returned 1 [0053.101] VarBstrCat (in: bstrLeft="s/w", bstrRight="p", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="-J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993af78, cchWideChar=1 | out: lpWideCharStr="-") returned 1 [0053.101] VarBstrCat (in: bstrLeft="s/wp", bstrRight="-", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="cJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4b8, cchWideChar=1 | out: lpWideCharStr="c") returned 1 [0053.101] VarBstrCat (in: bstrLeft="s/wp-", bstrRight="c", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="oJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b498, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0053.102] VarBstrCat (in: bstrLeft="s/wp-c", bstrRight="o", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="nJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b478, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0053.102] VarBstrCat (in: bstrLeft="s/wp-co", bstrRight="n", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="tJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b678, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0053.102] VarBstrCat (in: bstrLeft="s/wp-con", bstrRight="t", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="eJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b658, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0053.102] VarBstrCat (in: bstrLeft="s/wp-cont", bstrRight="e", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="nJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b598, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0053.102] VarBstrCat (in: bstrLeft="s/wp-conte", bstrRight="n", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="tJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b4f8, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0053.102] VarBstrCat (in: bstrLeft="s/wp-conten", bstrRight="t", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="/J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b518, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0053.102] VarBstrCat (in: bstrLeft="s/wp-content", bstrRight="/", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="tJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b538, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0053.102] VarBstrCat (in: bstrLeft="s/wp-content/", bstrRight="t", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="hJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b798, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0053.103] VarBstrCat (in: bstrLeft="s/wp-content/t", bstrRight="h", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="eJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b558, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0053.103] VarBstrCat (in: bstrLeft="s/wp-content/th", bstrRight="e", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="mJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b778, cchWideChar=1 | out: lpWideCharStr="m") returned 1 [0053.103] VarBstrCat (in: bstrLeft="s/wp-content/the", bstrRight="m", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="eJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b458, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0053.103] VarBstrCat (in: bstrLeft="s/wp-content/them", bstrRight="e", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="sJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b758, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0053.103] VarBstrCat (in: bstrLeft="s/wp-content/theme", bstrRight="s", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="/J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b438, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0053.103] VarBstrCat (in: bstrLeft="s/wp-content/themes", bstrRight="/", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="TJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b738, cchWideChar=1 | out: lpWideCharStr="T") returned 1 [0053.103] VarBstrCat (in: bstrLeft="s/wp-content/themes/", bstrRight="T", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="EJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b638, cchWideChar=1 | out: lpWideCharStr="E") returned 1 [0053.103] VarBstrCat (in: bstrLeft="s/wp-content/themes/T", bstrRight="E", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b618, cchWideChar=1 | out: lpWideCharStr="M") returned 1 [0053.104] VarBstrCat (in: bstrLeft="s/wp-content/themes/TE", bstrRight="M", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="PJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b5f8, cchWideChar=1 | out: lpWideCharStr="P") returned 1 [0053.104] VarBstrCat (in: bstrLeft="s/wp-content/themes/TEM", bstrRight="P", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=".J\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b5d8, cchWideChar=1 | out: lpWideCharStr=".") returned 1 [0053.104] VarBstrCat (in: bstrLeft="s/wp-content/themes/TEMP", bstrRight=".", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="sJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b5b8, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0053.104] VarBstrCat (in: bstrLeft="s/wp-content/themes/TEMP.", bstrRight="s", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="oJ\x8a\x09", cbMultiByte=1, lpWideCharStr=0x993b578, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0053.104] VarBstrCat (in: bstrLeft="s/wp-content/themes/TEMP.s", bstrRight="o", pbstrResult=0x136e50 | out: pbstrResult=0x136e50) returned 0x0 [0053.106] VarAdd (in: pvarLeft=0x98a4af0, pvarRight=0x98a4ad8, pvarResult=0x98a5220 | out: pvarResult=0x98a5220) returned 0x0 [0053.106] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0xb355aa0, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x136e90*="Open", cNames=0x1, lcid=0x409, rgDispId=0x136e74 | out: rgDispId=0x136e74*=1) returned 0x0 [0053.125] XMLHTTPRequest:IDispatch:Invoke (in: This=0xb355aa0, dispIdMember=1, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x136e28*(rgvarg=([0]=0x98a4a48*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), [1]=0x98a4a60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.rabadaun.com/wordpress/wp-content/themes/TEMP.so", varVal2=0x136e90), [2]=0x98a4a78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="get", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x136e40, puArgErr=0x136e20 | out: pDispParams=0x136e28*(rgvarg=([0]=0x98a4a48*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), [1]=0x98a4a60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="https://www.rabadaun.com/wordpress/wp-content/themes/TEMP.so", varVal2=0x136e90), [2]=0x98a4a78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="get", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x136e40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x136e20*=0x409) returned 0x0 [0053.170] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0xb355aa0, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x136e90*="send", cNames=0x1, lcid=0x409, rgDispId=0x136e74 | out: rgDispId=0x136e74*=5) returned 0x0 [0053.170] XMLHTTPRequest:IDispatch:Invoke (in: This=0xb355aa0, dispIdMember=5, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x136e28*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x136e40, puArgErr=0x136e20 | out: pDispParams=0x136e28*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x136e40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x136e20*=0x409) returned 0x0 [0054.565] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0xb355aa0, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x136df0*="responseBody", cNames=0x1, lcid=0x409, rgDispId=0x136dd4 | out: rgDispId=0x136dd4*=11) returned 0x0 [0054.565] XMLHTTPRequest:IDispatch:Invoke (in: This=0xb355aa0, dispIdMember=11, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x136d88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x98a5220, pExcepInfo=0x136da0, puArgErr=0x136d80 | out: pDispParams=0x136d88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x98a5220*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c174d0*(cDims=0x1, fFeatures=0x2080, cbElements=0x1, cLocks=0x0, pvData=0x9c174f0*, rgsabound=((cElements=0x119bc, lLbound=0))), varVal2=0x0), pExcepInfo=0x136da0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x136d80*=0x409) returned 0x0 [0054.566] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0xb355aa0, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x136df0*="Status", cNames=0x1, lcid=0x409, rgDispId=0x136dd4 | out: rgDispId=0x136dd4*=7) returned 0x0 [0054.566] XMLHTTPRequest:IDispatch:Invoke (in: This=0xb355aa0, dispIdMember=7, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x136d88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x98a5220, pExcepInfo=0x136da0, puArgErr=0x136d80 | out: pDispParams=0x136d88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x98a5220*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x194, varVal2=0x0), pExcepInfo=0x136da0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x136d80*=0x409) returned 0x0 [0054.567] VarCmp (pvarLeft=0x98a5220, pvarRight=0x98a5208, lcid=0x0, dwFlags=0x30001) returned 0x2 [0054.567] Shell:IDispatch:GetIDsOfNames (in: This=0x6b64af0, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x136e90*="Open", cNames=0x1, lcid=0x409, rgDispId=0x136e74 | out: rgDispId=0x136e74*=1610743813) returned 0x0 [0054.578] Shell:IDispatch:Invoke (in: This=0x6b64af0, dispIdMember=1610743813, riid=0x7fef45baa58*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x136e28*(rgvarg=([0]=0x98a4a78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spolsve.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x136e40, puArgErr=0x136e20 | out: pDispParams=0x136e28*(rgvarg=([0]=0x98a4a78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\spolsve.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x136e40*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x136e20*=0x409) returned 0x0 [0054.581] Shell:IUnknown:Release (This=0x6b64af0) returned 0x0 [0054.582] WshShell:IUnknown:Release (This=0x84b32b0) returned 0x0 [0054.582] XMLHTTPRequest:IUnknown:Release (This=0xb355aa0) returned 0x0 Thread: id = 14 os_tid = 0x9e8 Thread: id = 15 os_tid = 0xa04 Thread: id = 16 os_tid = 0xa08 Thread: id = 17 os_tid = 0xa0c Thread: id = 18 os_tid = 0xa00 Thread: id = 19 os_tid = 0xa58 Thread: id = 72 os_tid = 0xa50 Thread: id = 103 os_tid = 0xb04 Thread: id = 106 os_tid = 0xab4 Thread: id = 107 os_tid = 0xb1c Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x71a0000" os_pid = "0x368" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000da27" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 618 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 619 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 620 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 621 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 622 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 623 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 624 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 625 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 626 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 627 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 628 start_va = 0x110000 end_va = 0x11afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 629 start_va = 0x120000 end_va = 0x12cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 630 start_va = 0x130000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 631 start_va = 0x1b0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 632 start_va = 0x2b0000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 633 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 634 start_va = 0x380000 end_va = 0x383fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 635 start_va = 0x390000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 636 start_va = 0x490000 end_va = 0x617fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 637 start_va = 0x620000 end_va = 0x7a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 638 start_va = 0x7b0000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 639 start_va = 0x830000 end_va = 0x839fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 640 start_va = 0x840000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 641 start_va = 0x850000 end_va = 0x850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 642 start_va = 0x860000 end_va = 0x860fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 643 start_va = 0x870000 end_va = 0x870fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 644 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 645 start_va = 0x890000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 646 start_va = 0x8a0000 end_va = 0x8a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 647 start_va = 0x8b0000 end_va = 0x8c9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 648 start_va = 0x8d0000 end_va = 0x8d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 649 start_va = 0x8e0000 end_va = 0x8e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 650 start_va = 0x8f0000 end_va = 0x8f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 651 start_va = 0x900000 end_va = 0x903fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 652 start_va = 0x910000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 653 start_va = 0x990000 end_va = 0x99dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 654 start_va = 0x9a0000 end_va = 0x9a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 655 start_va = 0x9b0000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 656 start_va = 0xa30000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 657 start_va = 0xa40000 end_va = 0xabffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 658 start_va = 0xac0000 end_va = 0xd8efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 659 start_va = 0xd90000 end_va = 0xd90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 660 start_va = 0xda0000 end_va = 0xdaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 661 start_va = 0xdb0000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 662 start_va = 0xe30000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000019.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000019.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000019.db") Region: id = 663 start_va = 0xe60000 end_va = 0xe7bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 664 start_va = 0xe80000 end_va = 0xe80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e80000" filename = "" Region: id = 665 start_va = 0xe90000 end_va = 0xe90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 666 start_va = 0xea0000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 667 start_va = 0xf20000 end_va = 0xf27fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 668 start_va = 0xf30000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 669 start_va = 0xf40000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 670 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 671 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 672 start_va = 0xfe0000 end_va = 0xfe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 673 start_va = 0xff0000 end_va = 0xff1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 674 start_va = 0x1000000 end_va = 0x1000fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 675 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 676 start_va = 0x1090000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 677 start_va = 0x1110000 end_va = 0x1175fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 678 start_va = 0x1180000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 679 start_va = 0x1190000 end_va = 0x119ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 680 start_va = 0x11a0000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011a0000" filename = "" Region: id = 681 start_va = 0x11b0000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011b0000" filename = "" Region: id = 682 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011c0000" filename = "" Region: id = 683 start_va = 0x11d0000 end_va = 0x11dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011d0000" filename = "" Region: id = 684 start_va = 0x11e0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011e0000" filename = "" Region: id = 685 start_va = 0x11f0000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011f0000" filename = "" Region: id = 686 start_va = 0x1200000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 687 start_va = 0x1280000 end_va = 0x1287fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 688 start_va = 0x1290000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001290000" filename = "" Region: id = 689 start_va = 0x12a0000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 690 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 691 start_va = 0x12c0000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 692 start_va = 0x1340000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 693 start_va = 0x13c0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013c0000" filename = "" Region: id = 694 start_va = 0x13d0000 end_va = 0x13dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013d0000" filename = "" Region: id = 695 start_va = 0x13e0000 end_va = 0x13effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013e0000" filename = "" Region: id = 696 start_va = 0x13f0000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013f0000" filename = "" Region: id = 697 start_va = 0x1400000 end_va = 0x140ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001400000" filename = "" Region: id = 698 start_va = 0x1410000 end_va = 0x141ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001410000" filename = "" Region: id = 699 start_va = 0x1420000 end_va = 0x142ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 700 start_va = 0x1430000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 701 start_va = 0x1440000 end_va = 0x144ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 702 start_va = 0x1450000 end_va = 0x1457fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001450000" filename = "" Region: id = 703 start_va = 0x1460000 end_va = 0x14dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001460000" filename = "" Region: id = 704 start_va = 0x14e0000 end_va = 0x14effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014e0000" filename = "" Region: id = 705 start_va = 0x14f0000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 706 start_va = 0x1500000 end_va = 0x1507fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 707 start_va = 0x1510000 end_va = 0x158ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 708 start_va = 0x1590000 end_va = 0x159ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 709 start_va = 0x15b0000 end_va = 0x162ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015b0000" filename = "" Region: id = 710 start_va = 0x1650000 end_va = 0x16cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001650000" filename = "" Region: id = 711 start_va = 0x16d0000 end_va = 0x174ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016d0000" filename = "" Region: id = 712 start_va = 0x1750000 end_va = 0x17cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 713 start_va = 0x17d0000 end_va = 0x184ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 714 start_va = 0x1860000 end_va = 0x18dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001860000" filename = "" Region: id = 715 start_va = 0x1910000 end_va = 0x198ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001910000" filename = "" Region: id = 716 start_va = 0x19f0000 end_va = 0x1a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 717 start_va = 0x1a70000 end_va = 0x1aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a70000" filename = "" Region: id = 718 start_va = 0x1af0000 end_va = 0x1beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001af0000" filename = "" Region: id = 719 start_va = 0x1bf0000 end_va = 0x1ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bf0000" filename = "" Region: id = 720 start_va = 0x1d60000 end_va = 0x1ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 721 start_va = 0x1e80000 end_va = 0x1f3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 722 start_va = 0x1f60000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 723 start_va = 0x2030000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 724 start_va = 0x20d0000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 725 start_va = 0x2150000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 726 start_va = 0x21e0000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 727 start_va = 0x22a0000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 728 start_va = 0x2320000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002320000" filename = "" Region: id = 729 start_va = 0x2360000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 730 start_va = 0x23a0000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023a0000" filename = "" Region: id = 731 start_va = 0x24c0000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024c0000" filename = "" Region: id = 732 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 733 start_va = 0x2670000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 734 start_va = 0x2780000 end_va = 0x278ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 735 start_va = 0x2800000 end_va = 0x287ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 736 start_va = 0x2880000 end_va = 0x297ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 737 start_va = 0x29c0000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 738 start_va = 0x2a40000 end_va = 0x2a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 739 start_va = 0x2a60000 end_va = 0x2adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 740 start_va = 0x2b40000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 741 start_va = 0x2bc0000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 742 start_va = 0x2cd0000 end_va = 0x2d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cd0000" filename = "" Region: id = 743 start_va = 0x2d50000 end_va = 0x2f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 744 start_va = 0x2fa0000 end_va = 0x301ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 745 start_va = 0x3020000 end_va = 0x309ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 746 start_va = 0x30e0000 end_va = 0x315ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 747 start_va = 0x31b0000 end_va = 0x322ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 748 start_va = 0x3310000 end_va = 0x338ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 749 start_va = 0x33a0000 end_va = 0x341ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 750 start_va = 0x3480000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 751 start_va = 0x3500000 end_va = 0x357ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 752 start_va = 0x35b0000 end_va = 0x362ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 753 start_va = 0x3650000 end_va = 0x36cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 754 start_va = 0x36d0000 end_va = 0x3acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036d0000" filename = "" Region: id = 755 start_va = 0x3ad0000 end_va = 0x3bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ad0000" filename = "" Region: id = 756 start_va = 0x3c60000 end_va = 0x3cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c60000" filename = "" Region: id = 757 start_va = 0x3d90000 end_va = 0x3e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d90000" filename = "" Region: id = 758 start_va = 0x3e10000 end_va = 0x3e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 759 start_va = 0x3ea0000 end_va = 0x3f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 760 start_va = 0x3f50000 end_va = 0x3fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 761 start_va = 0x4070000 end_va = 0x40effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004070000" filename = "" Region: id = 762 start_va = 0x4180000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 763 start_va = 0x4200000 end_va = 0x427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 764 start_va = 0x4280000 end_va = 0x447ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004280000" filename = "" Region: id = 765 start_va = 0x44d0000 end_va = 0x454ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044d0000" filename = "" Region: id = 766 start_va = 0x4570000 end_va = 0x45effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 767 start_va = 0x4600000 end_va = 0x467ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 768 start_va = 0x4680000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004680000" filename = "" Region: id = 769 start_va = 0x4ab0000 end_va = 0x4b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 770 start_va = 0x4b30000 end_va = 0x532ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 771 start_va = 0x5330000 end_va = 0x542ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 772 start_va = 0x5430000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005430000" filename = "" Region: id = 773 start_va = 0x5530000 end_va = 0x562ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 774 start_va = 0x5630000 end_va = 0x572ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005630000" filename = "" Region: id = 775 start_va = 0x5770000 end_va = 0x57effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005770000" filename = "" Region: id = 776 start_va = 0x57f0000 end_va = 0x58effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000057f0000" filename = "" Region: id = 777 start_va = 0x58f0000 end_va = 0x59effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058f0000" filename = "" Region: id = 778 start_va = 0x59f0000 end_va = 0x69effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059f0000" filename = "" Region: id = 779 start_va = 0x6a40000 end_va = 0x6abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a40000" filename = "" Region: id = 780 start_va = 0x6b30000 end_va = 0x6baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b30000" filename = "" Region: id = 781 start_va = 0x6bc0000 end_va = 0x6c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006bc0000" filename = "" Region: id = 782 start_va = 0x77230000 end_va = 0x77329fff monitored = 0 entry_point = 0x7724a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 783 start_va = 0x77330000 end_va = 0x7744efff monitored = 0 entry_point = 0x77345340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 784 start_va = 0x77450000 end_va = 0x775f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 785 start_va = 0x77620000 end_va = 0x77626fff monitored = 0 entry_point = 0x7762106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 786 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 787 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 788 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 789 start_va = 0xff160000 end_va = 0xff16afff monitored = 0 entry_point = 0xff16246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 790 start_va = 0x7fef2cf0000 end_va = 0x7fef2cfefff monitored = 0 entry_point = 0x7fef2cf9a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 791 start_va = 0x7fef2d80000 end_va = 0x7fef2fd2fff monitored = 0 entry_point = 0x7fef2d8236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 792 start_va = 0x7fef3ae0000 end_va = 0x7fef3b24fff monitored = 0 entry_point = 0x7fef3b13644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 793 start_va = 0x7fef3b30000 end_va = 0x7fef3b41fff monitored = 0 entry_point = 0x7fef3b390bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 794 start_va = 0x7fef3b70000 end_va = 0x7fef3b79fff monitored = 0 entry_point = 0x7fef3b73994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 795 start_va = 0x7fef3b80000 end_va = 0x7fef3c51fff monitored = 0 entry_point = 0x7fef3c11a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 796 start_va = 0x7fef41f0000 end_va = 0x7fef420afff monitored = 0 entry_point = 0x7fef41f1198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 797 start_va = 0x7fef4670000 end_va = 0x7fef48e9fff monitored = 0 entry_point = 0x7fef46a2200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 798 start_va = 0x7fef48f0000 end_va = 0x7fef4906fff monitored = 0 entry_point = 0x7fef48f9d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 799 start_va = 0x7fef4c70000 end_va = 0x7fef4cb1fff monitored = 0 entry_point = 0x7fef4ca0048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 800 start_va = 0x7fef4cc0000 end_va = 0x7fef4cd9fff monitored = 0 entry_point = 0x7fef4cd1ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 801 start_va = 0x7fef4d00000 end_va = 0x7fef4d0efff monitored = 0 entry_point = 0x7fef4d06894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 802 start_va = 0x7fef60e0000 end_va = 0x7fef60fbfff monitored = 0 entry_point = 0x7fef60e11a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 803 start_va = 0x7fef6100000 end_va = 0x7fef6161fff monitored = 0 entry_point = 0x7fef6101198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 804 start_va = 0x7fef6170000 end_va = 0x7fef61a9fff monitored = 0 entry_point = 0x7fef6171010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 805 start_va = 0x7fef72b0000 end_va = 0x7fef739dfff monitored = 0 entry_point = 0x7fef72b12a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 806 start_va = 0x7fef9150000 end_va = 0x7fef9157fff monitored = 0 entry_point = 0x7fef9151414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 807 start_va = 0x7fef9160000 end_va = 0x7fef91d3fff monitored = 0 entry_point = 0x7fef91666f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 808 start_va = 0x7fef91e0000 end_va = 0x7fef924afff monitored = 0 entry_point = 0x7fef9224344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 809 start_va = 0x7fef9250000 end_va = 0x7fef92c0fff monitored = 0 entry_point = 0x7fef92951d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 810 start_va = 0x7fef92d0000 end_va = 0x7fef92e1fff monitored = 0 entry_point = 0x7fef92d89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 811 start_va = 0x7fef92f0000 end_va = 0x7fef93a4fff monitored = 0 entry_point = 0x7fef936cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 812 start_va = 0x7fef93b0000 end_va = 0x7fef9409fff monitored = 0 entry_point = 0x7fef93edde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 813 start_va = 0x7fef9410000 end_va = 0x7fef9430fff monitored = 0 entry_point = 0x7fef94203b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 814 start_va = 0x7fef9440000 end_va = 0x7fef9458fff monitored = 0 entry_point = 0x7fef9441104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 815 start_va = 0x7fef9460000 end_va = 0x7fef94affff monitored = 0 entry_point = 0x7fef9461190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 816 start_va = 0x7fef94b0000 end_va = 0x7fef94b7fff monitored = 0 entry_point = 0x7fef94b1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 817 start_va = 0x7fef94c0000 end_va = 0x7fef94d2fff monitored = 0 entry_point = 0x7fef94c1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 818 start_va = 0x7fef94e0000 end_va = 0x7fef9541fff monitored = 0 entry_point = 0x7fef951bd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 819 start_va = 0x7fef9550000 end_va = 0x7fef967bfff monitored = 0 entry_point = 0x7fef9600ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 820 start_va = 0x7fef9680000 end_va = 0x7fef9699fff monitored = 0 entry_point = 0x7fef9693fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 821 start_va = 0x7fef96a0000 end_va = 0x7fef9723fff monitored = 0 entry_point = 0x7fef96f1118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 822 start_va = 0x7fef9730000 end_va = 0x7fef9754fff monitored = 0 entry_point = 0x7fef9748c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 823 start_va = 0x7fef9760000 end_va = 0x7fef979cfff monitored = 0 entry_point = 0x7fef9761070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 824 start_va = 0x7fef97a0000 end_va = 0x7fef97adfff monitored = 0 entry_point = 0x7fef97a5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 825 start_va = 0x7fef97b0000 end_va = 0x7fef97d6fff monitored = 0 entry_point = 0x7fef97b11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 826 start_va = 0x7fef97e0000 end_va = 0x7fef98b2fff monitored = 0 entry_point = 0x7fef9858b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 827 start_va = 0x7fef9900000 end_va = 0x7fef9946fff monitored = 0 entry_point = 0x7fef9901040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 828 start_va = 0x7fef9950000 end_va = 0x7fef9991fff monitored = 0 entry_point = 0x7fef99517e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 829 start_va = 0x7fef99a0000 end_va = 0x7fef9a31fff monitored = 0 entry_point = 0x7fef9a151ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 830 start_va = 0x7fef9a40000 end_va = 0x7fef9ab6fff monitored = 0 entry_point = 0x7fef9a7e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 831 start_va = 0x7fef9ac0000 end_va = 0x7fef9af9fff monitored = 0 entry_point = 0x7fef9add020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 832 start_va = 0x7fef9db0000 end_va = 0x7fef9dc0fff monitored = 0 entry_point = 0x7fef9db9e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 833 start_va = 0x7fef9df0000 end_va = 0x7fef9e53fff monitored = 0 entry_point = 0x7fef9df1254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 834 start_va = 0x7fef9e60000 end_va = 0x7fef9ed0fff monitored = 0 entry_point = 0x7fef9e61010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 835 start_va = 0x7fef9fa0000 end_va = 0x7fef9fb6fff monitored = 0 entry_point = 0x7fef9fa1060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 836 start_va = 0x7fef9fc0000 end_va = 0x7fefa16ffff monitored = 0 entry_point = 0x7fef9fc1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 837 start_va = 0x7fefa1f0000 end_va = 0x7fefa1fbfff monitored = 0 entry_point = 0x7fefa1f602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 838 start_va = 0x7fefa370000 end_va = 0x7fefa378fff monitored = 0 entry_point = 0x7fefa3711a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 839 start_va = 0x7fefa580000 end_va = 0x7fefa5f6fff monitored = 0 entry_point = 0x7fefa58afd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 840 start_va = 0x7fefa600000 end_va = 0x7fefa609fff monitored = 0 entry_point = 0x7fefa60260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 841 start_va = 0x7fefa610000 end_va = 0x7fefa721fff monitored = 0 entry_point = 0x7fefa62f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 842 start_va = 0x7fefa730000 end_va = 0x7fefa73efff monitored = 0 entry_point = 0x7fefa737e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 843 start_va = 0x7fefa740000 end_va = 0x7fefa748fff monitored = 0 entry_point = 0x7fefa743668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 844 start_va = 0x7fefa750000 end_va = 0x7fefa758fff monitored = 0 entry_point = 0x7fefa751020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 845 start_va = 0x7fefa760000 end_va = 0x7fefa7b5fff monitored = 0 entry_point = 0x7fefa761040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 846 start_va = 0x7fefa7c0000 end_va = 0x7fefa81dfff monitored = 0 entry_point = 0x7fefa7c9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 847 start_va = 0x7fefa820000 end_va = 0x7fefa837fff monitored = 0 entry_point = 0x7fefa821bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 848 start_va = 0x7fefa840000 end_va = 0x7fefa850fff monitored = 0 entry_point = 0x7fefa8416ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 849 start_va = 0x7fefa870000 end_va = 0x7fefa8c2fff monitored = 0 entry_point = 0x7fefa872b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 850 start_va = 0x7fefae60000 end_va = 0x7fefae73fff monitored = 0 entry_point = 0x7fefae63e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 851 start_va = 0x7fefae80000 end_va = 0x7fefae8afff monitored = 0 entry_point = 0x7fefae81198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 852 start_va = 0x7fefae90000 end_va = 0x7fefaeb6fff monitored = 0 entry_point = 0x7fefae998bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 853 start_va = 0x7fefaec0000 end_va = 0x7fefaf26fff monitored = 0 entry_point = 0x7fefaed6060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 854 start_va = 0x7fefaf40000 end_va = 0x7fefaf4afff monitored = 0 entry_point = 0x7fefaf44f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 855 start_va = 0x7fefaf50000 end_va = 0x7fefaf5bfff monitored = 0 entry_point = 0x7fefaf515d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 856 start_va = 0x7fefaf60000 end_va = 0x7fefaf6ffff monitored = 0 entry_point = 0x7fefaf6835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 857 start_va = 0x7fefaf70000 end_va = 0x7fefaf88fff monitored = 0 entry_point = 0x7fefaf711a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 858 start_va = 0x7fefaf90000 end_va = 0x7fefafc6fff monitored = 0 entry_point = 0x7fefaf98424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 859 start_va = 0x7fefb010000 end_va = 0x7fefb024fff monitored = 0 entry_point = 0x7fefb0160d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 860 start_va = 0x7fefb030000 end_va = 0x7fefb0f1fff monitored = 0 entry_point = 0x7fefb03101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 861 start_va = 0x7fefb420000 end_va = 0x7fefb430fff monitored = 0 entry_point = 0x7fefb4214c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 862 start_va = 0x7fefb480000 end_va = 0x7fefb4f0fff monitored = 0 entry_point = 0x7fefb4becc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 863 start_va = 0x7fefb570000 end_va = 0x7fefb583fff monitored = 0 entry_point = 0x7fefb5716b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 864 start_va = 0x7fefb590000 end_va = 0x7fefb5a4fff monitored = 0 entry_point = 0x7fefb591050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 865 start_va = 0x7fefb5b0000 end_va = 0x7fefb5bbfff monitored = 0 entry_point = 0x7fefb5b18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 866 start_va = 0x7fefb5c0000 end_va = 0x7fefb5d5fff monitored = 0 entry_point = 0x7fefb5c11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 867 start_va = 0x7fefb6f0000 end_va = 0x7fefb700fff monitored = 0 entry_point = 0x7fefb6f1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 868 start_va = 0x7fefb850000 end_va = 0x7fefb884fff monitored = 0 entry_point = 0x7fefb851064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 869 start_va = 0x7fefbcc0000 end_va = 0x7fefbd15fff monitored = 0 entry_point = 0x7fefbccbbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 870 start_va = 0x7fefbd20000 end_va = 0x7fefbe4bfff monitored = 0 entry_point = 0x7fefbd294bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 871 start_va = 0x7fefbe50000 end_va = 0x7fefbe6cfff monitored = 0 entry_point = 0x7fefbe51ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 872 start_va = 0x7fefbea0000 end_va = 0x7fefc093fff monitored = 0 entry_point = 0x7fefc02c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 873 start_va = 0x7fefc390000 end_va = 0x7fefc3bcfff monitored = 0 entry_point = 0x7fefc391010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 874 start_va = 0x7fefc560000 end_va = 0x7fefc56bfff monitored = 0 entry_point = 0x7fefc561064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 875 start_va = 0x7fefc570000 end_va = 0x7fefc62afff monitored = 0 entry_point = 0x7fefc576de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 876 start_va = 0x7fefc630000 end_va = 0x7fefc636fff monitored = 0 entry_point = 0x7fefc6314b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 877 start_va = 0x7fefc720000 end_va = 0x7fefc73afff monitored = 0 entry_point = 0x7fefc722068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 878 start_va = 0x7fefc740000 end_va = 0x7fefc75dfff monitored = 0 entry_point = 0x7fefc7413b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 879 start_va = 0x7fefc760000 end_va = 0x7fefc771fff monitored = 0 entry_point = 0x7fefc761060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 880 start_va = 0x7fefc780000 end_va = 0x7fefc79efff monitored = 0 entry_point = 0x7fefc785c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 881 start_va = 0x7fefc850000 end_va = 0x7fefc888fff monitored = 0 entry_point = 0x7fefc85c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 882 start_va = 0x7fefc890000 end_va = 0x7fefc899fff monitored = 0 entry_point = 0x7fefc893cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 883 start_va = 0x7fefc8a0000 end_va = 0x7fefc8acfff monitored = 0 entry_point = 0x7fefc8a1348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 884 start_va = 0x7fefc990000 end_va = 0x7fefc9d6fff monitored = 0 entry_point = 0x7fefc991064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 885 start_va = 0x7fefca80000 end_va = 0x7fefcaaffff monitored = 0 entry_point = 0x7fefca8194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 886 start_va = 0x7fefcab0000 end_va = 0x7fefcb0afff monitored = 0 entry_point = 0x7fefcab6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 887 start_va = 0x7fefcc20000 end_va = 0x7fefcc26fff monitored = 0 entry_point = 0x7fefcc2142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 888 start_va = 0x7fefcc30000 end_va = 0x7fefcc84fff monitored = 0 entry_point = 0x7fefcc31054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 889 start_va = 0x7fefcc90000 end_va = 0x7fefcca7fff monitored = 0 entry_point = 0x7fefcc93b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 890 start_va = 0x7fefcda0000 end_va = 0x7fefcdd1fff monitored = 0 entry_point = 0x7fefcda144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 891 start_va = 0x7fefcde0000 end_va = 0x7fefcde7fff monitored = 0 entry_point = 0x7fefcde2a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 892 start_va = 0x7fefcdf0000 end_va = 0x7fefcdf9fff monitored = 0 entry_point = 0x7fefcdf3b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 893 start_va = 0x7fefce00000 end_va = 0x7fefce21fff monitored = 0 entry_point = 0x7fefce05d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 894 start_va = 0x7fefce80000 end_va = 0x7fefceaefff monitored = 0 entry_point = 0x7fefce81064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 895 start_va = 0x7fefcec0000 end_va = 0x7fefcf2cfff monitored = 0 entry_point = 0x7fefcec1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 896 start_va = 0x7fefcf30000 end_va = 0x7fefcf43fff monitored = 0 entry_point = 0x7fefcf34160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 897 start_va = 0x7fefd190000 end_va = 0x7fefd1b2fff monitored = 0 entry_point = 0x7fefd191198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 898 start_va = 0x7fefd230000 end_va = 0x7fefd23afff monitored = 0 entry_point = 0x7fefd231030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 899 start_va = 0x7fefd260000 end_va = 0x7fefd284fff monitored = 0 entry_point = 0x7fefd269658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 900 start_va = 0x7fefd290000 end_va = 0x7fefd29efff monitored = 0 entry_point = 0x7fefd291010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 901 start_va = 0x7fefd2a0000 end_va = 0x7fefd330fff monitored = 0 entry_point = 0x7fefd2a1440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 902 start_va = 0x7fefd340000 end_va = 0x7fefd37cfff monitored = 0 entry_point = 0x7fefd3418f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 903 start_va = 0x7fefd380000 end_va = 0x7fefd393fff monitored = 0 entry_point = 0x7fefd3810e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 904 start_va = 0x7fefd3a0000 end_va = 0x7fefd3aefff monitored = 0 entry_point = 0x7fefd3a19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 905 start_va = 0x7fefd440000 end_va = 0x7fefd44efff monitored = 0 entry_point = 0x7fefd441020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 906 start_va = 0x7fefd450000 end_va = 0x7fefd4bbfff monitored = 0 entry_point = 0x7fefd452780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 907 start_va = 0x7fefd560000 end_va = 0x7fefd59afff monitored = 0 entry_point = 0x7fefd561324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 908 start_va = 0x7fefd5a0000 end_va = 0x7fefd70cfff monitored = 0 entry_point = 0x7fefd5a10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 909 start_va = 0x7fefd710000 end_va = 0x7fefd729fff monitored = 0 entry_point = 0x7fefd711558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 910 start_va = 0x7fefd730000 end_va = 0x7fefd765fff monitored = 0 entry_point = 0x7fefd731474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 911 start_va = 0x7fefd770000 end_va = 0x7fefd79dfff monitored = 0 entry_point = 0x7fefd771010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 912 start_va = 0x7fefd9c0000 end_va = 0x7fefd9defff monitored = 0 entry_point = 0x7fefd9c60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 913 start_va = 0x7fefd9e0000 end_va = 0x7fefdbe2fff monitored = 0 entry_point = 0x7fefda03330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 914 start_va = 0x7fefdbf0000 end_va = 0x7fefe977fff monitored = 0 entry_point = 0x7fefdc6cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 915 start_va = 0x7fefe980000 end_va = 0x7fefeaacfff monitored = 0 entry_point = 0x7fefe9ced50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 916 start_va = 0x7fefeab0000 end_va = 0x7fefeb8afff monitored = 0 entry_point = 0x7fefead0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 917 start_va = 0x7fefeb90000 end_va = 0x7fefec2efff monitored = 0 entry_point = 0x7fefeb925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 918 start_va = 0x7fefec30000 end_va = 0x7fefec7cfff monitored = 0 entry_point = 0x7fefec31070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 919 start_va = 0x7fefec80000 end_va = 0x7fefed88fff monitored = 0 entry_point = 0x7fefec81064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 920 start_va = 0x7fefee10000 end_va = 0x7fefeee6fff monitored = 0 entry_point = 0x7fefee13274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 921 start_va = 0x7fefeef0000 end_va = 0x7feff0c6fff monitored = 0 entry_point = 0x7fefeef1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 922 start_va = 0x7feff0d0000 end_va = 0x7feff0d7fff monitored = 0 entry_point = 0x7feff0d1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 923 start_va = 0x7feff210000 end_va = 0x7feff261fff monitored = 0 entry_point = 0x7feff2110d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 924 start_va = 0x7feff270000 end_va = 0x7feff338fff monitored = 0 entry_point = 0x7feff2ea874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 925 start_va = 0x7feff340000 end_va = 0x7feff34dfff monitored = 0 entry_point = 0x7feff341080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 926 start_va = 0x7feff350000 end_va = 0x7feff3e8fff monitored = 0 entry_point = 0x7feff351c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 927 start_va = 0x7feff670000 end_va = 0x7feff6d6fff monitored = 0 entry_point = 0x7feff67b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 928 start_va = 0x7feff6e0000 end_va = 0x7feff750fff monitored = 0 entry_point = 0x7feff6f1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 929 start_va = 0x7feff770000 end_va = 0x7feff770fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 930 start_va = 0x7fffff4e000 end_va = 0x7fffff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4e000" filename = "" Region: id = 931 start_va = 0x7fffff50000 end_va = 0x7fffff51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 932 start_va = 0x7fffff52000 end_va = 0x7fffff53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 933 start_va = 0x7fffff54000 end_va = 0x7fffff55fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 934 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 935 start_va = 0x7fffff58000 end_va = 0x7fffff59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 936 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 937 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 938 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 939 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 940 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 941 start_va = 0x7fffff64000 end_va = 0x7fffff65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 942 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 943 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 944 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 945 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 946 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 947 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 948 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 949 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 950 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 951 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 952 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 953 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 954 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 955 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 956 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 957 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 958 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 959 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 960 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 961 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 962 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 963 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 964 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 965 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 966 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 967 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 968 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 969 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 970 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 971 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 972 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 973 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 974 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 975 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 976 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 977 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 978 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 979 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 980 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 981 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 982 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 983 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1056 start_va = 0x24e0000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 1057 start_va = 0x30f0000 end_va = 0x316ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 1058 start_va = 0x3250000 end_va = 0x32cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 1059 start_va = 0x3fd0000 end_va = 0x404ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 1060 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1061 start_va = 0x7fef3d30000 end_va = 0x7fef3f03fff monitored = 0 entry_point = 0x7fef3d66b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1062 start_va = 0x6c40000 end_va = 0x6d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c40000" filename = "" Region: id = 1063 start_va = 0x6d80000 end_va = 0x6f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d80000" filename = "" Region: id = 1064 start_va = 0x6d80000 end_va = 0x6e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d80000" filename = "" Region: id = 1065 start_va = 0x6ef0000 end_va = 0x6f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ef0000" filename = "" Region: id = 1066 start_va = 0x6f70000 end_va = 0x736ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f70000" filename = "" Region: id = 1067 start_va = 0x15a0000 end_va = 0x15a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1068 start_va = 0x1630000 end_va = 0x164ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 1069 start_va = 0x7fef8fc0000 end_va = 0x7fef903bfff monitored = 0 entry_point = 0x7fef8fc11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1070 start_va = 0x7370000 end_va = 0x75cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007370000" filename = "" Region: id = 1071 start_va = 0x1850000 end_va = 0x1852fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1072 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1073 start_va = 0x1420000 end_va = 0x142ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1074 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1075 start_va = 0x1420000 end_va = 0x142ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1076 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1077 start_va = 0x1420000 end_va = 0x142ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1078 start_va = 0x3020000 end_va = 0x30c9fff monitored = 0 entry_point = 0x3024104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1079 start_va = 0x18e0000 end_va = 0x18ecfff monitored = 0 entry_point = 0x18ea138 region_type = mapped_file name = "wuauclt.exe" filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe") Region: id = 1080 start_va = 0x75d0000 end_va = 0x781efff monitored = 0 entry_point = 0x75d236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1081 start_va = 0x18e0000 end_va = 0x18e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018e0000" filename = "" Region: id = 1082 start_va = 0x6e70000 end_va = 0x6eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e70000" filename = "" Region: id = 1083 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 1084 start_va = 0x18e0000 end_va = 0x18e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000018e0000" filename = "" Region: id = 1085 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1086 start_va = 0x1420000 end_va = 0x142ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1087 start_va = 0x12b0000 end_va = 0x12bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1268 start_va = 0x1df0000 end_va = 0x1e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 1269 start_va = 0x24a0000 end_va = 0x251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 1384 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1385 start_va = 0x2610000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Thread: id = 20 os_tid = 0xa60 Thread: id = 21 os_tid = 0x834 Thread: id = 22 os_tid = 0x830 Thread: id = 23 os_tid = 0x814 Thread: id = 24 os_tid = 0x808 Thread: id = 25 os_tid = 0x804 Thread: id = 26 os_tid = 0x680 Thread: id = 27 os_tid = 0x568 Thread: id = 28 os_tid = 0x3b4 Thread: id = 29 os_tid = 0x38c Thread: id = 30 os_tid = 0x6f8 Thread: id = 31 os_tid = 0x3fc Thread: id = 32 os_tid = 0xb8 Thread: id = 33 os_tid = 0x158 Thread: id = 34 os_tid = 0x620 Thread: id = 35 os_tid = 0x608 Thread: id = 36 os_tid = 0x450 Thread: id = 37 os_tid = 0x210 Thread: id = 38 os_tid = 0x358 Thread: id = 39 os_tid = 0x710 Thread: id = 40 os_tid = 0x750 Thread: id = 41 os_tid = 0x5a0 Thread: id = 42 os_tid = 0x5e8 Thread: id = 43 os_tid = 0x7fc Thread: id = 44 os_tid = 0x728 Thread: id = 45 os_tid = 0x6f4 Thread: id = 46 os_tid = 0x6d0 Thread: id = 47 os_tid = 0x6cc Thread: id = 48 os_tid = 0x6c8 Thread: id = 49 os_tid = 0x6c0 Thread: id = 50 os_tid = 0x670 Thread: id = 51 os_tid = 0x654 Thread: id = 52 os_tid = 0x62c Thread: id = 53 os_tid = 0x628 Thread: id = 54 os_tid = 0x5fc Thread: id = 55 os_tid = 0x5f0 Thread: id = 56 os_tid = 0x464 Thread: id = 57 os_tid = 0x460 Thread: id = 58 os_tid = 0x408 Thread: id = 59 os_tid = 0x404 Thread: id = 60 os_tid = 0x45c Thread: id = 61 os_tid = 0x458 Thread: id = 62 os_tid = 0x454 Thread: id = 63 os_tid = 0x138 Thread: id = 64 os_tid = 0x21c Thread: id = 65 os_tid = 0x3f8 Thread: id = 66 os_tid = 0x3ec Thread: id = 67 os_tid = 0x3e0 Thread: id = 68 os_tid = 0x384 Thread: id = 69 os_tid = 0x380 Thread: id = 70 os_tid = 0x374 Thread: id = 71 os_tid = 0x36c Thread: id = 73 os_tid = 0xa54 Thread: id = 74 os_tid = 0x388 Thread: id = 75 os_tid = 0xadc Thread: id = 76 os_tid = 0xa80 Thread: id = 77 os_tid = 0xa84 Thread: id = 78 os_tid = 0x874 Thread: id = 79 os_tid = 0x854 Thread: id = 104 os_tid = 0xb00 Thread: id = 105 os_tid = 0xafc Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xaf92000" os_pid = "0x2cc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c100" [0xc000000f], "LOCAL" [0x7] Region: id = 1094 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1095 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1096 start_va = 0x30000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1097 start_va = 0xb0000 end_va = 0xb3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 1098 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1099 start_va = 0xd0000 end_va = 0x136fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1100 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1101 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1102 start_va = 0x160000 end_va = 0x16cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1103 start_va = 0x170000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1104 start_va = 0x180000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1105 start_va = 0x280000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1106 start_va = 0x2a0000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1107 start_va = 0x3a0000 end_va = 0x527fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1108 start_va = 0x530000 end_va = 0x6b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1109 start_va = 0x6c0000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 1110 start_va = 0x780000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1111 start_va = 0x7c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1112 start_va = 0x840000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1113 start_va = 0x860000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1114 start_va = 0x880000 end_va = 0x880fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 1115 start_va = 0x890000 end_va = 0x891fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 1116 start_va = 0x8a0000 end_va = 0x8a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1117 start_va = 0x8b0000 end_va = 0x8b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 1118 start_va = 0x8c0000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 1119 start_va = 0x930000 end_va = 0x930fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 1120 start_va = 0x980000 end_va = 0x980fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 1121 start_va = 0x990000 end_va = 0x990fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 1122 start_va = 0x9a0000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 1123 start_va = 0x9b0000 end_va = 0x9b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 1124 start_va = 0x9c0000 end_va = 0x9c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 1125 start_va = 0xa50000 end_va = 0xacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 1126 start_va = 0xb70000 end_va = 0xe3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1127 start_va = 0xe40000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 1128 start_va = 0xf60000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1129 start_va = 0x1000000 end_va = 0x1007fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1130 start_va = 0x1010000 end_va = 0x1071fff monitored = 0 entry_point = 0x10208d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 1131 start_va = 0x10a0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 1132 start_va = 0x1120000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 1133 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 1134 start_va = 0x1170000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 1135 start_va = 0x11f0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 1136 start_va = 0x1320000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 1137 start_va = 0x13a0000 end_va = 0x141ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1138 start_va = 0x1540000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 1139 start_va = 0x1630000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 1140 start_va = 0x16b0000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 1141 start_va = 0x1750000 end_va = 0x17cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 1142 start_va = 0x1820000 end_va = 0x189ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 1143 start_va = 0x1910000 end_va = 0x198ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001910000" filename = "" Region: id = 1144 start_va = 0x19b0000 end_va = 0x1a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019b0000" filename = "" Region: id = 1145 start_va = 0x1a30000 end_va = 0x1c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a30000" filename = "" Region: id = 1146 start_va = 0x1c30000 end_va = 0x202ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 1147 start_va = 0x20a0000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 1148 start_va = 0x2170000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 1149 start_va = 0x21f0000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 1150 start_va = 0x22b0000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1151 start_va = 0x23d0000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1152 start_va = 0x2460000 end_va = 0x2862fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 1153 start_va = 0x2910000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 1154 start_va = 0x29c0000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 1155 start_va = 0x2b60000 end_va = 0x2bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 1156 start_va = 0x2c40000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 1157 start_va = 0x2cc0000 end_va = 0x2dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 1158 start_va = 0x2dc0000 end_va = 0x35bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dc0000" filename = "" Region: id = 1159 start_va = 0x77230000 end_va = 0x77329fff monitored = 0 entry_point = 0x7724a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1160 start_va = 0x77330000 end_va = 0x7744efff monitored = 0 entry_point = 0x77345340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1161 start_va = 0x77450000 end_va = 0x775f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1162 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1163 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1164 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1165 start_va = 0xff160000 end_va = 0xff16afff monitored = 0 entry_point = 0xff16246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1166 start_va = 0xff2b0000 end_va = 0xff311fff monitored = 0 entry_point = 0xff2c08d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 1167 start_va = 0xff680000 end_va = 0xff6d2fff monitored = 0 entry_point = 0xff693310 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 1168 start_va = 0x7fef3710000 end_va = 0x7fef37bdfff monitored = 0 entry_point = 0x7fef3714104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1169 start_va = 0x7fef3850000 end_va = 0x7fef3974fff monitored = 0 entry_point = 0x7fef38a1570 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 1170 start_va = 0x7fef41f0000 end_va = 0x7fef420afff monitored = 0 entry_point = 0x7fef41f1198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1171 start_va = 0x7fef4210000 end_va = 0x7fef422bfff monitored = 0 entry_point = 0x7fef4211060 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 1172 start_va = 0x7fef6bb0000 end_va = 0x7fef6bfefff monitored = 0 entry_point = 0x7fef6bb2760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1173 start_va = 0x7fef8de0000 end_va = 0x7fef8deafff monitored = 0 entry_point = 0x7fef8de12e0 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1174 start_va = 0x7fef8e00000 end_va = 0x7fef8e14fff monitored = 0 entry_point = 0x7fef8e012a0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1175 start_va = 0x7fef8e20000 end_va = 0x7fef8e38fff monitored = 0 entry_point = 0x7fef8e2177c region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1176 start_va = 0x7fef9150000 end_va = 0x7fef9157fff monitored = 0 entry_point = 0x7fef9151414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1177 start_va = 0x7fef94c0000 end_va = 0x7fef94d2fff monitored = 0 entry_point = 0x7fef94c1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1178 start_va = 0x7fef97a0000 end_va = 0x7fef97adfff monitored = 0 entry_point = 0x7fef97a5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1179 start_va = 0x7fef97b0000 end_va = 0x7fef97d6fff monitored = 0 entry_point = 0x7fef97b11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1180 start_va = 0x7fef97e0000 end_va = 0x7fef98b2fff monitored = 0 entry_point = 0x7fef9858b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1181 start_va = 0x7fef9a40000 end_va = 0x7fef9ab6fff monitored = 0 entry_point = 0x7fef9a7e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1182 start_va = 0x7fefa820000 end_va = 0x7fefa837fff monitored = 0 entry_point = 0x7fefa821bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1183 start_va = 0x7fefa840000 end_va = 0x7fefa850fff monitored = 0 entry_point = 0x7fefa8416ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1184 start_va = 0x7fefa870000 end_va = 0x7fefa8c2fff monitored = 0 entry_point = 0x7fefa872b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1185 start_va = 0x7fefa900000 end_va = 0x7fefa93afff monitored = 0 entry_point = 0x7fefa904520 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 1186 start_va = 0x7fefa940000 end_va = 0x7fefa990fff monitored = 0 entry_point = 0x7fefa94f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 1187 start_va = 0x7fefa9b0000 end_va = 0x7fefa9b7fff monitored = 0 entry_point = 0x7fefa9b284c region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 1188 start_va = 0x7fefa9c0000 end_va = 0x7fefa9c9fff monitored = 0 entry_point = 0x7fefa9c1adc region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 1189 start_va = 0x7fefae80000 end_va = 0x7fefae8afff monitored = 0 entry_point = 0x7fefae81198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1190 start_va = 0x7fefae90000 end_va = 0x7fefaeb6fff monitored = 0 entry_point = 0x7fefae998bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1191 start_va = 0x7fefb010000 end_va = 0x7fefb024fff monitored = 0 entry_point = 0x7fefb0160d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1192 start_va = 0x7fefb330000 end_va = 0x7fefb338fff monitored = 0 entry_point = 0x7fefb331010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1193 start_va = 0x7fefb340000 end_va = 0x7fefb36bfff monitored = 0 entry_point = 0x7fefb3415c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1194 start_va = 0x7fefb370000 end_va = 0x7fefb41bfff monitored = 0 entry_point = 0x7fefb386acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 1195 start_va = 0x7fefb590000 end_va = 0x7fefb5a4fff monitored = 0 entry_point = 0x7fefb591050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1196 start_va = 0x7fefb5b0000 end_va = 0x7fefb5bbfff monitored = 0 entry_point = 0x7fefb5b18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1197 start_va = 0x7fefb8b0000 end_va = 0x7fefb8fafff monitored = 0 entry_point = 0x7fefb8befcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1198 start_va = 0x7fefbd20000 end_va = 0x7fefbe4bfff monitored = 0 entry_point = 0x7fefbd294bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1199 start_va = 0x7fefc390000 end_va = 0x7fefc3bcfff monitored = 0 entry_point = 0x7fefc391010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1200 start_va = 0x7fefc3c0000 end_va = 0x7fefc555fff monitored = 0 entry_point = 0x7fefc3c78e4 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 1201 start_va = 0x7fefc560000 end_va = 0x7fefc56bfff monitored = 0 entry_point = 0x7fefc561064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1202 start_va = 0x7fefc570000 end_va = 0x7fefc62afff monitored = 0 entry_point = 0x7fefc576de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1203 start_va = 0x7fefc630000 end_va = 0x7fefc636fff monitored = 0 entry_point = 0x7fefc6314b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1204 start_va = 0x7fefc720000 end_va = 0x7fefc73afff monitored = 0 entry_point = 0x7fefc722068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1205 start_va = 0x7fefc740000 end_va = 0x7fefc75dfff monitored = 0 entry_point = 0x7fefc7413b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1206 start_va = 0x7fefc890000 end_va = 0x7fefc899fff monitored = 0 entry_point = 0x7fefc893cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1207 start_va = 0x7fefc990000 end_va = 0x7fefc9d6fff monitored = 0 entry_point = 0x7fefc991064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1208 start_va = 0x7fefcab0000 end_va = 0x7fefcb0afff monitored = 0 entry_point = 0x7fefcab6940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1209 start_va = 0x7fefcc20000 end_va = 0x7fefcc26fff monitored = 0 entry_point = 0x7fefcc2142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1210 start_va = 0x7fefcc30000 end_va = 0x7fefcc84fff monitored = 0 entry_point = 0x7fefcc31054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1211 start_va = 0x7fefcc90000 end_va = 0x7fefcca7fff monitored = 0 entry_point = 0x7fefcc93b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1212 start_va = 0x7fefce00000 end_va = 0x7fefce21fff monitored = 0 entry_point = 0x7fefce05d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1213 start_va = 0x7fefcec0000 end_va = 0x7fefcf2cfff monitored = 0 entry_point = 0x7fefcec1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1214 start_va = 0x7fefd230000 end_va = 0x7fefd23afff monitored = 0 entry_point = 0x7fefd231030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1215 start_va = 0x7fefd260000 end_va = 0x7fefd284fff monitored = 0 entry_point = 0x7fefd269658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1216 start_va = 0x7fefd290000 end_va = 0x7fefd29efff monitored = 0 entry_point = 0x7fefd291010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1217 start_va = 0x7fefd340000 end_va = 0x7fefd37cfff monitored = 0 entry_point = 0x7fefd3418f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1218 start_va = 0x7fefd380000 end_va = 0x7fefd393fff monitored = 0 entry_point = 0x7fefd3810e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1219 start_va = 0x7fefd3a0000 end_va = 0x7fefd3aefff monitored = 0 entry_point = 0x7fefd3a19b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1220 start_va = 0x7fefd440000 end_va = 0x7fefd44efff monitored = 0 entry_point = 0x7fefd441020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1221 start_va = 0x7fefd450000 end_va = 0x7fefd4bbfff monitored = 0 entry_point = 0x7fefd452780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1222 start_va = 0x7fefd560000 end_va = 0x7fefd59afff monitored = 0 entry_point = 0x7fefd561324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1223 start_va = 0x7fefd5a0000 end_va = 0x7fefd70cfff monitored = 0 entry_point = 0x7fefd5a10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1224 start_va = 0x7fefd710000 end_va = 0x7fefd729fff monitored = 0 entry_point = 0x7fefd711558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1225 start_va = 0x7fefd730000 end_va = 0x7fefd765fff monitored = 0 entry_point = 0x7fefd731474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1226 start_va = 0x7fefd770000 end_va = 0x7fefd79dfff monitored = 0 entry_point = 0x7fefd771010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1227 start_va = 0x7fefd9c0000 end_va = 0x7fefd9defff monitored = 0 entry_point = 0x7fefd9c60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1228 start_va = 0x7fefd9e0000 end_va = 0x7fefdbe2fff monitored = 0 entry_point = 0x7fefda03330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1229 start_va = 0x7fefe980000 end_va = 0x7fefeaacfff monitored = 0 entry_point = 0x7fefe9ced50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1230 start_va = 0x7fefeab0000 end_va = 0x7fefeb8afff monitored = 0 entry_point = 0x7fefead0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1231 start_va = 0x7fefeb90000 end_va = 0x7fefec2efff monitored = 0 entry_point = 0x7fefeb925a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1232 start_va = 0x7fefec30000 end_va = 0x7fefec7cfff monitored = 0 entry_point = 0x7fefec31070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1233 start_va = 0x7fefec80000 end_va = 0x7fefed88fff monitored = 0 entry_point = 0x7fefec81064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1234 start_va = 0x7fefee10000 end_va = 0x7fefeee6fff monitored = 0 entry_point = 0x7fefee13274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1235 start_va = 0x7fefeef0000 end_va = 0x7feff0c6fff monitored = 0 entry_point = 0x7fefeef1010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1236 start_va = 0x7feff0d0000 end_va = 0x7feff0d7fff monitored = 0 entry_point = 0x7feff0d1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1237 start_va = 0x7feff210000 end_va = 0x7feff261fff monitored = 0 entry_point = 0x7feff2110d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1238 start_va = 0x7feff270000 end_va = 0x7feff338fff monitored = 0 entry_point = 0x7feff2ea874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1239 start_va = 0x7feff340000 end_va = 0x7feff34dfff monitored = 0 entry_point = 0x7feff341080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1240 start_va = 0x7feff350000 end_va = 0x7feff3e8fff monitored = 0 entry_point = 0x7feff351c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1241 start_va = 0x7feff670000 end_va = 0x7feff6d6fff monitored = 0 entry_point = 0x7feff67b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1242 start_va = 0x7feff6e0000 end_va = 0x7feff750fff monitored = 0 entry_point = 0x7feff6f1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1243 start_va = 0x7feff770000 end_va = 0x7feff770fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1244 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1245 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 1246 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1247 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1248 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1249 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1250 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1251 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1252 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1253 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1254 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1255 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1256 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1257 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1258 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1259 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1260 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1261 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1262 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1263 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1264 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1265 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1266 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1267 start_va = 0x7fef7500000 end_va = 0x7fef767ffff monitored = 0 entry_point = 0x7fef75380d0 region_type = mapped_file name = "racengn.dll" filename = "\\Windows\\System32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll") Thread: id = 80 os_tid = 0xaf0 Thread: id = 81 os_tid = 0x5ac Thread: id = 82 os_tid = 0x310 Thread: id = 83 os_tid = 0x294 Thread: id = 84 os_tid = 0x23c Thread: id = 85 os_tid = 0x758 Thread: id = 86 os_tid = 0x7e4 Thread: id = 87 os_tid = 0x218 Thread: id = 88 os_tid = 0x7f4 Thread: id = 89 os_tid = 0x554 Thread: id = 90 os_tid = 0x550 Thread: id = 91 os_tid = 0x54c Thread: id = 92 os_tid = 0x424 Thread: id = 93 os_tid = 0x40c Thread: id = 94 os_tid = 0x3b8 Thread: id = 95 os_tid = 0x3b0 Thread: id = 96 os_tid = 0x3a0 Thread: id = 97 os_tid = 0x300 Thread: id = 98 os_tid = 0x2fc Thread: id = 99 os_tid = 0x2d4 Thread: id = 100 os_tid = 0x2d0 Thread: id = 101 os_tid = 0x880 Thread: id = 102 os_tid = 0xb08 Thread: id = 108 os_tid = 0x9f0