# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 22.09.2020 01:40:25.954 Process: id = "1" image_name = "mfo4ed9hfrpsso4o.exe" filename = "c:\\users\\fd1hvy\\desktop\\mfo4ed9hfrpsso4o.exe" page_root = "0x43e3a000" os_pid = "0x10c0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x560" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x10c4 [0105.902] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0107.714] RoInitialize () returned 0x1 [0107.714] RoUninitialize () returned 0x0 [0119.184] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x15413a8 [0120.089] EtwEventRegister (in: ProviderId=0x317a92c, EnableCallback=0x5690636, CallbackContext=0x0, RegHandle=0x317a908 | out: RegHandle=0x317a908) returned 0x0 [0120.101] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe.config", nBufferLength=0x105, lpBuffer=0x133e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe.config", lpFilePart=0x0) returned 0x33 [0120.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x133eb44) returned 1 [0120.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe.config" (normalized: "c:\\users\\fd1hvy\\desktop\\mfo4ed9hfrpsso4o.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x133ebc0 | out: lpFileInformation=0x133ebc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0120.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x133eb40) returned 1 [0120.603] SleepEx (dwMilliseconds=0xa21c, bAlertable=1) returned 0x0 [0132.840] GdiplusStartup (in: token=0x14c61a0, input=0x133d878, output=0x133d8c8 | out: token=0x14c61a0, output=0x133d8c8) returned 0x0 [0132.996] GdipLoadImageFromStream (stream=0x55f0030, image=0x133e370) returned 0x0 [0133.385] GdipImageForceValidation (image=0x5a61f08) returned 0x0 [0133.402] GdipGetImageType (image=0x5a61f08, type=0x133e36c) returned 0x0 [0133.402] GdipGetImageRawFormat (image=0x5a61f08, format=0x133e2e0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0133.461] GdipGetImageWidth (image=0x5a61f08, width=0x133e8c0) returned 0x0 [0133.463] GdipGetImageHeight (image=0x5a61f08, height=0x133e8c0) returned 0x0 [0133.467] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.467] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.471] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=0, color=0x133e88c) returned 0x0 [0133.486] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.486] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.486] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=1, color=0x133e88c) returned 0x0 [0133.490] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.490] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.490] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=2, color=0x133e88c) returned 0x0 [0133.491] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.491] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.491] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=3, color=0x133e88c) returned 0x0 [0133.491] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.491] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.491] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=4, color=0x133e88c) returned 0x0 [0133.491] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.491] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.491] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=5, color=0x133e88c) returned 0x0 [0133.491] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.491] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.491] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=6, color=0x133e88c) returned 0x0 [0133.491] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.491] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.492] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=7, color=0x133e88c) returned 0x0 [0133.492] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.492] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.492] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=8, color=0x133e88c) returned 0x0 [0133.492] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.492] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.492] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=9, color=0x133e88c) returned 0x0 [0133.492] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.492] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.492] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=10, color=0x133e88c) returned 0x0 [0133.492] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.492] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.492] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=11, color=0x133e88c) returned 0x0 [0133.492] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.493] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.493] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=12, color=0x133e88c) returned 0x0 [0133.493] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.493] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.493] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=13, color=0x133e88c) returned 0x0 [0133.493] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.493] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.493] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=14, color=0x133e88c) returned 0x0 [0133.493] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.493] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.493] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=15, color=0x133e88c) returned 0x0 [0133.493] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.493] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.493] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=16, color=0x133e88c) returned 0x0 [0133.494] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.494] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.494] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=17, color=0x133e88c) returned 0x0 [0133.494] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.494] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.494] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=18, color=0x133e88c) returned 0x0 [0133.494] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.494] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.494] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=19, color=0x133e88c) returned 0x0 [0133.494] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.494] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.494] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=20, color=0x133e88c) returned 0x0 [0133.494] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.494] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.494] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=21, color=0x133e88c) returned 0x0 [0133.495] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.495] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.495] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=22, color=0x133e88c) returned 0x0 [0133.495] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.495] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.495] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=23, color=0x133e88c) returned 0x0 [0133.495] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.495] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.495] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=24, color=0x133e88c) returned 0x0 [0133.495] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.495] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.495] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=25, color=0x133e88c) returned 0x0 [0133.495] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.495] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.495] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=26, color=0x133e88c) returned 0x0 [0133.496] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.496] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.496] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=27, color=0x133e88c) returned 0x0 [0133.496] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.496] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.496] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=28, color=0x133e88c) returned 0x0 [0133.496] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.496] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.496] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=29, color=0x133e88c) returned 0x0 [0133.496] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.496] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.496] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=30, color=0x133e88c) returned 0x0 [0133.496] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.496] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.496] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=31, color=0x133e88c) returned 0x0 [0133.497] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.497] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.497] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=32, color=0x133e88c) returned 0x0 [0133.497] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.497] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.497] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=33, color=0x133e88c) returned 0x0 [0133.497] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.497] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.497] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=34, color=0x133e88c) returned 0x0 [0133.497] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.497] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.497] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=35, color=0x133e88c) returned 0x0 [0133.497] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.498] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.498] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=36, color=0x133e88c) returned 0x0 [0133.498] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.498] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.498] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=37, color=0x133e88c) returned 0x0 [0133.498] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.498] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.498] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=38, color=0x133e88c) returned 0x0 [0133.498] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.498] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.498] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=39, color=0x133e88c) returned 0x0 [0133.498] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.498] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.498] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=40, color=0x133e88c) returned 0x0 [0133.498] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.498] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.498] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=41, color=0x133e88c) returned 0x0 [0133.499] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.499] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.499] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=42, color=0x133e88c) returned 0x0 [0133.499] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.499] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.499] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=43, color=0x133e88c) returned 0x0 [0133.499] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.499] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.499] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=44, color=0x133e88c) returned 0x0 [0133.499] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.499] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.499] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=45, color=0x133e88c) returned 0x0 [0133.499] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.499] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.499] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=46, color=0x133e88c) returned 0x0 [0133.500] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.500] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.500] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=47, color=0x133e88c) returned 0x0 [0133.500] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.500] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.500] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=48, color=0x133e88c) returned 0x0 [0133.500] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.500] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.500] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=49, color=0x133e88c) returned 0x0 [0133.500] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.500] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.500] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=50, color=0x133e88c) returned 0x0 [0133.500] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.500] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.500] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=51, color=0x133e88c) returned 0x0 [0133.500] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.501] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.501] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=52, color=0x133e88c) returned 0x0 [0133.501] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.501] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.501] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=53, color=0x133e88c) returned 0x0 [0133.501] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.501] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.501] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=54, color=0x133e88c) returned 0x0 [0133.501] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.501] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.501] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=55, color=0x133e88c) returned 0x0 [0133.501] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.501] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.501] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=56, color=0x133e88c) returned 0x0 [0133.501] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.501] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.501] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=57, color=0x133e88c) returned 0x0 [0133.502] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.502] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.502] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=58, color=0x133e88c) returned 0x0 [0133.502] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.502] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.502] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=59, color=0x133e88c) returned 0x0 [0133.502] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.502] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.502] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=60, color=0x133e88c) returned 0x0 [0133.502] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.502] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.502] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=61, color=0x133e88c) returned 0x0 [0133.502] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.502] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.502] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=62, color=0x133e88c) returned 0x0 [0133.502] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.502] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.502] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=63, color=0x133e88c) returned 0x0 [0133.503] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.503] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.503] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=64, color=0x133e88c) returned 0x0 [0133.503] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.503] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.503] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=65, color=0x133e88c) returned 0x0 [0133.503] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.503] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.503] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=66, color=0x133e88c) returned 0x0 [0133.503] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.503] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.503] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=67, color=0x133e88c) returned 0x0 [0133.503] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.503] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.503] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=68, color=0x133e88c) returned 0x0 [0133.503] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.503] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.503] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=69, color=0x133e88c) returned 0x0 [0133.504] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.504] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.504] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=70, color=0x133e88c) returned 0x0 [0133.504] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.504] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.504] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=71, color=0x133e88c) returned 0x0 [0133.504] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.504] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.504] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=72, color=0x133e88c) returned 0x0 [0133.504] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.504] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.504] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=73, color=0x133e88c) returned 0x0 [0133.504] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.504] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.504] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=74, color=0x133e88c) returned 0x0 [0133.504] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.505] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.505] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=75, color=0x133e88c) returned 0x0 [0133.505] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.505] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.505] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=76, color=0x133e88c) returned 0x0 [0133.505] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.505] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.505] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=77, color=0x133e88c) returned 0x0 [0133.505] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.505] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.505] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=78, color=0x133e88c) returned 0x0 [0133.505] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.505] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.505] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=79, color=0x133e88c) returned 0x0 [0133.505] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.505] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.550] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=80, color=0x133e88c) returned 0x0 [0133.550] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.550] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.550] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=81, color=0x133e88c) returned 0x0 [0133.550] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.550] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.550] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=82, color=0x133e88c) returned 0x0 [0133.550] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.550] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.550] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=83, color=0x133e88c) returned 0x0 [0133.550] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.550] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.550] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=84, color=0x133e88c) returned 0x0 [0133.551] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.551] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.551] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=85, color=0x133e88c) returned 0x0 [0133.551] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.551] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.551] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=86, color=0x133e88c) returned 0x0 [0133.551] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.551] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.551] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=87, color=0x133e88c) returned 0x0 [0133.551] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.551] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.551] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=88, color=0x133e88c) returned 0x0 [0133.551] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.551] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.551] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=89, color=0x133e88c) returned 0x0 [0133.551] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.552] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.552] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=90, color=0x133e88c) returned 0x0 [0133.552] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.552] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.552] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=91, color=0x133e88c) returned 0x0 [0133.552] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.552] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.552] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=92, color=0x133e88c) returned 0x0 [0133.552] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.552] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.552] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=93, color=0x133e88c) returned 0x0 [0133.552] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.552] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.552] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=94, color=0x133e88c) returned 0x0 [0133.552] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.552] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.552] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=95, color=0x133e88c) returned 0x0 [0133.552] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.552] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.552] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=96, color=0x133e88c) returned 0x0 [0133.553] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.553] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.553] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=97, color=0x133e88c) returned 0x0 [0133.553] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.553] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.553] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=98, color=0x133e88c) returned 0x0 [0133.553] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.553] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.553] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=99, color=0x133e88c) returned 0x0 [0133.553] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.553] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.553] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=100, color=0x133e88c) returned 0x0 [0133.553] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.553] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.553] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=101, color=0x133e88c) returned 0x0 [0133.554] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.554] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.554] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=102, color=0x133e88c) returned 0x0 [0133.554] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.554] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.554] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=103, color=0x133e88c) returned 0x0 [0133.554] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.554] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.554] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=104, color=0x133e88c) returned 0x0 [0133.554] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.554] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.554] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=105, color=0x133e88c) returned 0x0 [0133.554] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.554] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.554] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=106, color=0x133e88c) returned 0x0 [0133.554] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.554] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.554] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=107, color=0x133e88c) returned 0x0 [0133.554] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.554] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.555] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=108, color=0x133e88c) returned 0x0 [0133.555] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.555] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.555] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=109, color=0x133e88c) returned 0x0 [0133.555] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.555] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.555] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=110, color=0x133e88c) returned 0x0 [0133.555] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.555] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.555] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=111, color=0x133e88c) returned 0x0 [0133.555] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.555] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.555] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=112, color=0x133e88c) returned 0x0 [0133.555] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.555] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.555] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=113, color=0x133e88c) returned 0x0 [0133.556] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.556] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.556] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=114, color=0x133e88c) returned 0x0 [0133.556] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.556] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.556] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=115, color=0x133e88c) returned 0x0 [0133.556] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.556] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.556] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=116, color=0x133e88c) returned 0x0 [0133.556] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.556] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.556] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=117, color=0x133e88c) returned 0x0 [0133.556] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.556] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.556] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=118, color=0x133e88c) returned 0x0 [0133.556] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.556] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.557] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=119, color=0x133e88c) returned 0x0 [0133.557] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.557] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.557] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=120, color=0x133e88c) returned 0x0 [0133.557] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.557] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.557] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=121, color=0x133e88c) returned 0x0 [0133.557] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.557] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.557] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=122, color=0x133e88c) returned 0x0 [0133.557] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.557] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.557] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=123, color=0x133e88c) returned 0x0 [0133.557] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.557] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.557] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=124, color=0x133e88c) returned 0x0 [0133.557] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.557] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.557] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=125, color=0x133e88c) returned 0x0 [0133.557] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.557] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.557] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=126, color=0x133e88c) returned 0x0 [0133.557] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=127, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=128, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=129, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=130, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=131, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=132, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=133, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=134, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.558] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.558] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=135, color=0x133e88c) returned 0x0 [0133.558] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=136, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=137, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=138, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=139, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=140, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=141, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=142, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=143, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.559] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=144, color=0x133e88c) returned 0x0 [0133.559] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.559] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=145, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.560] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=146, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.560] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=147, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.560] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=148, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.560] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=149, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.560] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=150, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.560] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=151, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.560] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=152, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.560] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.560] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=153, color=0x133e88c) returned 0x0 [0133.560] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=154, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=155, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=156, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=157, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=158, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=159, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=160, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=161, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.561] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.561] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=162, color=0x133e88c) returned 0x0 [0133.561] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=163, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=164, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=165, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=166, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=167, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=168, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=169, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=170, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.562] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.562] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=171, color=0x133e88c) returned 0x0 [0133.562] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=172, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=173, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=174, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=175, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=176, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=177, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=178, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=179, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.563] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=180, color=0x133e88c) returned 0x0 [0133.563] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.563] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=181, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=182, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=183, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=184, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=185, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=186, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=187, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=188, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.564] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=189, color=0x133e88c) returned 0x0 [0133.564] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.564] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=190, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=191, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=192, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=193, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=194, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=195, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=196, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=197, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=198, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.565] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.565] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=199, color=0x133e88c) returned 0x0 [0133.565] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=200, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=201, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=202, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=203, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=204, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=205, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=206, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=207, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.566] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=208, color=0x133e88c) returned 0x0 [0133.566] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.566] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=209, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.567] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=210, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.567] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=211, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.567] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=212, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.567] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=213, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.567] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=214, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.567] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=215, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.567] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=216, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.567] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.567] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=217, color=0x133e88c) returned 0x0 [0133.567] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.568] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=218, color=0x133e88c) returned 0x0 [0133.568] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.568] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=219, color=0x133e88c) returned 0x0 [0133.568] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.568] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=220, color=0x133e88c) returned 0x0 [0133.568] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.568] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=221, color=0x133e88c) returned 0x0 [0133.568] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.568] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=222, color=0x133e88c) returned 0x0 [0133.568] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.568] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=223, color=0x133e88c) returned 0x0 [0133.568] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.568] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=224, color=0x133e88c) returned 0x0 [0133.568] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.568] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=225, color=0x133e88c) returned 0x0 [0133.568] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.568] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=226, color=0x133e88c) returned 0x0 [0133.569] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.569] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=227, color=0x133e88c) returned 0x0 [0133.569] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.569] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=228, color=0x133e88c) returned 0x0 [0133.569] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.569] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=229, color=0x133e88c) returned 0x0 [0133.569] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.569] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=230, color=0x133e88c) returned 0x0 [0133.569] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.569] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=231, color=0x133e88c) returned 0x0 [0133.569] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.569] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=232, color=0x133e88c) returned 0x0 [0133.569] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.569] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=233, color=0x133e88c) returned 0x0 [0133.569] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.569] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.569] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=234, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=235, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=236, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=237, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=238, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=239, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=240, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=241, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=242, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.570] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.570] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=243, color=0x133e88c) returned 0x0 [0133.570] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.571] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.571] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=244, color=0x133e88c) returned 0x0 [0133.571] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.571] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.571] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=245, color=0x133e88c) returned 0x0 [0133.571] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.571] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.571] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=246, color=0x133e88c) returned 0x0 [0133.571] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.571] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.571] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=247, color=0x133e88c) returned 0x0 [0133.571] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.571] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.571] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=248, color=0x133e88c) returned 0x0 [0133.571] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.571] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.571] GdipBitmapGetPixel (bitmap=0x5a61f08, x=0, y=249, color=0x133e88c) returned 0x0 [0133.747] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.747] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.747] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=232, color=0x133e88c) returned 0x0 [0133.747] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.747] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.747] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=233, color=0x133e88c) returned 0x0 [0133.747] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.747] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.748] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=234, color=0x133e88c) returned 0x0 [0133.748] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.748] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.748] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=235, color=0x133e88c) returned 0x0 [0133.748] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.748] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.748] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=236, color=0x133e88c) returned 0x0 [0133.748] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.748] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.748] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=237, color=0x133e88c) returned 0x0 [0133.748] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.748] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.748] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=238, color=0x133e88c) returned 0x0 [0133.748] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.749] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.749] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=239, color=0x133e88c) returned 0x0 [0133.749] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.749] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.749] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=240, color=0x133e88c) returned 0x0 [0133.749] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.749] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.749] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=241, color=0x133e88c) returned 0x0 [0133.749] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.749] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.749] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=242, color=0x133e88c) returned 0x0 [0133.749] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.749] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.749] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=243, color=0x133e88c) returned 0x0 [0133.750] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.750] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.750] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=244, color=0x133e88c) returned 0x0 [0133.750] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.750] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.750] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=245, color=0x133e88c) returned 0x0 [0133.750] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.750] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.750] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=246, color=0x133e88c) returned 0x0 [0133.750] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.750] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.750] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=247, color=0x133e88c) returned 0x0 [0133.750] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.750] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.750] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=248, color=0x133e88c) returned 0x0 [0133.751] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.751] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.751] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=249, color=0x133e88c) returned 0x0 [0133.751] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.751] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.751] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=250, color=0x133e88c) returned 0x0 [0133.751] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.751] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.751] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=251, color=0x133e88c) returned 0x0 [0133.751] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.751] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.751] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=252, color=0x133e88c) returned 0x0 [0133.751] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.751] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.752] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=253, color=0x133e88c) returned 0x0 [0133.752] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.752] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.752] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=254, color=0x133e88c) returned 0x0 [0133.752] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.752] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.752] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=255, color=0x133e88c) returned 0x0 [0133.752] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.752] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.752] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=256, color=0x133e88c) returned 0x0 [0133.752] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.752] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.752] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=257, color=0x133e88c) returned 0x0 [0133.752] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.752] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.753] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=258, color=0x133e88c) returned 0x0 [0133.753] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.753] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.753] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=259, color=0x133e88c) returned 0x0 [0133.753] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.753] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.753] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=260, color=0x133e88c) returned 0x0 [0133.753] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.753] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.753] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=261, color=0x133e88c) returned 0x0 [0133.753] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.753] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.753] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=262, color=0x133e88c) returned 0x0 [0133.753] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.754] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.754] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=263, color=0x133e88c) returned 0x0 [0133.754] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.754] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.754] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=264, color=0x133e88c) returned 0x0 [0133.754] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.754] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.754] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=265, color=0x133e88c) returned 0x0 [0133.754] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.754] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.754] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=266, color=0x133e88c) returned 0x0 [0133.754] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.754] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.754] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=267, color=0x133e88c) returned 0x0 [0133.754] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.755] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.755] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=268, color=0x133e88c) returned 0x0 [0133.755] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.755] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.755] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=269, color=0x133e88c) returned 0x0 [0133.755] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.755] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.755] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=270, color=0x133e88c) returned 0x0 [0133.755] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.755] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.755] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=271, color=0x133e88c) returned 0x0 [0133.755] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.755] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.756] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=272, color=0x133e88c) returned 0x0 [0133.756] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.756] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.756] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=273, color=0x133e88c) returned 0x0 [0133.757] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.757] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.757] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=274, color=0x133e88c) returned 0x0 [0133.757] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.757] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.757] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=275, color=0x133e88c) returned 0x0 [0133.757] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.757] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.757] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=276, color=0x133e88c) returned 0x0 [0133.757] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.757] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.757] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=277, color=0x133e88c) returned 0x0 [0133.757] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.757] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.758] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=278, color=0x133e88c) returned 0x0 [0133.758] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.758] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.758] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=279, color=0x133e88c) returned 0x0 [0133.758] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.758] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.758] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=280, color=0x133e88c) returned 0x0 [0133.758] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.758] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.758] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=281, color=0x133e88c) returned 0x0 [0133.758] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.758] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.758] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=282, color=0x133e88c) returned 0x0 [0133.758] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.758] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.759] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=283, color=0x133e88c) returned 0x0 [0133.759] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.759] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.759] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=284, color=0x133e88c) returned 0x0 [0133.759] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.759] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.759] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=285, color=0x133e88c) returned 0x0 [0133.759] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.759] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.759] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=286, color=0x133e88c) returned 0x0 [0133.759] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.759] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.759] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=287, color=0x133e88c) returned 0x0 [0133.759] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.760] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.760] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=288, color=0x133e88c) returned 0x0 [0133.760] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.760] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.760] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=289, color=0x133e88c) returned 0x0 [0133.760] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.760] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.760] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=290, color=0x133e88c) returned 0x0 [0133.760] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.760] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.760] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=291, color=0x133e88c) returned 0x0 [0133.760] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.760] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.760] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=292, color=0x133e88c) returned 0x0 [0133.760] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.761] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.761] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=293, color=0x133e88c) returned 0x0 [0133.761] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.761] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.761] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=294, color=0x133e88c) returned 0x0 [0133.761] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.761] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.761] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=295, color=0x133e88c) returned 0x0 [0133.761] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.761] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.761] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=296, color=0x133e88c) returned 0x0 [0133.761] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.761] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.761] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=297, color=0x133e88c) returned 0x0 [0133.762] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.762] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.762] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=298, color=0x133e88c) returned 0x0 [0133.762] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.762] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.762] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=299, color=0x133e88c) returned 0x0 [0133.762] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.762] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.762] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=300, color=0x133e88c) returned 0x0 [0133.762] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.762] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.762] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=301, color=0x133e88c) returned 0x0 [0133.762] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.762] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.762] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=302, color=0x133e88c) returned 0x0 [0133.762] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.762] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.762] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=303, color=0x133e88c) returned 0x0 [0133.763] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.763] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.763] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=304, color=0x133e88c) returned 0x0 [0133.763] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.763] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.763] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=305, color=0x133e88c) returned 0x0 [0133.763] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.763] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.763] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=306, color=0x133e88c) returned 0x0 [0133.763] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.763] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.763] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=307, color=0x133e88c) returned 0x0 [0133.763] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.763] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.764] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=308, color=0x133e88c) returned 0x0 [0133.764] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.764] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.764] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=309, color=0x133e88c) returned 0x0 [0133.764] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.764] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.764] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=310, color=0x133e88c) returned 0x0 [0133.764] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.764] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.764] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=311, color=0x133e88c) returned 0x0 [0133.764] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.764] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.764] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=312, color=0x133e88c) returned 0x0 [0133.764] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.765] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.765] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=313, color=0x133e88c) returned 0x0 [0133.765] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.765] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.765] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=314, color=0x133e88c) returned 0x0 [0133.765] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.765] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.765] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=315, color=0x133e88c) returned 0x0 [0133.765] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.765] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.765] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=316, color=0x133e88c) returned 0x0 [0133.765] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.765] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.765] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=317, color=0x133e88c) returned 0x0 [0133.765] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.765] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.765] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=318, color=0x133e88c) returned 0x0 [0133.765] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.765] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.765] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=319, color=0x133e88c) returned 0x0 [0133.766] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.766] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.766] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=320, color=0x133e88c) returned 0x0 [0133.766] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.766] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.766] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=321, color=0x133e88c) returned 0x0 [0133.766] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.766] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.766] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=322, color=0x133e88c) returned 0x0 [0133.766] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.766] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.766] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=323, color=0x133e88c) returned 0x0 [0133.766] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.766] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.766] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=324, color=0x133e88c) returned 0x0 [0133.766] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.766] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.766] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=325, color=0x133e88c) returned 0x0 [0133.766] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.766] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.766] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=326, color=0x133e88c) returned 0x0 [0133.766] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.767] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.767] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=327, color=0x133e88c) returned 0x0 [0133.767] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.767] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.767] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=328, color=0x133e88c) returned 0x0 [0133.767] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.767] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.767] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=329, color=0x133e88c) returned 0x0 [0133.767] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.767] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.767] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=330, color=0x133e88c) returned 0x0 [0133.767] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.767] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.767] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=331, color=0x133e88c) returned 0x0 [0133.767] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.767] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.767] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=332, color=0x133e88c) returned 0x0 [0133.767] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.767] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.767] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=333, color=0x133e88c) returned 0x0 [0133.767] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.767] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.768] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=334, color=0x133e88c) returned 0x0 [0133.768] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.768] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.768] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=335, color=0x133e88c) returned 0x0 [0133.768] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.768] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.768] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=336, color=0x133e88c) returned 0x0 [0133.768] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.768] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.768] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=337, color=0x133e88c) returned 0x0 [0133.768] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.768] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.768] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=338, color=0x133e88c) returned 0x0 [0133.768] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.768] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.768] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=339, color=0x133e88c) returned 0x0 [0133.768] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.768] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.768] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=340, color=0x133e88c) returned 0x0 [0133.768] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.768] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.768] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=341, color=0x133e88c) returned 0x0 [0133.769] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.769] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.769] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=342, color=0x133e88c) returned 0x0 [0133.769] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.769] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.769] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=343, color=0x133e88c) returned 0x0 [0133.769] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.769] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.769] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=344, color=0x133e88c) returned 0x0 [0133.769] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.769] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.769] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=345, color=0x133e88c) returned 0x0 [0133.769] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.769] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.769] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=346, color=0x133e88c) returned 0x0 [0133.769] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.769] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.769] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=347, color=0x133e88c) returned 0x0 [0133.769] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.769] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.769] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=348, color=0x133e88c) returned 0x0 [0133.769] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.769] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.770] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=349, color=0x133e88c) returned 0x0 [0133.770] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.770] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.770] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=350, color=0x133e88c) returned 0x0 [0133.770] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.770] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.770] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=351, color=0x133e88c) returned 0x0 [0133.770] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.770] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.770] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=352, color=0x133e88c) returned 0x0 [0133.770] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.770] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.770] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=353, color=0x133e88c) returned 0x0 [0133.770] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.770] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.770] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=354, color=0x133e88c) returned 0x0 [0133.770] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.770] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.770] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=355, color=0x133e88c) returned 0x0 [0133.770] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.770] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.771] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=356, color=0x133e88c) returned 0x0 [0133.771] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.771] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.771] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=357, color=0x133e88c) returned 0x0 [0133.771] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.771] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.771] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=358, color=0x133e88c) returned 0x0 [0133.771] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.771] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.771] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=359, color=0x133e88c) returned 0x0 [0133.771] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.771] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.771] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=360, color=0x133e88c) returned 0x0 [0133.771] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.771] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.866] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=361, color=0x133e88c) returned 0x0 [0133.866] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.866] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.866] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=362, color=0x133e88c) returned 0x0 [0133.866] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.866] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.866] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=363, color=0x133e88c) returned 0x0 [0133.867] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.867] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.867] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=364, color=0x133e88c) returned 0x0 [0133.867] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.867] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.867] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=365, color=0x133e88c) returned 0x0 [0133.867] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.867] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.867] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=366, color=0x133e88c) returned 0x0 [0133.867] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.867] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.867] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=367, color=0x133e88c) returned 0x0 [0133.867] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.867] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.867] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=368, color=0x133e88c) returned 0x0 [0133.867] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.867] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.867] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=369, color=0x133e88c) returned 0x0 [0133.867] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.867] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.867] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=370, color=0x133e88c) returned 0x0 [0133.867] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.867] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.867] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=371, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.868] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.868] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=372, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.868] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.868] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=373, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.868] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.868] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=374, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.868] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.868] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=375, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.868] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.868] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=376, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.868] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.868] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=377, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.868] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.868] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=378, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.868] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.868] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=379, color=0x133e88c) returned 0x0 [0133.868] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=380, color=0x133e88c) returned 0x0 [0133.869] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=381, color=0x133e88c) returned 0x0 [0133.869] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=382, color=0x133e88c) returned 0x0 [0133.869] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=383, color=0x133e88c) returned 0x0 [0133.869] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=384, color=0x133e88c) returned 0x0 [0133.869] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=385, color=0x133e88c) returned 0x0 [0133.869] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=386, color=0x133e88c) returned 0x0 [0133.869] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=387, color=0x133e88c) returned 0x0 [0133.869] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.869] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.869] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=388, color=0x133e88c) returned 0x0 [0133.870] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.870] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.870] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=389, color=0x133e88c) returned 0x0 [0133.870] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.870] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.870] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=390, color=0x133e88c) returned 0x0 [0133.870] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.870] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.870] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=391, color=0x133e88c) returned 0x0 [0133.870] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.870] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.870] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=392, color=0x133e88c) returned 0x0 [0133.870] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.870] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.873] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=393, color=0x133e88c) returned 0x0 [0133.873] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.873] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.873] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=394, color=0x133e88c) returned 0x0 [0133.873] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.873] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.873] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=395, color=0x133e88c) returned 0x0 [0133.873] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.873] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.873] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=396, color=0x133e88c) returned 0x0 [0133.873] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.873] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.873] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=397, color=0x133e88c) returned 0x0 [0133.873] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.873] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.873] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=398, color=0x133e88c) returned 0x0 [0133.873] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.873] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.873] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=399, color=0x133e88c) returned 0x0 [0133.873] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.873] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.873] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=400, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=401, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=402, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=403, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=404, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=405, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=406, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=407, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=408, color=0x133e88c) returned 0x0 [0133.874] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.874] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.874] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=409, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=410, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=411, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=412, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=413, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=414, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=415, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=416, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=417, color=0x133e88c) returned 0x0 [0133.875] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.875] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.875] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=418, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=419, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=420, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=421, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=422, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=423, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=424, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=425, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=426, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.876] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.876] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=427, color=0x133e88c) returned 0x0 [0133.876] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=428, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=429, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=430, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=431, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=432, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=433, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=434, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=435, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=436, color=0x133e88c) returned 0x0 [0133.877] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.877] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.877] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=437, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=438, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=439, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=440, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=441, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=442, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=443, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=444, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=445, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.878] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.878] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=446, color=0x133e88c) returned 0x0 [0133.878] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=447, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=448, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=449, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=450, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=451, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=452, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=453, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=454, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.879] GdipBitmapGetPixel (bitmap=0x5a61f08, x=122, y=455, color=0x133e88c) returned 0x0 [0133.879] GdipGetImageHeight (image=0x5a61f08, height=0x133e8c0) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.880] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.880] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=0, color=0x133e88c) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.880] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.880] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=1, color=0x133e88c) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.880] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.880] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=2, color=0x133e88c) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.880] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.880] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=3, color=0x133e88c) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.880] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.880] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=4, color=0x133e88c) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.880] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.880] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=5, color=0x133e88c) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.880] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.880] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=6, color=0x133e88c) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.880] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.880] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=7, color=0x133e88c) returned 0x0 [0133.880] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.928] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.928] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=8, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=9, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=10, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=11, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=12, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=13, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=14, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=15, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=16, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.929] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.929] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=17, color=0x133e88c) returned 0x0 [0133.929] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.930] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.930] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=18, color=0x133e88c) returned 0x0 [0133.930] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.930] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.930] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=19, color=0x133e88c) returned 0x0 [0133.930] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.930] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.930] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=20, color=0x133e88c) returned 0x0 [0133.930] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.930] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.930] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=21, color=0x133e88c) returned 0x0 [0133.930] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.930] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.930] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=22, color=0x133e88c) returned 0x0 [0133.930] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.930] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0133.930] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=23, color=0x133e88c) returned 0x0 [0133.930] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0133.930] GdipBitmapGetPixel (bitmap=0x5a61f08, x=123, y=24, color=0x133e88c) returned 0x0 [0134.154] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.154] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.154] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=265, color=0x133e88c) returned 0x0 [0134.154] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.154] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.154] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=266, color=0x133e88c) returned 0x0 [0134.154] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.155] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.155] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=267, color=0x133e88c) returned 0x0 [0134.155] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.155] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.155] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=268, color=0x133e88c) returned 0x0 [0134.155] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.155] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.155] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=269, color=0x133e88c) returned 0x0 [0134.155] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.155] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.155] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=270, color=0x133e88c) returned 0x0 [0134.155] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.155] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.155] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=271, color=0x133e88c) returned 0x0 [0134.155] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.156] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.156] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=272, color=0x133e88c) returned 0x0 [0134.156] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.156] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.156] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=273, color=0x133e88c) returned 0x0 [0134.156] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.156] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.156] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=274, color=0x133e88c) returned 0x0 [0134.156] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.156] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.156] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=275, color=0x133e88c) returned 0x0 [0134.156] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.156] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.156] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=276, color=0x133e88c) returned 0x0 [0134.156] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.157] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.157] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=277, color=0x133e88c) returned 0x0 [0134.157] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.157] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.157] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=278, color=0x133e88c) returned 0x0 [0134.157] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.157] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.157] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=279, color=0x133e88c) returned 0x0 [0134.157] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.157] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.157] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=280, color=0x133e88c) returned 0x0 [0134.157] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.157] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.157] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=281, color=0x133e88c) returned 0x0 [0134.158] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.158] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.158] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=282, color=0x133e88c) returned 0x0 [0134.158] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.158] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.158] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=283, color=0x133e88c) returned 0x0 [0134.158] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.158] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.158] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=284, color=0x133e88c) returned 0x0 [0134.158] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.158] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.158] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=285, color=0x133e88c) returned 0x0 [0134.158] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.158] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.158] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=286, color=0x133e88c) returned 0x0 [0134.158] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.158] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.159] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=287, color=0x133e88c) returned 0x0 [0134.159] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.159] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.159] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=288, color=0x133e88c) returned 0x0 [0134.159] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.159] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.159] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=289, color=0x133e88c) returned 0x0 [0134.159] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.159] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.159] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=290, color=0x133e88c) returned 0x0 [0134.159] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.159] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.159] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=291, color=0x133e88c) returned 0x0 [0134.159] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.159] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.159] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=292, color=0x133e88c) returned 0x0 [0134.160] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.160] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.160] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=293, color=0x133e88c) returned 0x0 [0134.160] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.160] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.160] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=294, color=0x133e88c) returned 0x0 [0134.160] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.160] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.160] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=295, color=0x133e88c) returned 0x0 [0134.160] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.160] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.160] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=296, color=0x133e88c) returned 0x0 [0134.160] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.160] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.160] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=297, color=0x133e88c) returned 0x0 [0134.160] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.160] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.160] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=298, color=0x133e88c) returned 0x0 [0134.161] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.161] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.161] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=299, color=0x133e88c) returned 0x0 [0134.161] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.161] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.161] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=300, color=0x133e88c) returned 0x0 [0134.161] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.161] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.161] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=301, color=0x133e88c) returned 0x0 [0134.161] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.161] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.161] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=302, color=0x133e88c) returned 0x0 [0134.161] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.161] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.161] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=303, color=0x133e88c) returned 0x0 [0134.161] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.161] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.161] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=304, color=0x133e88c) returned 0x0 [0134.162] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.162] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.209] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=305, color=0x133e88c) returned 0x0 [0134.209] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.209] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.209] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=306, color=0x133e88c) returned 0x0 [0134.210] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.210] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.210] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=307, color=0x133e88c) returned 0x0 [0134.210] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.210] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.210] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=308, color=0x133e88c) returned 0x0 [0134.210] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.210] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.210] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=309, color=0x133e88c) returned 0x0 [0134.210] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.210] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.210] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=310, color=0x133e88c) returned 0x0 [0134.210] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.210] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.210] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=311, color=0x133e88c) returned 0x0 [0134.210] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.210] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.210] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=312, color=0x133e88c) returned 0x0 [0134.211] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.211] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.211] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=313, color=0x133e88c) returned 0x0 [0134.211] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.211] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.211] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=314, color=0x133e88c) returned 0x0 [0134.211] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.211] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.211] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=315, color=0x133e88c) returned 0x0 [0134.211] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.211] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.211] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=316, color=0x133e88c) returned 0x0 [0134.211] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.211] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.211] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=317, color=0x133e88c) returned 0x0 [0134.211] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.211] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.211] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=318, color=0x133e88c) returned 0x0 [0134.212] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.212] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.212] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=319, color=0x133e88c) returned 0x0 [0134.212] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.212] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.212] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=320, color=0x133e88c) returned 0x0 [0134.212] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.212] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.212] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=321, color=0x133e88c) returned 0x0 [0134.212] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.212] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.212] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=322, color=0x133e88c) returned 0x0 [0134.212] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.212] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.212] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=323, color=0x133e88c) returned 0x0 [0134.212] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.212] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.212] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=324, color=0x133e88c) returned 0x0 [0134.212] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.213] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.213] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=325, color=0x133e88c) returned 0x0 [0134.213] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.213] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.213] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=326, color=0x133e88c) returned 0x0 [0134.213] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.213] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.213] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=327, color=0x133e88c) returned 0x0 [0134.213] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.213] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.213] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=328, color=0x133e88c) returned 0x0 [0134.213] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.213] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.213] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=329, color=0x133e88c) returned 0x0 [0134.213] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.213] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.213] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=330, color=0x133e88c) returned 0x0 [0134.214] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.214] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.214] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=331, color=0x133e88c) returned 0x0 [0134.214] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.214] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.214] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=332, color=0x133e88c) returned 0x0 [0134.214] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.214] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.214] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=333, color=0x133e88c) returned 0x0 [0134.214] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.214] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.214] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=334, color=0x133e88c) returned 0x0 [0134.214] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.214] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.214] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=335, color=0x133e88c) returned 0x0 [0134.214] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.214] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.214] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=336, color=0x133e88c) returned 0x0 [0134.215] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.215] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.215] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=337, color=0x133e88c) returned 0x0 [0134.215] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.215] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.215] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=338, color=0x133e88c) returned 0x0 [0134.215] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.215] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.215] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=339, color=0x133e88c) returned 0x0 [0134.215] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.215] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.215] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=340, color=0x133e88c) returned 0x0 [0134.215] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.215] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.215] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=341, color=0x133e88c) returned 0x0 [0134.215] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.215] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.215] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=342, color=0x133e88c) returned 0x0 [0134.215] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.216] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.216] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=343, color=0x133e88c) returned 0x0 [0134.216] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.216] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.216] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=344, color=0x133e88c) returned 0x0 [0134.216] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.216] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.216] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=345, color=0x133e88c) returned 0x0 [0134.216] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.216] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.216] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=346, color=0x133e88c) returned 0x0 [0134.216] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.216] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.216] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=347, color=0x133e88c) returned 0x0 [0134.216] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.216] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.216] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=348, color=0x133e88c) returned 0x0 [0134.216] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.217] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.217] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=349, color=0x133e88c) returned 0x0 [0134.217] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.217] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.217] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=350, color=0x133e88c) returned 0x0 [0134.217] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.217] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.217] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=351, color=0x133e88c) returned 0x0 [0134.217] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.217] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.217] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=352, color=0x133e88c) returned 0x0 [0134.217] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.217] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.217] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=353, color=0x133e88c) returned 0x0 [0134.217] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.217] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.217] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=354, color=0x133e88c) returned 0x0 [0134.217] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.217] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.217] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=355, color=0x133e88c) returned 0x0 [0134.217] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.217] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.217] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=356, color=0x133e88c) returned 0x0 [0134.218] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.218] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.218] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=357, color=0x133e88c) returned 0x0 [0134.218] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.218] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.218] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=358, color=0x133e88c) returned 0x0 [0134.218] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.218] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.218] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=359, color=0x133e88c) returned 0x0 [0134.218] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.218] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.218] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=360, color=0x133e88c) returned 0x0 [0134.218] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.218] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.218] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=361, color=0x133e88c) returned 0x0 [0134.218] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.218] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.218] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=362, color=0x133e88c) returned 0x0 [0134.218] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.218] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.218] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=363, color=0x133e88c) returned 0x0 [0134.219] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.219] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.219] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=364, color=0x133e88c) returned 0x0 [0134.219] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.219] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.219] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=365, color=0x133e88c) returned 0x0 [0134.219] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.219] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.219] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=366, color=0x133e88c) returned 0x0 [0134.219] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.219] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.219] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=367, color=0x133e88c) returned 0x0 [0134.219] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.219] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.219] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=368, color=0x133e88c) returned 0x0 [0134.219] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.219] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.219] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=369, color=0x133e88c) returned 0x0 [0134.219] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.219] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.219] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=370, color=0x133e88c) returned 0x0 [0134.219] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.219] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.220] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=371, color=0x133e88c) returned 0x0 [0134.220] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.220] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.220] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=372, color=0x133e88c) returned 0x0 [0134.220] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.220] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.220] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=373, color=0x133e88c) returned 0x0 [0134.220] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.220] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.220] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=374, color=0x133e88c) returned 0x0 [0134.220] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.220] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.220] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=375, color=0x133e88c) returned 0x0 [0134.220] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.220] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.220] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=376, color=0x133e88c) returned 0x0 [0134.220] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.220] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.220] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=377, color=0x133e88c) returned 0x0 [0134.220] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.220] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.220] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=378, color=0x133e88c) returned 0x0 [0134.221] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.221] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.221] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=379, color=0x133e88c) returned 0x0 [0134.221] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.221] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.221] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=380, color=0x133e88c) returned 0x0 [0134.221] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.221] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.221] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=381, color=0x133e88c) returned 0x0 [0134.221] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.221] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.221] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=382, color=0x133e88c) returned 0x0 [0134.221] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.221] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.221] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=383, color=0x133e88c) returned 0x0 [0134.221] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.221] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.221] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=384, color=0x133e88c) returned 0x0 [0134.222] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.222] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.222] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=385, color=0x133e88c) returned 0x0 [0134.222] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.222] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.222] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=386, color=0x133e88c) returned 0x0 [0134.222] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.222] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.222] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=387, color=0x133e88c) returned 0x0 [0134.222] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.222] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.222] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=388, color=0x133e88c) returned 0x0 [0134.222] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.222] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.222] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=389, color=0x133e88c) returned 0x0 [0134.222] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.222] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.223] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=390, color=0x133e88c) returned 0x0 [0134.223] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.223] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.223] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=391, color=0x133e88c) returned 0x0 [0134.223] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.223] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.223] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=392, color=0x133e88c) returned 0x0 [0134.223] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.223] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.223] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=393, color=0x133e88c) returned 0x0 [0134.223] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.223] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.223] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=394, color=0x133e88c) returned 0x0 [0134.223] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.223] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.223] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=395, color=0x133e88c) returned 0x0 [0134.223] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.223] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.223] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=396, color=0x133e88c) returned 0x0 [0134.223] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.223] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.223] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=397, color=0x133e88c) returned 0x0 [0134.223] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.224] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.224] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=398, color=0x133e88c) returned 0x0 [0134.224] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.224] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.224] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=399, color=0x133e88c) returned 0x0 [0134.224] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.224] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.224] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=400, color=0x133e88c) returned 0x0 [0134.224] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.224] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.224] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=401, color=0x133e88c) returned 0x0 [0134.224] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.224] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.224] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=402, color=0x133e88c) returned 0x0 [0134.224] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.224] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.224] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=403, color=0x133e88c) returned 0x0 [0134.224] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.224] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.224] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=404, color=0x133e88c) returned 0x0 [0134.224] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=405, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=406, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=407, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=408, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=409, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=410, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=411, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=412, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.225] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=413, color=0x133e88c) returned 0x0 [0134.225] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.225] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=414, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=415, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=416, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=417, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=418, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=419, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=420, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=421, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=422, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.226] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=423, color=0x133e88c) returned 0x0 [0134.226] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.226] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=424, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=425, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=426, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=427, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=428, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=429, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=430, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=431, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=432, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.227] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.227] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=433, color=0x133e88c) returned 0x0 [0134.227] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=434, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=435, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=436, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=437, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=438, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=439, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=440, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=441, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.228] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=442, color=0x133e88c) returned 0x0 [0134.228] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.228] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=443, color=0x133e88c) returned 0x0 [0134.229] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.229] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=444, color=0x133e88c) returned 0x0 [0134.229] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.229] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=445, color=0x133e88c) returned 0x0 [0134.229] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.229] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=446, color=0x133e88c) returned 0x0 [0134.229] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.229] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=447, color=0x133e88c) returned 0x0 [0134.229] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.229] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=448, color=0x133e88c) returned 0x0 [0134.229] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.229] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=449, color=0x133e88c) returned 0x0 [0134.229] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.229] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=450, color=0x133e88c) returned 0x0 [0134.229] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.229] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.229] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=451, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.230] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=452, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.230] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=453, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.230] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=454, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.230] GdipBitmapGetPixel (bitmap=0x5a61f08, x=410, y=455, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e8c0) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.230] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=0, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.230] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=1, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.230] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=2, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.230] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.230] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=3, color=0x133e88c) returned 0x0 [0134.230] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.231] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.231] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=4, color=0x133e88c) returned 0x0 [0134.231] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.231] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.231] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=5, color=0x133e88c) returned 0x0 [0134.231] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.231] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.231] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=6, color=0x133e88c) returned 0x0 [0134.231] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.231] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.231] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=7, color=0x133e88c) returned 0x0 [0134.231] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.231] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.231] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=8, color=0x133e88c) returned 0x0 [0134.231] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.231] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.231] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=9, color=0x133e88c) returned 0x0 [0134.231] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.231] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.231] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=10, color=0x133e88c) returned 0x0 [0134.231] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.231] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=11, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.232] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=12, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.232] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=13, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.232] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=14, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.232] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=15, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.232] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=16, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.232] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=17, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.232] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=18, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.232] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.232] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=19, color=0x133e88c) returned 0x0 [0134.232] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.233] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.233] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=20, color=0x133e88c) returned 0x0 [0134.233] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.233] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.233] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=21, color=0x133e88c) returned 0x0 [0134.233] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.233] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.233] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=22, color=0x133e88c) returned 0x0 [0134.233] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.233] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.233] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=23, color=0x133e88c) returned 0x0 [0134.233] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.233] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.233] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=24, color=0x133e88c) returned 0x0 [0134.233] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.233] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.233] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=25, color=0x133e88c) returned 0x0 [0134.233] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.233] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.233] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=26, color=0x133e88c) returned 0x0 [0134.233] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.233] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.233] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=27, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.234] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=28, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.234] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=29, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.234] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=30, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.234] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=31, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.234] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=32, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.234] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=33, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.234] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=34, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.234] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=35, color=0x133e88c) returned 0x0 [0134.234] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.234] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=36, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=37, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=38, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=39, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=40, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=41, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=42, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=43, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.235] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=44, color=0x133e88c) returned 0x0 [0134.235] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.235] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=45, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=46, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=47, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=48, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=49, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=50, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=51, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=52, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.236] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=53, color=0x133e88c) returned 0x0 [0134.236] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.236] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.237] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=54, color=0x133e88c) returned 0x0 [0134.237] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.237] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.237] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=55, color=0x133e88c) returned 0x0 [0134.237] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.237] GdipGetImageHeight (image=0x5a61f08, height=0x133e87c) returned 0x0 [0134.237] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=56, color=0x133e88c) returned 0x0 [0134.237] GdipGetImageWidth (image=0x5a61f08, width=0x133e87c) returned 0x0 [0134.237] GdipBitmapGetPixel (bitmap=0x5a61f08, x=411, y=57, color=0x133e88c) returned 0x0 [0134.642] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x133d1f8 | out: phkResult=0x133d1f8*=0x0) returned 0x2 [0134.643] RegCloseKey (hKey=0x80000002) returned 0x0 [0134.728] GetCurrentProcessId () returned 0x10c0 [0134.733] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x133d274 | out: lpLuid=0x133d274*(LowPart=0x14, HighPart=0)) returned 1 [0134.736] GetCurrentProcess () returned 0xffffffff [0134.737] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x133d270 | out: TokenHandle=0x133d270*=0x310) returned 1 [0134.737] AdjustTokenPrivileges (in: TokenHandle=0x310, DisableAllPrivileges=0, NewState=0x31a2dc0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0134.737] CloseHandle (hObject=0x310) returned 1 [0134.737] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x310 [0134.738] GetExitCodeProcess (in: hProcess=0x310, lpExitCode=0x31a2d4c | out: lpExitCode=0x31a2d4c*=0x103) returned 1 [0134.747] CheckRemoteDebuggerPresent (in: hProcess=0x310, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.759] GetCurrentProcessId () returned 0x10c0 [0134.759] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x314 [0134.760] GetExitCodeProcess (in: hProcess=0x314, lpExitCode=0x31a2e60 | out: lpExitCode=0x31a2e60*=0x103) returned 1 [0134.760] CheckRemoteDebuggerPresent (in: hProcess=0x314, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.760] GetCurrentProcessId () returned 0x10c0 [0134.760] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x318 [0134.760] GetExitCodeProcess (in: hProcess=0x318, lpExitCode=0x31a2fb0 | out: lpExitCode=0x31a2fb0*=0x103) returned 1 [0134.760] CheckRemoteDebuggerPresent (in: hProcess=0x318, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.760] GetCurrentProcessId () returned 0x10c0 [0134.760] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x31c [0134.760] GetExitCodeProcess (in: hProcess=0x31c, lpExitCode=0x31a3068 | out: lpExitCode=0x31a3068*=0x103) returned 1 [0134.760] CheckRemoteDebuggerPresent (in: hProcess=0x31c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.760] GetCurrentProcessId () returned 0x10c0 [0134.760] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x320 [0134.760] GetExitCodeProcess (in: hProcess=0x320, lpExitCode=0x31a3120 | out: lpExitCode=0x31a3120*=0x103) returned 1 [0134.761] CheckRemoteDebuggerPresent (in: hProcess=0x320, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.761] GetCurrentProcessId () returned 0x10c0 [0134.761] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x324 [0134.761] GetExitCodeProcess (in: hProcess=0x324, lpExitCode=0x31a31d8 | out: lpExitCode=0x31a31d8*=0x103) returned 1 [0134.761] CheckRemoteDebuggerPresent (in: hProcess=0x324, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.761] GetCurrentProcessId () returned 0x10c0 [0134.761] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x328 [0134.761] GetExitCodeProcess (in: hProcess=0x328, lpExitCode=0x31a3290 | out: lpExitCode=0x31a3290*=0x103) returned 1 [0134.761] CheckRemoteDebuggerPresent (in: hProcess=0x328, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.761] GetCurrentProcessId () returned 0x10c0 [0134.761] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x32c [0134.761] GetExitCodeProcess (in: hProcess=0x32c, lpExitCode=0x31a3348 | out: lpExitCode=0x31a3348*=0x103) returned 1 [0134.761] CheckRemoteDebuggerPresent (in: hProcess=0x32c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.761] GetCurrentProcessId () returned 0x10c0 [0134.761] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x330 [0134.761] GetExitCodeProcess (in: hProcess=0x330, lpExitCode=0x31a3400 | out: lpExitCode=0x31a3400*=0x103) returned 1 [0134.761] CheckRemoteDebuggerPresent (in: hProcess=0x330, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.762] GetCurrentProcessId () returned 0x10c0 [0134.762] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x334 [0134.762] GetExitCodeProcess (in: hProcess=0x334, lpExitCode=0x31a34b8 | out: lpExitCode=0x31a34b8*=0x103) returned 1 [0134.762] CheckRemoteDebuggerPresent (in: hProcess=0x334, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.762] GetCurrentProcessId () returned 0x10c0 [0134.762] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x338 [0134.762] GetExitCodeProcess (in: hProcess=0x338, lpExitCode=0x31a3570 | out: lpExitCode=0x31a3570*=0x103) returned 1 [0134.762] CheckRemoteDebuggerPresent (in: hProcess=0x338, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.762] GetCurrentProcessId () returned 0x10c0 [0134.762] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x33c [0134.762] GetExitCodeProcess (in: hProcess=0x33c, lpExitCode=0x31a3628 | out: lpExitCode=0x31a3628*=0x103) returned 1 [0134.762] CheckRemoteDebuggerPresent (in: hProcess=0x33c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.762] GetCurrentProcessId () returned 0x10c0 [0134.762] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x340 [0134.762] GetExitCodeProcess (in: hProcess=0x340, lpExitCode=0x31a36e0 | out: lpExitCode=0x31a36e0*=0x103) returned 1 [0134.762] CheckRemoteDebuggerPresent (in: hProcess=0x340, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.762] GetCurrentProcessId () returned 0x10c0 [0134.763] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x344 [0134.763] GetExitCodeProcess (in: hProcess=0x344, lpExitCode=0x31a3798 | out: lpExitCode=0x31a3798*=0x103) returned 1 [0134.763] CheckRemoteDebuggerPresent (in: hProcess=0x344, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.763] GetCurrentProcessId () returned 0x10c0 [0134.763] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x348 [0134.763] GetExitCodeProcess (in: hProcess=0x348, lpExitCode=0x31a3850 | out: lpExitCode=0x31a3850*=0x103) returned 1 [0134.763] CheckRemoteDebuggerPresent (in: hProcess=0x348, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.763] GetCurrentProcessId () returned 0x10c0 [0134.763] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x34c [0134.763] GetExitCodeProcess (in: hProcess=0x34c, lpExitCode=0x31a3908 | out: lpExitCode=0x31a3908*=0x103) returned 1 [0134.763] CheckRemoteDebuggerPresent (in: hProcess=0x34c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.763] GetCurrentProcessId () returned 0x10c0 [0134.763] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x350 [0134.763] GetExitCodeProcess (in: hProcess=0x350, lpExitCode=0x31a39c0 | out: lpExitCode=0x31a39c0*=0x103) returned 1 [0134.763] CheckRemoteDebuggerPresent (in: hProcess=0x350, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.763] GetCurrentProcessId () returned 0x10c0 [0134.763] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x354 [0134.764] GetExitCodeProcess (in: hProcess=0x354, lpExitCode=0x31a3a78 | out: lpExitCode=0x31a3a78*=0x103) returned 1 [0134.764] CheckRemoteDebuggerPresent (in: hProcess=0x354, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.771] VirtualProtect (in: lpAddress=0x5c70400, dwSize=0x84800, flNewProtect=0x40, lpflOldProtect=0x133db80 | out: lpflOldProtect=0x133db80*=0x1) returned 0 [0134.885] GetCurrentProcessId () returned 0x10c0 [0134.886] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x358 [0134.886] GetExitCodeProcess (in: hProcess=0x358, lpExitCode=0x31a3b30 | out: lpExitCode=0x31a3b30*=0x103) returned 1 [0134.886] CheckRemoteDebuggerPresent (in: hProcess=0x358, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.886] GetCurrentProcessId () returned 0x10c0 [0134.886] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x35c [0134.886] GetExitCodeProcess (in: hProcess=0x35c, lpExitCode=0x31a3be8 | out: lpExitCode=0x31a3be8*=0x103) returned 1 [0134.886] CheckRemoteDebuggerPresent (in: hProcess=0x35c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.886] GetCurrentProcessId () returned 0x10c0 [0134.886] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x360 [0134.886] GetExitCodeProcess (in: hProcess=0x360, lpExitCode=0x31a3ca0 | out: lpExitCode=0x31a3ca0*=0x103) returned 1 [0134.886] CheckRemoteDebuggerPresent (in: hProcess=0x360, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.886] GetCurrentProcessId () returned 0x10c0 [0134.886] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x364 [0134.886] GetExitCodeProcess (in: hProcess=0x364, lpExitCode=0x31a3d58 | out: lpExitCode=0x31a3d58*=0x103) returned 1 [0134.886] CheckRemoteDebuggerPresent (in: hProcess=0x364, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.886] GetCurrentProcessId () returned 0x10c0 [0134.886] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x368 [0134.887] GetExitCodeProcess (in: hProcess=0x368, lpExitCode=0x31a3e10 | out: lpExitCode=0x31a3e10*=0x103) returned 1 [0134.887] CheckRemoteDebuggerPresent (in: hProcess=0x368, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.887] GetCurrentProcessId () returned 0x10c0 [0134.887] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x36c [0134.887] GetExitCodeProcess (in: hProcess=0x36c, lpExitCode=0x31a3ec8 | out: lpExitCode=0x31a3ec8*=0x103) returned 1 [0134.887] CheckRemoteDebuggerPresent (in: hProcess=0x36c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.887] GetCurrentProcessId () returned 0x10c0 [0134.887] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x370 [0134.887] GetExitCodeProcess (in: hProcess=0x370, lpExitCode=0x31a3f80 | out: lpExitCode=0x31a3f80*=0x103) returned 1 [0134.887] CheckRemoteDebuggerPresent (in: hProcess=0x370, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.887] GetCurrentProcessId () returned 0x10c0 [0134.887] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x374 [0134.887] GetExitCodeProcess (in: hProcess=0x374, lpExitCode=0x31a4038 | out: lpExitCode=0x31a4038*=0x103) returned 1 [0134.887] CheckRemoteDebuggerPresent (in: hProcess=0x374, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.887] GetCurrentProcessId () returned 0x10c0 [0134.887] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x378 [0134.888] GetExitCodeProcess (in: hProcess=0x378, lpExitCode=0x31a40f0 | out: lpExitCode=0x31a40f0*=0x103) returned 1 [0134.888] CheckRemoteDebuggerPresent (in: hProcess=0x378, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.888] GetCurrentProcessId () returned 0x10c0 [0134.888] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x37c [0134.888] GetExitCodeProcess (in: hProcess=0x37c, lpExitCode=0x31a41a8 | out: lpExitCode=0x31a41a8*=0x103) returned 1 [0134.888] CheckRemoteDebuggerPresent (in: hProcess=0x37c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.888] GetCurrentProcessId () returned 0x10c0 [0134.888] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x380 [0134.888] GetExitCodeProcess (in: hProcess=0x380, lpExitCode=0x31a4260 | out: lpExitCode=0x31a4260*=0x103) returned 1 [0134.888] CheckRemoteDebuggerPresent (in: hProcess=0x380, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.888] GetCurrentProcessId () returned 0x10c0 [0134.888] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x384 [0134.888] GetExitCodeProcess (in: hProcess=0x384, lpExitCode=0x31a4318 | out: lpExitCode=0x31a4318*=0x103) returned 1 [0134.888] CheckRemoteDebuggerPresent (in: hProcess=0x384, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.888] GetCurrentProcessId () returned 0x10c0 [0134.888] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x388 [0134.888] GetExitCodeProcess (in: hProcess=0x388, lpExitCode=0x31a43d0 | out: lpExitCode=0x31a43d0*=0x103) returned 1 [0134.889] CheckRemoteDebuggerPresent (in: hProcess=0x388, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.889] GetCurrentProcessId () returned 0x10c0 [0134.889] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x38c [0134.889] GetExitCodeProcess (in: hProcess=0x38c, lpExitCode=0x31a4488 | out: lpExitCode=0x31a4488*=0x103) returned 1 [0134.889] CheckRemoteDebuggerPresent (in: hProcess=0x38c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.889] GetCurrentProcessId () returned 0x10c0 [0134.889] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x390 [0134.889] GetExitCodeProcess (in: hProcess=0x390, lpExitCode=0x31a4540 | out: lpExitCode=0x31a4540*=0x103) returned 1 [0134.889] CheckRemoteDebuggerPresent (in: hProcess=0x390, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.889] GetCurrentProcessId () returned 0x10c0 [0134.889] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x394 [0134.889] GetExitCodeProcess (in: hProcess=0x394, lpExitCode=0x31a45f8 | out: lpExitCode=0x31a45f8*=0x103) returned 1 [0134.889] CheckRemoteDebuggerPresent (in: hProcess=0x394, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.889] GetCurrentProcessId () returned 0x10c0 [0134.889] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x398 [0134.889] GetExitCodeProcess (in: hProcess=0x398, lpExitCode=0x31a46b0 | out: lpExitCode=0x31a46b0*=0x103) returned 1 [0134.889] CheckRemoteDebuggerPresent (in: hProcess=0x398, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.890] GetCurrentProcessId () returned 0x10c0 [0134.890] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x39c [0134.890] GetExitCodeProcess (in: hProcess=0x39c, lpExitCode=0x31a4768 | out: lpExitCode=0x31a4768*=0x103) returned 1 [0134.890] CheckRemoteDebuggerPresent (in: hProcess=0x39c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.890] GetCurrentProcessId () returned 0x10c0 [0134.890] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3a0 [0134.890] GetExitCodeProcess (in: hProcess=0x3a0, lpExitCode=0x31a4820 | out: lpExitCode=0x31a4820*=0x103) returned 1 [0134.890] CheckRemoteDebuggerPresent (in: hProcess=0x3a0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.890] GetCurrentProcessId () returned 0x10c0 [0134.890] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3a4 [0134.890] GetExitCodeProcess (in: hProcess=0x3a4, lpExitCode=0x31a48d8 | out: lpExitCode=0x31a48d8*=0x103) returned 1 [0134.890] CheckRemoteDebuggerPresent (in: hProcess=0x3a4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.890] GetCurrentProcessId () returned 0x10c0 [0134.890] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3a8 [0134.890] GetExitCodeProcess (in: hProcess=0x3a8, lpExitCode=0x31a4990 | out: lpExitCode=0x31a4990*=0x103) returned 1 [0134.890] CheckRemoteDebuggerPresent (in: hProcess=0x3a8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.890] GetCurrentProcessId () returned 0x10c0 [0134.890] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3ac [0134.891] GetExitCodeProcess (in: hProcess=0x3ac, lpExitCode=0x31a4a48 | out: lpExitCode=0x31a4a48*=0x103) returned 1 [0134.891] CheckRemoteDebuggerPresent (in: hProcess=0x3ac, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.891] GetCurrentProcessId () returned 0x10c0 [0134.891] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3b0 [0134.891] GetExitCodeProcess (in: hProcess=0x3b0, lpExitCode=0x31a4b00 | out: lpExitCode=0x31a4b00*=0x103) returned 1 [0134.891] CheckRemoteDebuggerPresent (in: hProcess=0x3b0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.891] GetCurrentProcessId () returned 0x10c0 [0134.891] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3b4 [0134.891] GetExitCodeProcess (in: hProcess=0x3b4, lpExitCode=0x31a4bb8 | out: lpExitCode=0x31a4bb8*=0x103) returned 1 [0134.891] CheckRemoteDebuggerPresent (in: hProcess=0x3b4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.891] GetCurrentProcessId () returned 0x10c0 [0134.891] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3b8 [0134.891] GetExitCodeProcess (in: hProcess=0x3b8, lpExitCode=0x31a4c70 | out: lpExitCode=0x31a4c70*=0x103) returned 1 [0134.891] CheckRemoteDebuggerPresent (in: hProcess=0x3b8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.891] GetCurrentProcessId () returned 0x10c0 [0134.891] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3bc [0134.891] GetExitCodeProcess (in: hProcess=0x3bc, lpExitCode=0x31a4d28 | out: lpExitCode=0x31a4d28*=0x103) returned 1 [0134.892] CheckRemoteDebuggerPresent (in: hProcess=0x3bc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.892] GetCurrentProcessId () returned 0x10c0 [0134.892] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3c0 [0134.892] GetExitCodeProcess (in: hProcess=0x3c0, lpExitCode=0x31a4de0 | out: lpExitCode=0x31a4de0*=0x103) returned 1 [0134.892] CheckRemoteDebuggerPresent (in: hProcess=0x3c0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.892] GetCurrentProcessId () returned 0x10c0 [0134.892] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3c4 [0134.892] GetExitCodeProcess (in: hProcess=0x3c4, lpExitCode=0x31a4e98 | out: lpExitCode=0x31a4e98*=0x103) returned 1 [0134.892] CheckRemoteDebuggerPresent (in: hProcess=0x3c4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.892] GetCurrentProcessId () returned 0x10c0 [0134.892] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3c8 [0134.892] GetExitCodeProcess (in: hProcess=0x3c8, lpExitCode=0x31a4f50 | out: lpExitCode=0x31a4f50*=0x103) returned 1 [0134.892] CheckRemoteDebuggerPresent (in: hProcess=0x3c8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.892] GetCurrentProcessId () returned 0x10c0 [0134.892] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3cc [0134.892] GetExitCodeProcess (in: hProcess=0x3cc, lpExitCode=0x31a5008 | out: lpExitCode=0x31a5008*=0x103) returned 1 [0134.893] CheckRemoteDebuggerPresent (in: hProcess=0x3cc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.893] GetCurrentProcessId () returned 0x10c0 [0134.893] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3d0 [0134.893] GetExitCodeProcess (in: hProcess=0x3d0, lpExitCode=0x31a50c0 | out: lpExitCode=0x31a50c0*=0x103) returned 1 [0134.893] CheckRemoteDebuggerPresent (in: hProcess=0x3d0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.893] GetCurrentProcessId () returned 0x10c0 [0134.893] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3d4 [0134.893] GetExitCodeProcess (in: hProcess=0x3d4, lpExitCode=0x31a5178 | out: lpExitCode=0x31a5178*=0x103) returned 1 [0134.893] CheckRemoteDebuggerPresent (in: hProcess=0x3d4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.893] GetCurrentProcessId () returned 0x10c0 [0134.893] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3d8 [0134.893] GetExitCodeProcess (in: hProcess=0x3d8, lpExitCode=0x31a5230 | out: lpExitCode=0x31a5230*=0x103) returned 1 [0134.893] CheckRemoteDebuggerPresent (in: hProcess=0x3d8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.893] GetCurrentProcessId () returned 0x10c0 [0134.893] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3dc [0134.893] GetExitCodeProcess (in: hProcess=0x3dc, lpExitCode=0x31a52e8 | out: lpExitCode=0x31a52e8*=0x103) returned 1 [0134.893] CheckRemoteDebuggerPresent (in: hProcess=0x3dc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.894] GetCurrentProcessId () returned 0x10c0 [0134.894] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3e0 [0134.894] GetExitCodeProcess (in: hProcess=0x3e0, lpExitCode=0x31a53a0 | out: lpExitCode=0x31a53a0*=0x103) returned 1 [0134.894] CheckRemoteDebuggerPresent (in: hProcess=0x3e0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.894] GetCurrentProcessId () returned 0x10c0 [0134.894] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3e4 [0134.894] GetExitCodeProcess (in: hProcess=0x3e4, lpExitCode=0x31a5458 | out: lpExitCode=0x31a5458*=0x103) returned 1 [0134.894] CheckRemoteDebuggerPresent (in: hProcess=0x3e4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.894] GetCurrentProcessId () returned 0x10c0 [0134.894] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3e8 [0134.894] GetExitCodeProcess (in: hProcess=0x3e8, lpExitCode=0x31a5510 | out: lpExitCode=0x31a5510*=0x103) returned 1 [0134.894] CheckRemoteDebuggerPresent (in: hProcess=0x3e8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.894] GetCurrentProcessId () returned 0x10c0 [0134.894] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3ec [0134.894] GetExitCodeProcess (in: hProcess=0x3ec, lpExitCode=0x31a55c8 | out: lpExitCode=0x31a55c8*=0x103) returned 1 [0134.894] CheckRemoteDebuggerPresent (in: hProcess=0x3ec, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.895] GetCurrentProcessId () returned 0x10c0 [0134.895] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3f0 [0134.895] GetExitCodeProcess (in: hProcess=0x3f0, lpExitCode=0x31a5680 | out: lpExitCode=0x31a5680*=0x103) returned 1 [0134.895] CheckRemoteDebuggerPresent (in: hProcess=0x3f0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.895] GetCurrentProcessId () returned 0x10c0 [0134.895] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3f4 [0134.895] GetExitCodeProcess (in: hProcess=0x3f4, lpExitCode=0x31a5738 | out: lpExitCode=0x31a5738*=0x103) returned 1 [0134.895] CheckRemoteDebuggerPresent (in: hProcess=0x3f4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.895] GetCurrentProcessId () returned 0x10c0 [0134.895] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3f8 [0134.895] GetExitCodeProcess (in: hProcess=0x3f8, lpExitCode=0x31a57f0 | out: lpExitCode=0x31a57f0*=0x103) returned 1 [0134.895] CheckRemoteDebuggerPresent (in: hProcess=0x3f8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.895] GetCurrentProcessId () returned 0x10c0 [0134.895] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3fc [0134.895] GetExitCodeProcess (in: hProcess=0x3fc, lpExitCode=0x31a58a8 | out: lpExitCode=0x31a58a8*=0x103) returned 1 [0134.895] CheckRemoteDebuggerPresent (in: hProcess=0x3fc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.895] GetCurrentProcessId () returned 0x10c0 [0134.895] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x404 [0134.896] GetExitCodeProcess (in: hProcess=0x404, lpExitCode=0x31a5960 | out: lpExitCode=0x31a5960*=0x103) returned 1 [0134.896] CheckRemoteDebuggerPresent (in: hProcess=0x404, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.896] GetCurrentProcessId () returned 0x10c0 [0134.896] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x408 [0134.896] GetExitCodeProcess (in: hProcess=0x408, lpExitCode=0x31a5a18 | out: lpExitCode=0x31a5a18*=0x103) returned 1 [0134.896] CheckRemoteDebuggerPresent (in: hProcess=0x408, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.940] GetCurrentProcessId () returned 0x10c0 [0134.940] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x40c [0134.940] GetExitCodeProcess (in: hProcess=0x40c, lpExitCode=0x31a5ad0 | out: lpExitCode=0x31a5ad0*=0x103) returned 1 [0134.940] CheckRemoteDebuggerPresent (in: hProcess=0x40c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.940] GetCurrentProcessId () returned 0x10c0 [0134.940] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x410 [0134.940] GetExitCodeProcess (in: hProcess=0x410, lpExitCode=0x31a5b88 | out: lpExitCode=0x31a5b88*=0x103) returned 1 [0134.940] CheckRemoteDebuggerPresent (in: hProcess=0x410, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.940] GetCurrentProcessId () returned 0x10c0 [0134.940] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x414 [0134.940] GetExitCodeProcess (in: hProcess=0x414, lpExitCode=0x31a5c40 | out: lpExitCode=0x31a5c40*=0x103) returned 1 [0134.940] CheckRemoteDebuggerPresent (in: hProcess=0x414, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.940] GetCurrentProcessId () returned 0x10c0 [0134.941] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x418 [0134.941] GetExitCodeProcess (in: hProcess=0x418, lpExitCode=0x31a5cf8 | out: lpExitCode=0x31a5cf8*=0x103) returned 1 [0134.941] CheckRemoteDebuggerPresent (in: hProcess=0x418, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.941] GetCurrentProcessId () returned 0x10c0 [0134.941] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x41c [0134.941] GetExitCodeProcess (in: hProcess=0x41c, lpExitCode=0x31a5db0 | out: lpExitCode=0x31a5db0*=0x103) returned 1 [0134.941] CheckRemoteDebuggerPresent (in: hProcess=0x41c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.941] GetCurrentProcessId () returned 0x10c0 [0134.941] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x420 [0134.941] GetExitCodeProcess (in: hProcess=0x420, lpExitCode=0x31a5e68 | out: lpExitCode=0x31a5e68*=0x103) returned 1 [0134.941] CheckRemoteDebuggerPresent (in: hProcess=0x420, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.941] GetCurrentProcessId () returned 0x10c0 [0134.941] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x424 [0134.941] GetExitCodeProcess (in: hProcess=0x424, lpExitCode=0x31a5f20 | out: lpExitCode=0x31a5f20*=0x103) returned 1 [0134.941] CheckRemoteDebuggerPresent (in: hProcess=0x424, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.941] GetCurrentProcessId () returned 0x10c0 [0134.941] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x428 [0134.942] GetExitCodeProcess (in: hProcess=0x428, lpExitCode=0x31a5fd8 | out: lpExitCode=0x31a5fd8*=0x103) returned 1 [0134.942] CheckRemoteDebuggerPresent (in: hProcess=0x428, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.942] GetCurrentProcessId () returned 0x10c0 [0134.942] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x42c [0134.942] GetExitCodeProcess (in: hProcess=0x42c, lpExitCode=0x31a6090 | out: lpExitCode=0x31a6090*=0x103) returned 1 [0134.942] CheckRemoteDebuggerPresent (in: hProcess=0x42c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.942] GetCurrentProcessId () returned 0x10c0 [0134.942] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x430 [0134.942] GetExitCodeProcess (in: hProcess=0x430, lpExitCode=0x31a6148 | out: lpExitCode=0x31a6148*=0x103) returned 1 [0134.942] CheckRemoteDebuggerPresent (in: hProcess=0x430, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.942] GetCurrentProcessId () returned 0x10c0 [0134.942] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x434 [0134.942] GetExitCodeProcess (in: hProcess=0x434, lpExitCode=0x31a6200 | out: lpExitCode=0x31a6200*=0x103) returned 1 [0134.942] CheckRemoteDebuggerPresent (in: hProcess=0x434, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.942] GetCurrentProcessId () returned 0x10c0 [0134.942] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x438 [0134.942] GetExitCodeProcess (in: hProcess=0x438, lpExitCode=0x31a62b8 | out: lpExitCode=0x31a62b8*=0x103) returned 1 [0134.943] CheckRemoteDebuggerPresent (in: hProcess=0x438, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.943] GetCurrentProcessId () returned 0x10c0 [0134.943] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x43c [0134.943] GetExitCodeProcess (in: hProcess=0x43c, lpExitCode=0x31a6370 | out: lpExitCode=0x31a6370*=0x103) returned 1 [0134.943] CheckRemoteDebuggerPresent (in: hProcess=0x43c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.943] GetCurrentProcessId () returned 0x10c0 [0134.943] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x440 [0134.956] GetExitCodeProcess (in: hProcess=0x440, lpExitCode=0x31a6428 | out: lpExitCode=0x31a6428*=0x103) returned 1 [0134.956] CheckRemoteDebuggerPresent (in: hProcess=0x440, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.956] GetCurrentProcessId () returned 0x10c0 [0134.956] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x444 [0134.956] GetExitCodeProcess (in: hProcess=0x444, lpExitCode=0x31a64e0 | out: lpExitCode=0x31a64e0*=0x103) returned 1 [0134.956] CheckRemoteDebuggerPresent (in: hProcess=0x444, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.956] GetCurrentProcessId () returned 0x10c0 [0134.956] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x448 [0134.956] GetExitCodeProcess (in: hProcess=0x448, lpExitCode=0x31a6598 | out: lpExitCode=0x31a6598*=0x103) returned 1 [0134.956] CheckRemoteDebuggerPresent (in: hProcess=0x448, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.956] GetCurrentProcessId () returned 0x10c0 [0134.956] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x44c [0134.956] GetExitCodeProcess (in: hProcess=0x44c, lpExitCode=0x31a6650 | out: lpExitCode=0x31a6650*=0x103) returned 1 [0134.956] CheckRemoteDebuggerPresent (in: hProcess=0x44c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.957] GetCurrentProcessId () returned 0x10c0 [0134.957] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x450 [0134.957] GetExitCodeProcess (in: hProcess=0x450, lpExitCode=0x31a6708 | out: lpExitCode=0x31a6708*=0x103) returned 1 [0134.957] CheckRemoteDebuggerPresent (in: hProcess=0x450, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.957] GetCurrentProcessId () returned 0x10c0 [0134.957] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x454 [0134.957] GetExitCodeProcess (in: hProcess=0x454, lpExitCode=0x31a67c0 | out: lpExitCode=0x31a67c0*=0x103) returned 1 [0134.957] CheckRemoteDebuggerPresent (in: hProcess=0x454, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.957] GetCurrentProcessId () returned 0x10c0 [0134.957] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x458 [0134.957] GetExitCodeProcess (in: hProcess=0x458, lpExitCode=0x31a6878 | out: lpExitCode=0x31a6878*=0x103) returned 1 [0134.957] CheckRemoteDebuggerPresent (in: hProcess=0x458, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.957] GetCurrentProcessId () returned 0x10c0 [0134.957] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x45c [0134.957] GetExitCodeProcess (in: hProcess=0x45c, lpExitCode=0x31a6930 | out: lpExitCode=0x31a6930*=0x103) returned 1 [0134.957] CheckRemoteDebuggerPresent (in: hProcess=0x45c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.958] GetCurrentProcessId () returned 0x10c0 [0134.958] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x460 [0134.958] GetExitCodeProcess (in: hProcess=0x460, lpExitCode=0x31a69e8 | out: lpExitCode=0x31a69e8*=0x103) returned 1 [0134.958] CheckRemoteDebuggerPresent (in: hProcess=0x460, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.958] GetCurrentProcessId () returned 0x10c0 [0134.958] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x464 [0134.958] GetExitCodeProcess (in: hProcess=0x464, lpExitCode=0x31a6aa0 | out: lpExitCode=0x31a6aa0*=0x103) returned 1 [0134.958] CheckRemoteDebuggerPresent (in: hProcess=0x464, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.958] GetCurrentProcessId () returned 0x10c0 [0134.958] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x468 [0134.958] GetExitCodeProcess (in: hProcess=0x468, lpExitCode=0x31a6b58 | out: lpExitCode=0x31a6b58*=0x103) returned 1 [0134.958] CheckRemoteDebuggerPresent (in: hProcess=0x468, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.958] GetCurrentProcessId () returned 0x10c0 [0134.958] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x46c [0134.958] GetExitCodeProcess (in: hProcess=0x46c, lpExitCode=0x31a6c10 | out: lpExitCode=0x31a6c10*=0x103) returned 1 [0134.958] CheckRemoteDebuggerPresent (in: hProcess=0x46c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.958] GetCurrentProcessId () returned 0x10c0 [0134.958] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x470 [0134.959] GetExitCodeProcess (in: hProcess=0x470, lpExitCode=0x31a6cc8 | out: lpExitCode=0x31a6cc8*=0x103) returned 1 [0134.959] CheckRemoteDebuggerPresent (in: hProcess=0x470, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.959] GetCurrentProcessId () returned 0x10c0 [0134.959] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x474 [0134.959] GetExitCodeProcess (in: hProcess=0x474, lpExitCode=0x31a6d80 | out: lpExitCode=0x31a6d80*=0x103) returned 1 [0134.959] CheckRemoteDebuggerPresent (in: hProcess=0x474, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.959] GetCurrentProcessId () returned 0x10c0 [0134.959] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x478 [0134.959] GetExitCodeProcess (in: hProcess=0x478, lpExitCode=0x31a6e38 | out: lpExitCode=0x31a6e38*=0x103) returned 1 [0134.959] CheckRemoteDebuggerPresent (in: hProcess=0x478, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.959] GetCurrentProcessId () returned 0x10c0 [0134.959] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x47c [0134.959] GetExitCodeProcess (in: hProcess=0x47c, lpExitCode=0x31a6ef0 | out: lpExitCode=0x31a6ef0*=0x103) returned 1 [0134.959] CheckRemoteDebuggerPresent (in: hProcess=0x47c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.959] GetCurrentProcessId () returned 0x10c0 [0134.959] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x480 [0134.959] GetExitCodeProcess (in: hProcess=0x480, lpExitCode=0x31a6fa8 | out: lpExitCode=0x31a6fa8*=0x103) returned 1 [0134.960] CheckRemoteDebuggerPresent (in: hProcess=0x480, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.960] GetCurrentProcessId () returned 0x10c0 [0134.960] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x484 [0134.960] GetExitCodeProcess (in: hProcess=0x484, lpExitCode=0x31a7060 | out: lpExitCode=0x31a7060*=0x103) returned 1 [0134.960] CheckRemoteDebuggerPresent (in: hProcess=0x484, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.960] GetCurrentProcessId () returned 0x10c0 [0134.960] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x488 [0134.960] GetExitCodeProcess (in: hProcess=0x488, lpExitCode=0x31a7118 | out: lpExitCode=0x31a7118*=0x103) returned 1 [0134.960] CheckRemoteDebuggerPresent (in: hProcess=0x488, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.960] GetCurrentProcessId () returned 0x10c0 [0134.960] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x48c [0134.960] GetExitCodeProcess (in: hProcess=0x48c, lpExitCode=0x31a71d0 | out: lpExitCode=0x31a71d0*=0x103) returned 1 [0134.960] CheckRemoteDebuggerPresent (in: hProcess=0x48c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.960] GetCurrentProcessId () returned 0x10c0 [0134.960] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x490 [0134.960] GetExitCodeProcess (in: hProcess=0x490, lpExitCode=0x31a7288 | out: lpExitCode=0x31a7288*=0x103) returned 1 [0134.960] CheckRemoteDebuggerPresent (in: hProcess=0x490, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.961] GetCurrentProcessId () returned 0x10c0 [0134.961] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x494 [0134.961] GetExitCodeProcess (in: hProcess=0x494, lpExitCode=0x31a7340 | out: lpExitCode=0x31a7340*=0x103) returned 1 [0134.961] CheckRemoteDebuggerPresent (in: hProcess=0x494, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.961] GetCurrentProcessId () returned 0x10c0 [0134.961] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x498 [0134.961] GetExitCodeProcess (in: hProcess=0x498, lpExitCode=0x31a73f8 | out: lpExitCode=0x31a73f8*=0x103) returned 1 [0134.961] CheckRemoteDebuggerPresent (in: hProcess=0x498, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.961] GetCurrentProcessId () returned 0x10c0 [0134.961] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x49c [0134.961] GetExitCodeProcess (in: hProcess=0x49c, lpExitCode=0x31a74b0 | out: lpExitCode=0x31a74b0*=0x103) returned 1 [0134.961] CheckRemoteDebuggerPresent (in: hProcess=0x49c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.961] GetCurrentProcessId () returned 0x10c0 [0134.961] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4a0 [0134.961] GetExitCodeProcess (in: hProcess=0x4a0, lpExitCode=0x31a7568 | out: lpExitCode=0x31a7568*=0x103) returned 1 [0134.961] CheckRemoteDebuggerPresent (in: hProcess=0x4a0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.961] GetCurrentProcessId () returned 0x10c0 [0134.962] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4a4 [0134.962] GetExitCodeProcess (in: hProcess=0x4a4, lpExitCode=0x31a7620 | out: lpExitCode=0x31a7620*=0x103) returned 1 [0134.962] CheckRemoteDebuggerPresent (in: hProcess=0x4a4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.962] GetCurrentProcessId () returned 0x10c0 [0134.962] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4a8 [0134.962] GetExitCodeProcess (in: hProcess=0x4a8, lpExitCode=0x31a76d8 | out: lpExitCode=0x31a76d8*=0x103) returned 1 [0134.962] CheckRemoteDebuggerPresent (in: hProcess=0x4a8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.962] GetCurrentProcessId () returned 0x10c0 [0134.962] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4ac [0134.962] GetExitCodeProcess (in: hProcess=0x4ac, lpExitCode=0x31a7790 | out: lpExitCode=0x31a7790*=0x103) returned 1 [0134.962] CheckRemoteDebuggerPresent (in: hProcess=0x4ac, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.962] GetCurrentProcessId () returned 0x10c0 [0134.962] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4b0 [0134.962] GetExitCodeProcess (in: hProcess=0x4b0, lpExitCode=0x31a7848 | out: lpExitCode=0x31a7848*=0x103) returned 1 [0134.962] CheckRemoteDebuggerPresent (in: hProcess=0x4b0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.962] GetCurrentProcessId () returned 0x10c0 [0134.962] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4b4 [0134.963] GetExitCodeProcess (in: hProcess=0x4b4, lpExitCode=0x31a7900 | out: lpExitCode=0x31a7900*=0x103) returned 1 [0134.963] CheckRemoteDebuggerPresent (in: hProcess=0x4b4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.963] GetCurrentProcessId () returned 0x10c0 [0134.963] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4b8 [0134.963] GetExitCodeProcess (in: hProcess=0x4b8, lpExitCode=0x31a79b8 | out: lpExitCode=0x31a79b8*=0x103) returned 1 [0134.963] CheckRemoteDebuggerPresent (in: hProcess=0x4b8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.963] GetCurrentProcessId () returned 0x10c0 [0134.963] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4bc [0134.963] GetExitCodeProcess (in: hProcess=0x4bc, lpExitCode=0x31a7a70 | out: lpExitCode=0x31a7a70*=0x103) returned 1 [0134.963] CheckRemoteDebuggerPresent (in: hProcess=0x4bc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.963] GetCurrentProcessId () returned 0x10c0 [0134.963] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4c0 [0134.963] GetExitCodeProcess (in: hProcess=0x4c0, lpExitCode=0x31a7b28 | out: lpExitCode=0x31a7b28*=0x103) returned 1 [0134.963] CheckRemoteDebuggerPresent (in: hProcess=0x4c0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.963] GetCurrentProcessId () returned 0x10c0 [0134.963] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4c4 [0134.963] GetExitCodeProcess (in: hProcess=0x4c4, lpExitCode=0x31a7be0 | out: lpExitCode=0x31a7be0*=0x103) returned 1 [0134.963] CheckRemoteDebuggerPresent (in: hProcess=0x4c4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.963] GetCurrentProcessId () returned 0x10c0 [0134.964] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4c8 [0134.964] GetExitCodeProcess (in: hProcess=0x4c8, lpExitCode=0x31a7c98 | out: lpExitCode=0x31a7c98*=0x103) returned 1 [0134.964] CheckRemoteDebuggerPresent (in: hProcess=0x4c8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.964] GetCurrentProcessId () returned 0x10c0 [0134.964] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4cc [0134.964] GetExitCodeProcess (in: hProcess=0x4cc, lpExitCode=0x31a7d50 | out: lpExitCode=0x31a7d50*=0x103) returned 1 [0134.964] CheckRemoteDebuggerPresent (in: hProcess=0x4cc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.964] GetCurrentProcessId () returned 0x10c0 [0134.964] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4d0 [0134.964] GetExitCodeProcess (in: hProcess=0x4d0, lpExitCode=0x31a7e08 | out: lpExitCode=0x31a7e08*=0x103) returned 1 [0134.964] CheckRemoteDebuggerPresent (in: hProcess=0x4d0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.964] GetCurrentProcessId () returned 0x10c0 [0134.964] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4d4 [0134.964] GetExitCodeProcess (in: hProcess=0x4d4, lpExitCode=0x31a7ec0 | out: lpExitCode=0x31a7ec0*=0x103) returned 1 [0134.964] CheckRemoteDebuggerPresent (in: hProcess=0x4d4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.964] GetCurrentProcessId () returned 0x10c0 [0134.964] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4d8 [0134.964] GetExitCodeProcess (in: hProcess=0x4d8, lpExitCode=0x31a7f78 | out: lpExitCode=0x31a7f78*=0x103) returned 1 [0134.964] CheckRemoteDebuggerPresent (in: hProcess=0x4d8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.964] GetCurrentProcessId () returned 0x10c0 [0134.965] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4dc [0134.965] GetExitCodeProcess (in: hProcess=0x4dc, lpExitCode=0x31a8030 | out: lpExitCode=0x31a8030*=0x103) returned 1 [0134.965] CheckRemoteDebuggerPresent (in: hProcess=0x4dc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.965] GetCurrentProcessId () returned 0x10c0 [0134.965] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4e0 [0134.965] GetExitCodeProcess (in: hProcess=0x4e0, lpExitCode=0x31a80e8 | out: lpExitCode=0x31a80e8*=0x103) returned 1 [0134.965] CheckRemoteDebuggerPresent (in: hProcess=0x4e0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.965] GetCurrentProcessId () returned 0x10c0 [0134.965] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4e4 [0134.965] GetExitCodeProcess (in: hProcess=0x4e4, lpExitCode=0x31a81a0 | out: lpExitCode=0x31a81a0*=0x103) returned 1 [0134.965] CheckRemoteDebuggerPresent (in: hProcess=0x4e4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.965] GetCurrentProcessId () returned 0x10c0 [0134.965] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4e8 [0134.965] GetExitCodeProcess (in: hProcess=0x4e8, lpExitCode=0x31a8258 | out: lpExitCode=0x31a8258*=0x103) returned 1 [0134.965] CheckRemoteDebuggerPresent (in: hProcess=0x4e8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.965] GetCurrentProcessId () returned 0x10c0 [0134.965] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4ec [0134.965] GetExitCodeProcess (in: hProcess=0x4ec, lpExitCode=0x31a8310 | out: lpExitCode=0x31a8310*=0x103) returned 1 [0134.966] CheckRemoteDebuggerPresent (in: hProcess=0x4ec, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.966] GetCurrentProcessId () returned 0x10c0 [0134.966] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4f0 [0134.966] GetExitCodeProcess (in: hProcess=0x4f0, lpExitCode=0x31a83c8 | out: lpExitCode=0x31a83c8*=0x103) returned 1 [0134.966] CheckRemoteDebuggerPresent (in: hProcess=0x4f0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.966] GetCurrentProcessId () returned 0x10c0 [0134.966] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4f4 [0134.966] GetExitCodeProcess (in: hProcess=0x4f4, lpExitCode=0x31a8480 | out: lpExitCode=0x31a8480*=0x103) returned 1 [0134.966] CheckRemoteDebuggerPresent (in: hProcess=0x4f4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.966] GetCurrentProcessId () returned 0x10c0 [0134.966] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4f8 [0134.966] GetExitCodeProcess (in: hProcess=0x4f8, lpExitCode=0x31a8538 | out: lpExitCode=0x31a8538*=0x103) returned 1 [0134.966] CheckRemoteDebuggerPresent (in: hProcess=0x4f8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.966] GetCurrentProcessId () returned 0x10c0 [0134.966] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4fc [0134.966] GetExitCodeProcess (in: hProcess=0x4fc, lpExitCode=0x31a85f0 | out: lpExitCode=0x31a85f0*=0x103) returned 1 [0134.966] CheckRemoteDebuggerPresent (in: hProcess=0x4fc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.966] GetCurrentProcessId () returned 0x10c0 [0134.966] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x500 [0134.966] GetExitCodeProcess (in: hProcess=0x500, lpExitCode=0x31a86a8 | out: lpExitCode=0x31a86a8*=0x103) returned 1 [0134.967] CheckRemoteDebuggerPresent (in: hProcess=0x500, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.967] GetCurrentProcessId () returned 0x10c0 [0134.967] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x504 [0134.967] GetExitCodeProcess (in: hProcess=0x504, lpExitCode=0x31a8760 | out: lpExitCode=0x31a8760*=0x103) returned 1 [0134.967] CheckRemoteDebuggerPresent (in: hProcess=0x504, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.967] GetCurrentProcessId () returned 0x10c0 [0134.967] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x508 [0134.967] GetExitCodeProcess (in: hProcess=0x508, lpExitCode=0x31a8818 | out: lpExitCode=0x31a8818*=0x103) returned 1 [0134.967] CheckRemoteDebuggerPresent (in: hProcess=0x508, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.967] GetCurrentProcessId () returned 0x10c0 [0134.967] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x50c [0134.967] GetExitCodeProcess (in: hProcess=0x50c, lpExitCode=0x31a88d0 | out: lpExitCode=0x31a88d0*=0x103) returned 1 [0134.967] CheckRemoteDebuggerPresent (in: hProcess=0x50c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.967] GetCurrentProcessId () returned 0x10c0 [0134.967] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x510 [0134.967] GetExitCodeProcess (in: hProcess=0x510, lpExitCode=0x31a8988 | out: lpExitCode=0x31a8988*=0x103) returned 1 [0134.967] CheckRemoteDebuggerPresent (in: hProcess=0x510, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.967] GetCurrentProcessId () returned 0x10c0 [0134.967] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x514 [0134.968] GetExitCodeProcess (in: hProcess=0x514, lpExitCode=0x31a8a40 | out: lpExitCode=0x31a8a40*=0x103) returned 1 [0134.968] CheckRemoteDebuggerPresent (in: hProcess=0x514, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.968] GetCurrentProcessId () returned 0x10c0 [0134.968] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x518 [0134.968] GetExitCodeProcess (in: hProcess=0x518, lpExitCode=0x31a8af8 | out: lpExitCode=0x31a8af8*=0x103) returned 1 [0134.968] CheckRemoteDebuggerPresent (in: hProcess=0x518, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.968] GetCurrentProcessId () returned 0x10c0 [0134.968] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x51c [0134.968] GetExitCodeProcess (in: hProcess=0x51c, lpExitCode=0x31a8bb0 | out: lpExitCode=0x31a8bb0*=0x103) returned 1 [0134.968] CheckRemoteDebuggerPresent (in: hProcess=0x51c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.968] GetCurrentProcessId () returned 0x10c0 [0134.968] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x520 [0134.968] GetExitCodeProcess (in: hProcess=0x520, lpExitCode=0x31a8c68 | out: lpExitCode=0x31a8c68*=0x103) returned 1 [0134.968] CheckRemoteDebuggerPresent (in: hProcess=0x520, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.968] GetCurrentProcessId () returned 0x10c0 [0134.968] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x524 [0134.968] GetExitCodeProcess (in: hProcess=0x524, lpExitCode=0x31a8d20 | out: lpExitCode=0x31a8d20*=0x103) returned 1 [0134.968] CheckRemoteDebuggerPresent (in: hProcess=0x524, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.969] GetCurrentProcessId () returned 0x10c0 [0134.969] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x528 [0134.969] GetExitCodeProcess (in: hProcess=0x528, lpExitCode=0x31a8dd8 | out: lpExitCode=0x31a8dd8*=0x103) returned 1 [0134.969] CheckRemoteDebuggerPresent (in: hProcess=0x528, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.969] GetCurrentProcessId () returned 0x10c0 [0134.969] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x52c [0134.969] GetExitCodeProcess (in: hProcess=0x52c, lpExitCode=0x31a8e90 | out: lpExitCode=0x31a8e90*=0x103) returned 1 [0134.969] CheckRemoteDebuggerPresent (in: hProcess=0x52c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.969] GetCurrentProcessId () returned 0x10c0 [0134.969] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x530 [0134.969] GetExitCodeProcess (in: hProcess=0x530, lpExitCode=0x31a8f48 | out: lpExitCode=0x31a8f48*=0x103) returned 1 [0134.969] CheckRemoteDebuggerPresent (in: hProcess=0x530, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.969] GetCurrentProcessId () returned 0x10c0 [0134.969] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x534 [0134.969] GetExitCodeProcess (in: hProcess=0x534, lpExitCode=0x31a9000 | out: lpExitCode=0x31a9000*=0x103) returned 1 [0134.969] CheckRemoteDebuggerPresent (in: hProcess=0x534, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.969] GetCurrentProcessId () returned 0x10c0 [0134.969] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x538 [0134.969] GetExitCodeProcess (in: hProcess=0x538, lpExitCode=0x31a90b8 | out: lpExitCode=0x31a90b8*=0x103) returned 1 [0134.970] CheckRemoteDebuggerPresent (in: hProcess=0x538, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.970] GetCurrentProcessId () returned 0x10c0 [0134.970] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x53c [0134.970] GetExitCodeProcess (in: hProcess=0x53c, lpExitCode=0x31a9170 | out: lpExitCode=0x31a9170*=0x103) returned 1 [0134.970] CheckRemoteDebuggerPresent (in: hProcess=0x53c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.970] GetCurrentProcessId () returned 0x10c0 [0134.970] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x540 [0134.970] GetExitCodeProcess (in: hProcess=0x540, lpExitCode=0x31a9228 | out: lpExitCode=0x31a9228*=0x103) returned 1 [0134.970] CheckRemoteDebuggerPresent (in: hProcess=0x540, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.970] GetCurrentProcessId () returned 0x10c0 [0134.970] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x544 [0134.970] GetExitCodeProcess (in: hProcess=0x544, lpExitCode=0x31a92e0 | out: lpExitCode=0x31a92e0*=0x103) returned 1 [0134.970] CheckRemoteDebuggerPresent (in: hProcess=0x544, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.970] GetCurrentProcessId () returned 0x10c0 [0134.970] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x548 [0134.970] GetExitCodeProcess (in: hProcess=0x548, lpExitCode=0x31a9398 | out: lpExitCode=0x31a9398*=0x103) returned 1 [0134.970] CheckRemoteDebuggerPresent (in: hProcess=0x548, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.970] GetCurrentProcessId () returned 0x10c0 [0134.970] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x54c [0134.971] GetExitCodeProcess (in: hProcess=0x54c, lpExitCode=0x31a9450 | out: lpExitCode=0x31a9450*=0x103) returned 1 [0134.971] CheckRemoteDebuggerPresent (in: hProcess=0x54c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.971] GetCurrentProcessId () returned 0x10c0 [0134.971] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x550 [0134.971] GetExitCodeProcess (in: hProcess=0x550, lpExitCode=0x31a9508 | out: lpExitCode=0x31a9508*=0x103) returned 1 [0134.971] CheckRemoteDebuggerPresent (in: hProcess=0x550, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.971] GetCurrentProcessId () returned 0x10c0 [0134.971] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x554 [0134.971] GetExitCodeProcess (in: hProcess=0x554, lpExitCode=0x31a95c0 | out: lpExitCode=0x31a95c0*=0x103) returned 1 [0134.971] CheckRemoteDebuggerPresent (in: hProcess=0x554, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.971] GetCurrentProcessId () returned 0x10c0 [0134.971] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x558 [0134.971] GetExitCodeProcess (in: hProcess=0x558, lpExitCode=0x31a9678 | out: lpExitCode=0x31a9678*=0x103) returned 1 [0134.971] CheckRemoteDebuggerPresent (in: hProcess=0x558, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.971] GetCurrentProcessId () returned 0x10c0 [0134.971] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x55c [0134.971] GetExitCodeProcess (in: hProcess=0x55c, lpExitCode=0x31a9730 | out: lpExitCode=0x31a9730*=0x103) returned 1 [0134.971] CheckRemoteDebuggerPresent (in: hProcess=0x55c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.972] GetCurrentProcessId () returned 0x10c0 [0134.972] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x560 [0134.972] GetExitCodeProcess (in: hProcess=0x560, lpExitCode=0x31a97e8 | out: lpExitCode=0x31a97e8*=0x103) returned 1 [0134.972] CheckRemoteDebuggerPresent (in: hProcess=0x560, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.972] GetCurrentProcessId () returned 0x10c0 [0134.972] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x564 [0134.972] GetExitCodeProcess (in: hProcess=0x564, lpExitCode=0x31a98a0 | out: lpExitCode=0x31a98a0*=0x103) returned 1 [0134.972] CheckRemoteDebuggerPresent (in: hProcess=0x564, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.972] GetCurrentProcessId () returned 0x10c0 [0134.972] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x568 [0134.972] GetExitCodeProcess (in: hProcess=0x568, lpExitCode=0x31a9958 | out: lpExitCode=0x31a9958*=0x103) returned 1 [0134.972] CheckRemoteDebuggerPresent (in: hProcess=0x568, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.972] GetCurrentProcessId () returned 0x10c0 [0134.972] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x56c [0134.972] GetExitCodeProcess (in: hProcess=0x56c, lpExitCode=0x31a9a10 | out: lpExitCode=0x31a9a10*=0x103) returned 1 [0134.972] CheckRemoteDebuggerPresent (in: hProcess=0x56c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.972] GetCurrentProcessId () returned 0x10c0 [0134.972] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x570 [0134.972] GetExitCodeProcess (in: hProcess=0x570, lpExitCode=0x31a9ac8 | out: lpExitCode=0x31a9ac8*=0x103) returned 1 [0134.973] CheckRemoteDebuggerPresent (in: hProcess=0x570, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.973] GetCurrentProcessId () returned 0x10c0 [0134.973] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x574 [0134.973] GetExitCodeProcess (in: hProcess=0x574, lpExitCode=0x31a9b80 | out: lpExitCode=0x31a9b80*=0x103) returned 1 [0134.973] CheckRemoteDebuggerPresent (in: hProcess=0x574, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.973] GetCurrentProcessId () returned 0x10c0 [0134.973] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x578 [0134.973] GetExitCodeProcess (in: hProcess=0x578, lpExitCode=0x31a9c38 | out: lpExitCode=0x31a9c38*=0x103) returned 1 [0134.973] CheckRemoteDebuggerPresent (in: hProcess=0x578, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.973] GetCurrentProcessId () returned 0x10c0 [0134.973] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x57c [0134.973] GetExitCodeProcess (in: hProcess=0x57c, lpExitCode=0x31a9cf0 | out: lpExitCode=0x31a9cf0*=0x103) returned 1 [0134.973] CheckRemoteDebuggerPresent (in: hProcess=0x57c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.973] GetCurrentProcessId () returned 0x10c0 [0134.973] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x580 [0134.973] GetExitCodeProcess (in: hProcess=0x580, lpExitCode=0x31a9da8 | out: lpExitCode=0x31a9da8*=0x103) returned 1 [0134.973] CheckRemoteDebuggerPresent (in: hProcess=0x580, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.973] GetCurrentProcessId () returned 0x10c0 [0134.973] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x584 [0134.973] GetExitCodeProcess (in: hProcess=0x584, lpExitCode=0x31a9e60 | out: lpExitCode=0x31a9e60*=0x103) returned 1 [0134.974] CheckRemoteDebuggerPresent (in: hProcess=0x584, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.974] GetCurrentProcessId () returned 0x10c0 [0134.974] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x588 [0134.974] GetExitCodeProcess (in: hProcess=0x588, lpExitCode=0x31a9f18 | out: lpExitCode=0x31a9f18*=0x103) returned 1 [0134.974] CheckRemoteDebuggerPresent (in: hProcess=0x588, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.974] GetCurrentProcessId () returned 0x10c0 [0134.974] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x58c [0134.974] GetExitCodeProcess (in: hProcess=0x58c, lpExitCode=0x31a9fd0 | out: lpExitCode=0x31a9fd0*=0x103) returned 1 [0134.974] CheckRemoteDebuggerPresent (in: hProcess=0x58c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.974] GetCurrentProcessId () returned 0x10c0 [0134.974] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x590 [0134.974] GetExitCodeProcess (in: hProcess=0x590, lpExitCode=0x31aa088 | out: lpExitCode=0x31aa088*=0x103) returned 1 [0134.974] CheckRemoteDebuggerPresent (in: hProcess=0x590, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.974] GetCurrentProcessId () returned 0x10c0 [0134.974] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x594 [0134.975] GetExitCodeProcess (in: hProcess=0x594, lpExitCode=0x31aa140 | out: lpExitCode=0x31aa140*=0x103) returned 1 [0134.975] CheckRemoteDebuggerPresent (in: hProcess=0x594, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.975] GetCurrentProcessId () returned 0x10c0 [0134.975] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x598 [0134.975] GetExitCodeProcess (in: hProcess=0x598, lpExitCode=0x31aa1f8 | out: lpExitCode=0x31aa1f8*=0x103) returned 1 [0134.975] CheckRemoteDebuggerPresent (in: hProcess=0x598, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.975] GetCurrentProcessId () returned 0x10c0 [0134.975] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x59c [0134.975] GetExitCodeProcess (in: hProcess=0x59c, lpExitCode=0x31aa2b0 | out: lpExitCode=0x31aa2b0*=0x103) returned 1 [0134.975] CheckRemoteDebuggerPresent (in: hProcess=0x59c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.975] GetCurrentProcessId () returned 0x10c0 [0134.975] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5a0 [0134.975] GetExitCodeProcess (in: hProcess=0x5a0, lpExitCode=0x31aa368 | out: lpExitCode=0x31aa368*=0x103) returned 1 [0134.975] CheckRemoteDebuggerPresent (in: hProcess=0x5a0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.975] GetCurrentProcessId () returned 0x10c0 [0134.976] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5a4 [0134.976] GetExitCodeProcess (in: hProcess=0x5a4, lpExitCode=0x31aa420 | out: lpExitCode=0x31aa420*=0x103) returned 1 [0134.976] CheckRemoteDebuggerPresent (in: hProcess=0x5a4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.976] GetCurrentProcessId () returned 0x10c0 [0134.976] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5a8 [0134.976] GetExitCodeProcess (in: hProcess=0x5a8, lpExitCode=0x31aa4d8 | out: lpExitCode=0x31aa4d8*=0x103) returned 1 [0134.976] CheckRemoteDebuggerPresent (in: hProcess=0x5a8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.976] GetCurrentProcessId () returned 0x10c0 [0134.976] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5ac [0134.976] GetExitCodeProcess (in: hProcess=0x5ac, lpExitCode=0x31aa590 | out: lpExitCode=0x31aa590*=0x103) returned 1 [0134.976] CheckRemoteDebuggerPresent (in: hProcess=0x5ac, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.976] GetCurrentProcessId () returned 0x10c0 [0134.976] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5b0 [0134.976] GetExitCodeProcess (in: hProcess=0x5b0, lpExitCode=0x31aa648 | out: lpExitCode=0x31aa648*=0x103) returned 1 [0134.977] CheckRemoteDebuggerPresent (in: hProcess=0x5b0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.977] GetCurrentProcessId () returned 0x10c0 [0134.977] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5b4 [0134.977] GetExitCodeProcess (in: hProcess=0x5b4, lpExitCode=0x31aa700 | out: lpExitCode=0x31aa700*=0x103) returned 1 [0134.977] CheckRemoteDebuggerPresent (in: hProcess=0x5b4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.977] GetCurrentProcessId () returned 0x10c0 [0134.977] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5b8 [0134.977] GetExitCodeProcess (in: hProcess=0x5b8, lpExitCode=0x31aa7b8 | out: lpExitCode=0x31aa7b8*=0x103) returned 1 [0134.977] CheckRemoteDebuggerPresent (in: hProcess=0x5b8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.977] GetCurrentProcessId () returned 0x10c0 [0134.977] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5bc [0134.977] GetExitCodeProcess (in: hProcess=0x5bc, lpExitCode=0x31aa870 | out: lpExitCode=0x31aa870*=0x103) returned 1 [0134.977] CheckRemoteDebuggerPresent (in: hProcess=0x5bc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.977] GetCurrentProcessId () returned 0x10c0 [0134.977] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5c0 [0134.977] GetExitCodeProcess (in: hProcess=0x5c0, lpExitCode=0x31aa928 | out: lpExitCode=0x31aa928*=0x103) returned 1 [0134.977] CheckRemoteDebuggerPresent (in: hProcess=0x5c0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.978] GetCurrentProcessId () returned 0x10c0 [0134.978] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5c4 [0134.978] GetExitCodeProcess (in: hProcess=0x5c4, lpExitCode=0x31aa9e0 | out: lpExitCode=0x31aa9e0*=0x103) returned 1 [0134.978] CheckRemoteDebuggerPresent (in: hProcess=0x5c4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.978] GetCurrentProcessId () returned 0x10c0 [0134.978] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5c8 [0134.978] GetExitCodeProcess (in: hProcess=0x5c8, lpExitCode=0x31aaa98 | out: lpExitCode=0x31aaa98*=0x103) returned 1 [0134.978] CheckRemoteDebuggerPresent (in: hProcess=0x5c8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.978] GetCurrentProcessId () returned 0x10c0 [0134.978] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5cc [0134.978] GetExitCodeProcess (in: hProcess=0x5cc, lpExitCode=0x31aab50 | out: lpExitCode=0x31aab50*=0x103) returned 1 [0134.978] CheckRemoteDebuggerPresent (in: hProcess=0x5cc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.978] GetCurrentProcessId () returned 0x10c0 [0134.978] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5d0 [0134.978] GetExitCodeProcess (in: hProcess=0x5d0, lpExitCode=0x31aac08 | out: lpExitCode=0x31aac08*=0x103) returned 1 [0134.978] CheckRemoteDebuggerPresent (in: hProcess=0x5d0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.978] GetCurrentProcessId () returned 0x10c0 [0134.978] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5d4 [0134.979] GetExitCodeProcess (in: hProcess=0x5d4, lpExitCode=0x31aacc0 | out: lpExitCode=0x31aacc0*=0x103) returned 1 [0134.979] CheckRemoteDebuggerPresent (in: hProcess=0x5d4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.979] GetCurrentProcessId () returned 0x10c0 [0134.979] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5d8 [0134.979] GetExitCodeProcess (in: hProcess=0x5d8, lpExitCode=0x31aad78 | out: lpExitCode=0x31aad78*=0x103) returned 1 [0134.979] CheckRemoteDebuggerPresent (in: hProcess=0x5d8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.979] GetCurrentProcessId () returned 0x10c0 [0134.979] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5dc [0134.979] GetExitCodeProcess (in: hProcess=0x5dc, lpExitCode=0x31aae30 | out: lpExitCode=0x31aae30*=0x103) returned 1 [0134.979] CheckRemoteDebuggerPresent (in: hProcess=0x5dc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.979] GetCurrentProcessId () returned 0x10c0 [0134.979] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5e0 [0134.979] GetExitCodeProcess (in: hProcess=0x5e0, lpExitCode=0x31aaee8 | out: lpExitCode=0x31aaee8*=0x103) returned 1 [0134.979] CheckRemoteDebuggerPresent (in: hProcess=0x5e0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.979] GetCurrentProcessId () returned 0x10c0 [0134.979] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5e4 [0134.979] GetExitCodeProcess (in: hProcess=0x5e4, lpExitCode=0x31aafa0 | out: lpExitCode=0x31aafa0*=0x103) returned 1 [0134.979] CheckRemoteDebuggerPresent (in: hProcess=0x5e4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.980] GetCurrentProcessId () returned 0x10c0 [0134.980] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5e8 [0134.980] GetExitCodeProcess (in: hProcess=0x5e8, lpExitCode=0x31ab058 | out: lpExitCode=0x31ab058*=0x103) returned 1 [0134.980] CheckRemoteDebuggerPresent (in: hProcess=0x5e8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.980] GetCurrentProcessId () returned 0x10c0 [0134.980] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5ec [0134.980] GetExitCodeProcess (in: hProcess=0x5ec, lpExitCode=0x31ab110 | out: lpExitCode=0x31ab110*=0x103) returned 1 [0134.980] CheckRemoteDebuggerPresent (in: hProcess=0x5ec, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.980] GetCurrentProcessId () returned 0x10c0 [0134.980] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5f0 [0134.980] GetExitCodeProcess (in: hProcess=0x5f0, lpExitCode=0x31ab1c8 | out: lpExitCode=0x31ab1c8*=0x103) returned 1 [0134.980] CheckRemoteDebuggerPresent (in: hProcess=0x5f0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.980] GetCurrentProcessId () returned 0x10c0 [0134.980] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5f4 [0134.980] GetExitCodeProcess (in: hProcess=0x5f4, lpExitCode=0x31ab280 | out: lpExitCode=0x31ab280*=0x103) returned 1 [0134.980] CheckRemoteDebuggerPresent (in: hProcess=0x5f4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.980] GetCurrentProcessId () returned 0x10c0 [0134.980] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5f8 [0134.980] GetExitCodeProcess (in: hProcess=0x5f8, lpExitCode=0x31ab338 | out: lpExitCode=0x31ab338*=0x103) returned 1 [0134.980] CheckRemoteDebuggerPresent (in: hProcess=0x5f8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.981] GetCurrentProcessId () returned 0x10c0 [0134.981] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x5fc [0134.981] GetExitCodeProcess (in: hProcess=0x5fc, lpExitCode=0x31ab3f0 | out: lpExitCode=0x31ab3f0*=0x103) returned 1 [0134.981] CheckRemoteDebuggerPresent (in: hProcess=0x5fc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.981] GetCurrentProcessId () returned 0x10c0 [0134.981] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x600 [0134.981] GetExitCodeProcess (in: hProcess=0x600, lpExitCode=0x31ab4a8 | out: lpExitCode=0x31ab4a8*=0x103) returned 1 [0134.981] CheckRemoteDebuggerPresent (in: hProcess=0x600, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.981] GetCurrentProcessId () returned 0x10c0 [0134.981] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x604 [0134.981] GetExitCodeProcess (in: hProcess=0x604, lpExitCode=0x31ab560 | out: lpExitCode=0x31ab560*=0x103) returned 1 [0134.981] CheckRemoteDebuggerPresent (in: hProcess=0x604, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.981] GetCurrentProcessId () returned 0x10c0 [0134.981] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x608 [0134.981] GetExitCodeProcess (in: hProcess=0x608, lpExitCode=0x31ab618 | out: lpExitCode=0x31ab618*=0x103) returned 1 [0134.981] CheckRemoteDebuggerPresent (in: hProcess=0x608, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.981] GetCurrentProcessId () returned 0x10c0 [0134.981] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x60c [0134.981] GetExitCodeProcess (in: hProcess=0x60c, lpExitCode=0x31ab6d0 | out: lpExitCode=0x31ab6d0*=0x103) returned 1 [0134.982] CheckRemoteDebuggerPresent (in: hProcess=0x60c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.982] GetCurrentProcessId () returned 0x10c0 [0134.982] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x610 [0134.982] GetExitCodeProcess (in: hProcess=0x610, lpExitCode=0x31ab788 | out: lpExitCode=0x31ab788*=0x103) returned 1 [0134.982] CheckRemoteDebuggerPresent (in: hProcess=0x610, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.982] GetCurrentProcessId () returned 0x10c0 [0134.982] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x614 [0134.982] GetExitCodeProcess (in: hProcess=0x614, lpExitCode=0x31ab840 | out: lpExitCode=0x31ab840*=0x103) returned 1 [0134.982] CheckRemoteDebuggerPresent (in: hProcess=0x614, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.982] GetCurrentProcessId () returned 0x10c0 [0134.982] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x618 [0134.982] GetExitCodeProcess (in: hProcess=0x618, lpExitCode=0x31ab8f8 | out: lpExitCode=0x31ab8f8*=0x103) returned 1 [0134.982] CheckRemoteDebuggerPresent (in: hProcess=0x618, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.982] GetCurrentProcessId () returned 0x10c0 [0134.982] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x61c [0134.982] GetExitCodeProcess (in: hProcess=0x61c, lpExitCode=0x31ab9b0 | out: lpExitCode=0x31ab9b0*=0x103) returned 1 [0134.982] CheckRemoteDebuggerPresent (in: hProcess=0x61c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.983] GetCurrentProcessId () returned 0x10c0 [0134.983] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x620 [0134.983] GetExitCodeProcess (in: hProcess=0x620, lpExitCode=0x31aba68 | out: lpExitCode=0x31aba68*=0x103) returned 1 [0134.983] CheckRemoteDebuggerPresent (in: hProcess=0x620, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.983] GetCurrentProcessId () returned 0x10c0 [0134.983] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x624 [0134.983] GetExitCodeProcess (in: hProcess=0x624, lpExitCode=0x31abb20 | out: lpExitCode=0x31abb20*=0x103) returned 1 [0134.983] CheckRemoteDebuggerPresent (in: hProcess=0x624, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.983] GetCurrentProcessId () returned 0x10c0 [0134.983] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x628 [0134.983] GetExitCodeProcess (in: hProcess=0x628, lpExitCode=0x31abbd8 | out: lpExitCode=0x31abbd8*=0x103) returned 1 [0134.983] CheckRemoteDebuggerPresent (in: hProcess=0x628, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.983] GetCurrentProcessId () returned 0x10c0 [0134.983] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x62c [0134.983] GetExitCodeProcess (in: hProcess=0x62c, lpExitCode=0x31abc90 | out: lpExitCode=0x31abc90*=0x103) returned 1 [0134.983] CheckRemoteDebuggerPresent (in: hProcess=0x62c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.983] GetCurrentProcessId () returned 0x10c0 [0134.983] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x630 [0134.983] GetExitCodeProcess (in: hProcess=0x630, lpExitCode=0x31abd48 | out: lpExitCode=0x31abd48*=0x103) returned 1 [0134.984] CheckRemoteDebuggerPresent (in: hProcess=0x630, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.984] GetCurrentProcessId () returned 0x10c0 [0134.984] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x634 [0134.984] GetExitCodeProcess (in: hProcess=0x634, lpExitCode=0x31abe00 | out: lpExitCode=0x31abe00*=0x103) returned 1 [0134.984] CheckRemoteDebuggerPresent (in: hProcess=0x634, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.984] GetCurrentProcessId () returned 0x10c0 [0134.984] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x638 [0134.984] GetExitCodeProcess (in: hProcess=0x638, lpExitCode=0x31abeb8 | out: lpExitCode=0x31abeb8*=0x103) returned 1 [0134.984] CheckRemoteDebuggerPresent (in: hProcess=0x638, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.984] GetCurrentProcessId () returned 0x10c0 [0134.984] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x63c [0134.984] GetExitCodeProcess (in: hProcess=0x63c, lpExitCode=0x31abf70 | out: lpExitCode=0x31abf70*=0x103) returned 1 [0134.984] CheckRemoteDebuggerPresent (in: hProcess=0x63c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.984] GetCurrentProcessId () returned 0x10c0 [0134.984] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x640 [0134.984] GetExitCodeProcess (in: hProcess=0x640, lpExitCode=0x31ac028 | out: lpExitCode=0x31ac028*=0x103) returned 1 [0134.984] CheckRemoteDebuggerPresent (in: hProcess=0x640, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.984] GetCurrentProcessId () returned 0x10c0 [0134.984] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x644 [0134.984] GetExitCodeProcess (in: hProcess=0x644, lpExitCode=0x31ac0e0 | out: lpExitCode=0x31ac0e0*=0x103) returned 1 [0134.985] CheckRemoteDebuggerPresent (in: hProcess=0x644, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.985] GetCurrentProcessId () returned 0x10c0 [0134.985] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x648 [0134.985] GetExitCodeProcess (in: hProcess=0x648, lpExitCode=0x31ac198 | out: lpExitCode=0x31ac198*=0x103) returned 1 [0134.985] CheckRemoteDebuggerPresent (in: hProcess=0x648, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.985] GetCurrentProcessId () returned 0x10c0 [0134.985] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x64c [0134.985] GetExitCodeProcess (in: hProcess=0x64c, lpExitCode=0x31ac250 | out: lpExitCode=0x31ac250*=0x103) returned 1 [0134.985] CheckRemoteDebuggerPresent (in: hProcess=0x64c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.985] GetCurrentProcessId () returned 0x10c0 [0134.985] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x650 [0134.985] GetExitCodeProcess (in: hProcess=0x650, lpExitCode=0x31ac308 | out: lpExitCode=0x31ac308*=0x103) returned 1 [0134.985] CheckRemoteDebuggerPresent (in: hProcess=0x650, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.985] GetCurrentProcessId () returned 0x10c0 [0134.985] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x654 [0134.985] GetExitCodeProcess (in: hProcess=0x654, lpExitCode=0x31ac3c0 | out: lpExitCode=0x31ac3c0*=0x103) returned 1 [0134.985] CheckRemoteDebuggerPresent (in: hProcess=0x654, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.985] GetCurrentProcessId () returned 0x10c0 [0134.986] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x658 [0134.986] GetExitCodeProcess (in: hProcess=0x658, lpExitCode=0x31ac478 | out: lpExitCode=0x31ac478*=0x103) returned 1 [0134.986] CheckRemoteDebuggerPresent (in: hProcess=0x658, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.986] GetCurrentProcessId () returned 0x10c0 [0134.986] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x65c [0134.986] GetExitCodeProcess (in: hProcess=0x65c, lpExitCode=0x31ac530 | out: lpExitCode=0x31ac530*=0x103) returned 1 [0134.986] CheckRemoteDebuggerPresent (in: hProcess=0x65c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.986] GetCurrentProcessId () returned 0x10c0 [0134.986] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x660 [0134.986] GetExitCodeProcess (in: hProcess=0x660, lpExitCode=0x31ac5e8 | out: lpExitCode=0x31ac5e8*=0x103) returned 1 [0134.986] CheckRemoteDebuggerPresent (in: hProcess=0x660, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.986] GetCurrentProcessId () returned 0x10c0 [0134.986] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x664 [0134.986] GetExitCodeProcess (in: hProcess=0x664, lpExitCode=0x31ac6a0 | out: lpExitCode=0x31ac6a0*=0x103) returned 1 [0134.986] CheckRemoteDebuggerPresent (in: hProcess=0x664, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.986] GetCurrentProcessId () returned 0x10c0 [0134.986] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x668 [0134.986] GetExitCodeProcess (in: hProcess=0x668, lpExitCode=0x31ac758 | out: lpExitCode=0x31ac758*=0x103) returned 1 [0134.986] CheckRemoteDebuggerPresent (in: hProcess=0x668, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.987] GetCurrentProcessId () returned 0x10c0 [0134.987] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x66c [0134.987] GetExitCodeProcess (in: hProcess=0x66c, lpExitCode=0x31ac810 | out: lpExitCode=0x31ac810*=0x103) returned 1 [0134.987] CheckRemoteDebuggerPresent (in: hProcess=0x66c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.987] GetCurrentProcessId () returned 0x10c0 [0134.987] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x670 [0134.987] GetExitCodeProcess (in: hProcess=0x670, lpExitCode=0x31ac8c8 | out: lpExitCode=0x31ac8c8*=0x103) returned 1 [0134.987] CheckRemoteDebuggerPresent (in: hProcess=0x670, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.987] GetCurrentProcessId () returned 0x10c0 [0134.987] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x674 [0134.987] GetExitCodeProcess (in: hProcess=0x674, lpExitCode=0x31ac980 | out: lpExitCode=0x31ac980*=0x103) returned 1 [0134.987] CheckRemoteDebuggerPresent (in: hProcess=0x674, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.987] GetCurrentProcessId () returned 0x10c0 [0134.987] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x678 [0134.987] GetExitCodeProcess (in: hProcess=0x678, lpExitCode=0x31aca38 | out: lpExitCode=0x31aca38*=0x103) returned 1 [0134.987] CheckRemoteDebuggerPresent (in: hProcess=0x678, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.987] GetCurrentProcessId () returned 0x10c0 [0134.987] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x67c [0134.987] GetExitCodeProcess (in: hProcess=0x67c, lpExitCode=0x31acaf0 | out: lpExitCode=0x31acaf0*=0x103) returned 1 [0134.987] CheckRemoteDebuggerPresent (in: hProcess=0x67c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.988] GetCurrentProcessId () returned 0x10c0 [0134.988] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x680 [0134.988] GetExitCodeProcess (in: hProcess=0x680, lpExitCode=0x31acba8 | out: lpExitCode=0x31acba8*=0x103) returned 1 [0134.988] CheckRemoteDebuggerPresent (in: hProcess=0x680, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.988] GetCurrentProcessId () returned 0x10c0 [0134.988] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x684 [0134.988] GetExitCodeProcess (in: hProcess=0x684, lpExitCode=0x31acc60 | out: lpExitCode=0x31acc60*=0x103) returned 1 [0134.988] CheckRemoteDebuggerPresent (in: hProcess=0x684, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.988] GetCurrentProcessId () returned 0x10c0 [0134.988] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x688 [0134.988] GetExitCodeProcess (in: hProcess=0x688, lpExitCode=0x31acd18 | out: lpExitCode=0x31acd18*=0x103) returned 1 [0134.988] CheckRemoteDebuggerPresent (in: hProcess=0x688, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.988] GetCurrentProcessId () returned 0x10c0 [0134.988] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x68c [0134.988] GetExitCodeProcess (in: hProcess=0x68c, lpExitCode=0x31acdd0 | out: lpExitCode=0x31acdd0*=0x103) returned 1 [0134.988] CheckRemoteDebuggerPresent (in: hProcess=0x68c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.988] GetCurrentProcessId () returned 0x10c0 [0134.989] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x690 [0134.989] GetExitCodeProcess (in: hProcess=0x690, lpExitCode=0x31ace88 | out: lpExitCode=0x31ace88*=0x103) returned 1 [0134.989] CheckRemoteDebuggerPresent (in: hProcess=0x690, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.989] GetCurrentProcessId () returned 0x10c0 [0134.989] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x694 [0134.989] GetExitCodeProcess (in: hProcess=0x694, lpExitCode=0x31acf40 | out: lpExitCode=0x31acf40*=0x103) returned 1 [0134.989] CheckRemoteDebuggerPresent (in: hProcess=0x694, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.989] GetCurrentProcessId () returned 0x10c0 [0134.989] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x698 [0134.989] GetExitCodeProcess (in: hProcess=0x698, lpExitCode=0x31acff8 | out: lpExitCode=0x31acff8*=0x103) returned 1 [0134.989] CheckRemoteDebuggerPresent (in: hProcess=0x698, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.989] GetCurrentProcessId () returned 0x10c0 [0134.989] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x69c [0134.989] GetExitCodeProcess (in: hProcess=0x69c, lpExitCode=0x31ad0b0 | out: lpExitCode=0x31ad0b0*=0x103) returned 1 [0134.989] CheckRemoteDebuggerPresent (in: hProcess=0x69c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.989] GetCurrentProcessId () returned 0x10c0 [0134.990] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6a0 [0134.990] GetExitCodeProcess (in: hProcess=0x6a0, lpExitCode=0x31ad168 | out: lpExitCode=0x31ad168*=0x103) returned 1 [0134.990] CheckRemoteDebuggerPresent (in: hProcess=0x6a0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0134.990] GetCurrentProcessId () returned 0x10c0 [0135.033] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6a4 [0135.033] GetExitCodeProcess (in: hProcess=0x6a4, lpExitCode=0x31ad220 | out: lpExitCode=0x31ad220*=0x103) returned 1 [0135.033] CheckRemoteDebuggerPresent (in: hProcess=0x6a4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.033] GetCurrentProcessId () returned 0x10c0 [0135.033] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6a8 [0135.033] GetExitCodeProcess (in: hProcess=0x6a8, lpExitCode=0x31ad2d8 | out: lpExitCode=0x31ad2d8*=0x103) returned 1 [0135.033] CheckRemoteDebuggerPresent (in: hProcess=0x6a8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.034] GetCurrentProcessId () returned 0x10c0 [0135.034] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6ac [0135.034] GetExitCodeProcess (in: hProcess=0x6ac, lpExitCode=0x31ad390 | out: lpExitCode=0x31ad390*=0x103) returned 1 [0135.034] CheckRemoteDebuggerPresent (in: hProcess=0x6ac, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.034] GetCurrentProcessId () returned 0x10c0 [0135.034] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6b0 [0135.034] GetExitCodeProcess (in: hProcess=0x6b0, lpExitCode=0x31ad448 | out: lpExitCode=0x31ad448*=0x103) returned 1 [0135.034] CheckRemoteDebuggerPresent (in: hProcess=0x6b0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.034] GetCurrentProcessId () returned 0x10c0 [0135.034] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6b4 [0135.034] GetExitCodeProcess (in: hProcess=0x6b4, lpExitCode=0x31ad500 | out: lpExitCode=0x31ad500*=0x103) returned 1 [0135.034] CheckRemoteDebuggerPresent (in: hProcess=0x6b4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.034] GetCurrentProcessId () returned 0x10c0 [0135.034] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6b8 [0135.034] GetExitCodeProcess (in: hProcess=0x6b8, lpExitCode=0x31ad5b8 | out: lpExitCode=0x31ad5b8*=0x103) returned 1 [0135.034] CheckRemoteDebuggerPresent (in: hProcess=0x6b8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.034] GetCurrentProcessId () returned 0x10c0 [0135.034] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6bc [0135.034] GetExitCodeProcess (in: hProcess=0x6bc, lpExitCode=0x31ad670 | out: lpExitCode=0x31ad670*=0x103) returned 1 [0135.035] CheckRemoteDebuggerPresent (in: hProcess=0x6bc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.035] GetCurrentProcessId () returned 0x10c0 [0135.035] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6c0 [0135.035] GetExitCodeProcess (in: hProcess=0x6c0, lpExitCode=0x31ad728 | out: lpExitCode=0x31ad728*=0x103) returned 1 [0135.035] CheckRemoteDebuggerPresent (in: hProcess=0x6c0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.035] GetCurrentProcessId () returned 0x10c0 [0135.035] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6c4 [0135.035] GetExitCodeProcess (in: hProcess=0x6c4, lpExitCode=0x31ad7e0 | out: lpExitCode=0x31ad7e0*=0x103) returned 1 [0135.035] CheckRemoteDebuggerPresent (in: hProcess=0x6c4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.035] GetCurrentProcessId () returned 0x10c0 [0135.035] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6c8 [0135.035] GetExitCodeProcess (in: hProcess=0x6c8, lpExitCode=0x31ad898 | out: lpExitCode=0x31ad898*=0x103) returned 1 [0135.035] CheckRemoteDebuggerPresent (in: hProcess=0x6c8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.035] GetCurrentProcessId () returned 0x10c0 [0135.035] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6cc [0135.035] GetExitCodeProcess (in: hProcess=0x6cc, lpExitCode=0x31ad950 | out: lpExitCode=0x31ad950*=0x103) returned 1 [0135.035] CheckRemoteDebuggerPresent (in: hProcess=0x6cc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.035] GetCurrentProcessId () returned 0x10c0 [0135.035] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6d0 [0135.035] GetExitCodeProcess (in: hProcess=0x6d0, lpExitCode=0x31ada08 | out: lpExitCode=0x31ada08*=0x103) returned 1 [0135.036] CheckRemoteDebuggerPresent (in: hProcess=0x6d0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.036] GetCurrentProcessId () returned 0x10c0 [0135.036] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6d4 [0135.036] GetExitCodeProcess (in: hProcess=0x6d4, lpExitCode=0x31adac0 | out: lpExitCode=0x31adac0*=0x103) returned 1 [0135.036] CheckRemoteDebuggerPresent (in: hProcess=0x6d4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.036] GetCurrentProcessId () returned 0x10c0 [0135.036] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6d8 [0135.036] GetExitCodeProcess (in: hProcess=0x6d8, lpExitCode=0x31adb78 | out: lpExitCode=0x31adb78*=0x103) returned 1 [0135.036] CheckRemoteDebuggerPresent (in: hProcess=0x6d8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.036] GetCurrentProcessId () returned 0x10c0 [0135.036] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6dc [0135.036] GetExitCodeProcess (in: hProcess=0x6dc, lpExitCode=0x31adc30 | out: lpExitCode=0x31adc30*=0x103) returned 1 [0135.036] CheckRemoteDebuggerPresent (in: hProcess=0x6dc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.036] GetCurrentProcessId () returned 0x10c0 [0135.036] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6e0 [0135.036] GetExitCodeProcess (in: hProcess=0x6e0, lpExitCode=0x31adce8 | out: lpExitCode=0x31adce8*=0x103) returned 1 [0135.036] CheckRemoteDebuggerPresent (in: hProcess=0x6e0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.036] GetCurrentProcessId () returned 0x10c0 [0135.036] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6e4 [0135.036] GetExitCodeProcess (in: hProcess=0x6e4, lpExitCode=0x31adda0 | out: lpExitCode=0x31adda0*=0x103) returned 1 [0135.037] CheckRemoteDebuggerPresent (in: hProcess=0x6e4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.037] GetCurrentProcessId () returned 0x10c0 [0135.037] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6e8 [0135.037] GetExitCodeProcess (in: hProcess=0x6e8, lpExitCode=0x31ade58 | out: lpExitCode=0x31ade58*=0x103) returned 1 [0135.037] CheckRemoteDebuggerPresent (in: hProcess=0x6e8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.037] GetCurrentProcessId () returned 0x10c0 [0135.037] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6ec [0135.037] GetExitCodeProcess (in: hProcess=0x6ec, lpExitCode=0x31adf10 | out: lpExitCode=0x31adf10*=0x103) returned 1 [0135.037] CheckRemoteDebuggerPresent (in: hProcess=0x6ec, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.037] GetCurrentProcessId () returned 0x10c0 [0135.037] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6f0 [0135.037] GetExitCodeProcess (in: hProcess=0x6f0, lpExitCode=0x31adfc8 | out: lpExitCode=0x31adfc8*=0x103) returned 1 [0135.037] CheckRemoteDebuggerPresent (in: hProcess=0x6f0, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.037] GetCurrentProcessId () returned 0x10c0 [0135.037] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6f4 [0135.037] GetExitCodeProcess (in: hProcess=0x6f4, lpExitCode=0x31ae080 | out: lpExitCode=0x31ae080*=0x103) returned 1 [0135.037] CheckRemoteDebuggerPresent (in: hProcess=0x6f4, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.038] GetCurrentProcessId () returned 0x10c0 [0135.038] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6f8 [0135.038] GetExitCodeProcess (in: hProcess=0x6f8, lpExitCode=0x31ae138 | out: lpExitCode=0x31ae138*=0x103) returned 1 [0135.038] CheckRemoteDebuggerPresent (in: hProcess=0x6f8, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.038] GetCurrentProcessId () returned 0x10c0 [0135.038] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6fc [0135.038] GetExitCodeProcess (in: hProcess=0x6fc, lpExitCode=0x31ae1f0 | out: lpExitCode=0x31ae1f0*=0x103) returned 1 [0135.038] CheckRemoteDebuggerPresent (in: hProcess=0x6fc, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.038] GetCurrentProcessId () returned 0x10c0 [0135.038] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x700 [0135.038] GetExitCodeProcess (in: hProcess=0x700, lpExitCode=0x31ae2a8 | out: lpExitCode=0x31ae2a8*=0x103) returned 1 [0135.038] CheckRemoteDebuggerPresent (in: hProcess=0x700, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.038] GetCurrentProcessId () returned 0x10c0 [0135.038] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x704 [0135.038] GetExitCodeProcess (in: hProcess=0x704, lpExitCode=0x31ae360 | out: lpExitCode=0x31ae360*=0x103) returned 1 [0135.038] CheckRemoteDebuggerPresent (in: hProcess=0x704, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.038] GetCurrentProcessId () returned 0x10c0 [0135.038] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x708 [0135.039] GetExitCodeProcess (in: hProcess=0x708, lpExitCode=0x31ae418 | out: lpExitCode=0x31ae418*=0x103) returned 1 [0135.039] CheckRemoteDebuggerPresent (in: hProcess=0x708, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.039] GetCurrentProcessId () returned 0x10c0 [0135.039] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x70c [0135.039] GetExitCodeProcess (in: hProcess=0x70c, lpExitCode=0x31ae4d0 | out: lpExitCode=0x31ae4d0*=0x103) returned 1 [0135.039] CheckRemoteDebuggerPresent (in: hProcess=0x70c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.039] GetCurrentProcessId () returned 0x10c0 [0135.039] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x710 [0135.039] GetExitCodeProcess (in: hProcess=0x710, lpExitCode=0x31ae588 | out: lpExitCode=0x31ae588*=0x103) returned 1 [0135.039] CheckRemoteDebuggerPresent (in: hProcess=0x710, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.039] GetCurrentProcessId () returned 0x10c0 [0135.039] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x714 [0135.039] GetExitCodeProcess (in: hProcess=0x714, lpExitCode=0x31ae640 | out: lpExitCode=0x31ae640*=0x103) returned 1 [0135.039] CheckRemoteDebuggerPresent (in: hProcess=0x714, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.039] GetCurrentProcessId () returned 0x10c0 [0135.039] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x718 [0135.039] GetExitCodeProcess (in: hProcess=0x718, lpExitCode=0x31ae6f8 | out: lpExitCode=0x31ae6f8*=0x103) returned 1 [0135.039] CheckRemoteDebuggerPresent (in: hProcess=0x718, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.039] GetCurrentProcessId () returned 0x10c0 [0135.040] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x71c [0135.040] GetExitCodeProcess (in: hProcess=0x71c, lpExitCode=0x31ae7b0 | out: lpExitCode=0x31ae7b0*=0x103) returned 1 [0135.040] CheckRemoteDebuggerPresent (in: hProcess=0x71c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.040] GetCurrentProcessId () returned 0x10c0 [0135.040] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x720 [0135.040] GetExitCodeProcess (in: hProcess=0x720, lpExitCode=0x31ae868 | out: lpExitCode=0x31ae868*=0x103) returned 1 [0135.040] CheckRemoteDebuggerPresent (in: hProcess=0x720, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.040] GetCurrentProcessId () returned 0x10c0 [0135.040] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x724 [0135.040] GetExitCodeProcess (in: hProcess=0x724, lpExitCode=0x31ae920 | out: lpExitCode=0x31ae920*=0x103) returned 1 [0135.040] CheckRemoteDebuggerPresent (in: hProcess=0x724, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.040] GetCurrentProcessId () returned 0x10c0 [0135.040] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x728 [0135.040] GetExitCodeProcess (in: hProcess=0x728, lpExitCode=0x31ae9d8 | out: lpExitCode=0x31ae9d8*=0x103) returned 1 [0135.040] CheckRemoteDebuggerPresent (in: hProcess=0x728, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.040] GetCurrentProcessId () returned 0x10c0 [0135.040] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x72c [0135.040] GetExitCodeProcess (in: hProcess=0x72c, lpExitCode=0x31aea90 | out: lpExitCode=0x31aea90*=0x103) returned 1 [0135.040] CheckRemoteDebuggerPresent (in: hProcess=0x72c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.041] GetCurrentProcessId () returned 0x10c0 [0135.041] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x730 [0135.041] GetExitCodeProcess (in: hProcess=0x730, lpExitCode=0x31aeb48 | out: lpExitCode=0x31aeb48*=0x103) returned 1 [0135.041] CheckRemoteDebuggerPresent (in: hProcess=0x730, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.041] GetCurrentProcessId () returned 0x10c0 [0135.041] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x734 [0135.041] GetExitCodeProcess (in: hProcess=0x734, lpExitCode=0x31aec00 | out: lpExitCode=0x31aec00*=0x103) returned 1 [0135.041] CheckRemoteDebuggerPresent (in: hProcess=0x734, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.041] GetCurrentProcessId () returned 0x10c0 [0135.041] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x738 [0135.041] GetExitCodeProcess (in: hProcess=0x738, lpExitCode=0x31aecb8 | out: lpExitCode=0x31aecb8*=0x103) returned 1 [0135.041] CheckRemoteDebuggerPresent (in: hProcess=0x738, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0135.041] GetCurrentProcessId () returned 0x10c0 [0135.041] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x73c [0135.041] GetExitCodeProcess (in: hProcess=0x73c, lpExitCode=0x31aed70 | out: lpExitCode=0x31aed70*=0x103) returned 1 [0135.041] CheckRemoteDebuggerPresent (in: hProcess=0x73c, pbDebuggerPresent=0x133d9e0 | out: pbDebuggerPresent=0x133d9e0) returned 1 [0138.506] VirtualProtect (in: lpAddress=0x5c70178, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.507] VirtualProtect (in: lpAddress=0x5c701a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.507] VirtualProtect (in: lpAddress=0x5c701c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.508] VirtualProtect (in: lpAddress=0x5c701f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.514] VirtualProtect (in: lpAddress=0x5c70218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.514] VirtualProtect (in: lpAddress=0x5cf54fe, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.515] VirtualProtect (in: lpAddress=0x5cf54f2, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.518] VirtualProtect (in: lpAddress=0x5cf4c00, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.518] VirtualProtect (in: lpAddress=0x5cf550c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.519] VirtualProtect (in: lpAddress=0x5cf5530, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.520] VirtualProtect (in: lpAddress=0x5cf5538, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.520] VirtualProtect (in: lpAddress=0x5cf553c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.521] VirtualProtect (in: lpAddress=0x5cf5544, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.521] VirtualProtect (in: lpAddress=0x5cf5548, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.522] VirtualProtect (in: lpAddress=0x5cf554c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.522] VirtualProtect (in: lpAddress=0x5cf5550, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.523] VirtualProtect (in: lpAddress=0x5cf5558, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.523] VirtualProtect (in: lpAddress=0x5cf555c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.524] VirtualProtect (in: lpAddress=0x5cf5564, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.525] VirtualProtect (in: lpAddress=0x5cf5568, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.526] VirtualProtect (in: lpAddress=0x5cf556c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.526] VirtualProtect (in: lpAddress=0x5cf5574, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.527] VirtualProtect (in: lpAddress=0x5cf5578, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.527] VirtualProtect (in: lpAddress=0x5cf557c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.528] VirtualProtect (in: lpAddress=0x5cf5584, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.528] VirtualProtect (in: lpAddress=0x5cf5588, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.528] VirtualProtect (in: lpAddress=0x5cf558c, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.529] VirtualProtect (in: lpAddress=0x5cf5594, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.529] VirtualProtect (in: lpAddress=0x5cf5598, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.529] VirtualProtect (in: lpAddress=0x5cf559c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.529] VirtualProtect (in: lpAddress=0x5cf55a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.530] VirtualProtect (in: lpAddress=0x5cf55a8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.530] VirtualProtect (in: lpAddress=0x5cf55ac, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.530] VirtualProtect (in: lpAddress=0x5cf55b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.530] VirtualProtect (in: lpAddress=0x5cf55b8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.531] VirtualProtect (in: lpAddress=0x5cf55bc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x133dbac | out: lpflOldProtect=0x133dbac*=0x1) returned 0 [0138.737] GetEnvironmentVariableW (in: lpName="COR_PROFILER", lpBuffer=0x133d9b0, nSize=0x80 | out: lpBuffer="ノ琉￿￿?ijဢ玳㦀牴皴犭佚玼婼揼ő皴犭㦀牴胰犘㦀牴胰犘?ij啾玼￿￿?ij꛰琉￿￿佚玼刐玼䪌犷") returned 0x0 [0138.751] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x133d9b0, nSize=0x80 | out: lpBuffer="￿￿塚珉墬珉?ij\x01") returned 0x0 [0138.754] GetCurrentProcessId () returned 0x10c0 [0138.754] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x6f84 [0138.754] GetExitCodeProcess (in: hProcess=0x6f84, lpExitCode=0x338a79c | out: lpExitCode=0x338a79c*=0x103) returned 1 [0138.767] NtQueryInformationProcess (in: ProcessHandle=0x6f84, ProcessInformationClass=0x0, ProcessInformation=0x133dad8, ProcessInformationLength=0x18, ReturnLength=0x133dad4 | out: ProcessInformation=0x133dad8, ReturnLength=0x133dad4) returned 0x0 [0138.838] EnumProcesses (in: lpidProcess=0x338afe8, cb=0x400, lpcbNeeded=0x133da58 | out: lpidProcess=0x338afe8, lpcbNeeded=0x133da58) returned 1 [0138.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x41794c8, Length=0x20000, ResultLength=0x133dad4 | out: SystemInformation=0x41794c8, ResultLength=0x133dad4*=0x22b48) returned 0xc0000004 [0138.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x43c8d40, Length=0x25348, ResultLength=0x133dad4 | out: SystemInformation=0x43c8d40, ResultLength=0x133dad4*=0x193a8) returned 0x0 [0139.341] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", nBufferLength=0x105, lpBuffer=0x133dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", lpFilePart=0x0) returned 0x2c [0139.347] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="dgykghSf") returned 0x0 [0139.369] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="dgykghSf") returned 0x7f14 [0139.370] SleepEx (dwMilliseconds=0x2710, bAlertable=1) returned 0x0 [0149.618] GetUserObjectInformationA (in: hObj=0x13c, nIndex=1, pvInfo=0x33b5a9c, nLength=0xc, lpnLengthNeeded=0x133e3d0 | out: pvInfo=0x33b5a9c, lpnLengthNeeded=0x133e3d0) returned 1 [0149.624] GetCurrentProcess () returned 0xffffffff [0149.625] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x133e3c4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x133e3c4*=0x22a4) returned 1 [0149.634] OleInitialize (pvReserved=0x0) returned 0x0 [0149.639] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x133e38c | out: lplpMessageFilter=0x133e38c*=0x0) returned 0x0 [0149.685] GetCurrentThreadId () returned 0x10c4 [0149.694] EnumThreadWindows (dwThreadId=0x10c4, lpfn=0x5690936, lParam=0x0) returned 1 [0149.694] GetActiveWindow () returned 0x0 [0149.699] MessageBoxW (hWnd=0x0, lpText="Payment Confirmation", lpCaption="WireTransfer", uType=0x40) returned 1 [0153.761] SendMessageW (hWnd=0x0, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0155.319] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x3798) returned 0x0 [0155.324] RegQueryValueExW (in: hKey=0x3798, lpValueName="Identifier", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x1, lpData=0x0, lpcbData=0x133e000*=0x3a) returned 0x0 [0155.324] RegQueryValueExW (in: hKey=0x3798, lpValueName="Identifier", lpReserved=0x0, lpType=0x133e004, lpData=0x33b709c, lpcbData=0x133e000*=0x3a | out: lpType=0x133e004*=0x1, lpData=" HD502HI", lpcbData=0x133e000*=0x3a) returned 0x0 [0155.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\Description\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x69fc) returned 0x0 [0155.326] RegQueryValueExW (in: hKey=0x69fc, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x7, lpData=0x0, lpcbData=0x133e000*=0x9a) returned 0x0 [0155.326] RegQueryValueExW (in: hKey=0x69fc, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e004, lpData=0x33b7378, lpcbData=0x133e000*=0x9a | out: lpType=0x133e004*=0x7, lpData=0x33b7378*, lpcbData=0x133e000*=0x9a) returned 0x0 [0155.327] RegQueryValueExW (in: hKey=0x69fc, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.330] RegQueryValueExW (in: hKey=0x69fc, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.330] RegQueryValueExW (in: hKey=0x69fc, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.330] RegQueryValueExW (in: hKey=0x69fc, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.330] RegQueryValueExW (in: hKey=0x69fc, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.330] RegQueryValueExW (in: hKey=0x69fc, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.330] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\Description\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x2e0c) returned 0x0 [0155.332] RegQueryValueExW (in: hKey=0x2e0c, lpValueName="VideoBiosVersion", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x0, lpData=0x0, lpcbData=0x133e000*=0x0) returned 0x2 [0155.425] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Oracle\\VirtualBox Guest Additions", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x0) returned 0x2 [0155.431] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x43f8) returned 0x0 [0155.431] RegQueryValueExW (in: hKey=0x43f8, lpValueName="Identifier", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x1, lpData=0x0, lpcbData=0x133e000*=0x3a) returned 0x0 [0155.432] RegQueryValueExW (in: hKey=0x43f8, lpValueName="Identifier", lpReserved=0x0, lpType=0x133e004, lpData=0x33b7f64, lpcbData=0x133e000*=0x3a | out: lpType=0x133e004*=0x1, lpData=" HD502HI", lpcbData=0x133e000*=0x3a) returned 0x0 [0155.432] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\VMware, Inc.\\VMware Tools", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x0) returned 0x2 [0155.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 1\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x0) returned 0x2 [0155.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 2\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x0) returned 0x2 [0155.436] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\ControlSet001\\Services\\Disk\\Enum", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x1ccc) returned 0x0 [0155.437] RegQueryValueExW (in: hKey=0x1ccc, lpValueName="0", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x1, lpData=0x0, lpcbData=0x133e000*=0x5e) returned 0x0 [0155.437] RegQueryValueExW (in: hKey=0x1ccc, lpValueName="0", lpReserved=0x0, lpType=0x133e004, lpData=0x33b891c, lpcbData=0x133e000*=0x5e | out: lpType=0x133e004*=0x1, lpData="SCSI\\Disk&Ven_&Prod_HD502HI\\4&5d29c11&0&000000", lpcbData=0x133e000*=0x5e) returned 0x0 [0155.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0xbbc) returned 0x0 [0155.438] RegQueryValueExW (in: hKey=0xbbc, lpValueName="DriverDesc", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x1, lpData=0x0, lpcbData=0x133e000*=0x40) returned 0x0 [0155.438] RegQueryValueExW (in: hKey=0xbbc, lpValueName="DriverDesc", lpReserved=0x0, lpType=0x133e004, lpData=0x33b8e10, lpcbData=0x133e000*=0x40 | out: lpType=0x133e004*=0x1, lpData="Microsoft Basic Display Adapter", lpcbData=0x133e000*=0x40) returned 0x0 [0155.438] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x39c0) returned 0x0 [0155.439] RegQueryValueExW (in: hKey=0x39c0, lpValueName="Device Description", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x1, lpData=0x0, lpcbData=0x133e000*=0x40) returned 0x0 [0155.439] RegQueryValueExW (in: hKey=0x39c0, lpValueName="Device Description", lpReserved=0x0, lpType=0x133e004, lpData=0x33b92e0, lpcbData=0x133e000*=0x40 | out: lpType=0x133e004*=0x1, lpData="Microsoft Basic Display Adapter", lpcbData=0x133e000*=0x40) returned 0x0 [0155.439] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\VMware, Inc.\\VMware Tools", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x0) returned 0x2 [0155.449] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x772d0000 [0155.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wine_get_unix_file_name", cchWideChar=23, lpMultiByteStr=0x133e0a4, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wine_get_unix_file_name", lpUsedDefaultChar=0x0) returned 23 [0155.457] GetProcAddress (hModule=0x772d0000, lpProcName="wine_get_unix_file_name") returned 0x0 [0155.458] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x74b4) returned 0x0 [0155.501] RegQueryValueExW (in: hKey=0x74b4, lpValueName="Identifier", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x1, lpData=0x0, lpcbData=0x133e000*=0x3a) returned 0x0 [0155.501] RegQueryValueExW (in: hKey=0x74b4, lpValueName="Identifier", lpReserved=0x0, lpType=0x133e004, lpData=0x33b9af0, lpcbData=0x133e000*=0x3a | out: lpType=0x133e004*=0x1, lpData=" HD502HI", lpcbData=0x133e000*=0x3a) returned 0x0 [0155.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\Description\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x133dfec | out: phkResult=0x133dfec*=0x4d40) returned 0x0 [0155.502] RegQueryValueExW (in: hKey=0x4d40, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e004, lpData=0x0, lpcbData=0x133e000*=0x0 | out: lpType=0x133e004*=0x7, lpData=0x0, lpcbData=0x133e000*=0x9a) returned 0x0 [0155.502] RegQueryValueExW (in: hKey=0x4d40, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e004, lpData=0x33b9dcc, lpcbData=0x133e000*=0x9a | out: lpType=0x133e004*=0x7, lpData=0x33b9dcc*, lpcbData=0x133e000*=0x9a) returned 0x0 [0155.502] RegQueryValueExW (in: hKey=0x4d40, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.502] RegQueryValueExW (in: hKey=0x4d40, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.502] RegQueryValueExW (in: hKey=0x4d40, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.502] RegQueryValueExW (in: hKey=0x4d40, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.502] RegQueryValueExW (in: hKey=0x4d40, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.502] RegQueryValueExW (in: hKey=0x4d40, lpValueName="SystemBiosVersion", lpReserved=0x0, lpType=0x133e03c, lpData=0x0, lpcbData=0x133e038*=0x0 | out: lpType=0x133e03c*=0x7, lpData=0x0, lpcbData=0x133e038*=0x9a) returned 0x0 [0155.509] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3548 [0155.510] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5b8 [0155.560] SetEvent (hEvent=0x5b8) returned 1 [0155.593] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x133e070*=0x3548, lpdwindex=0x133de8c | out: lpdwindex=0x133de8c) returned 0x0 [0157.380] CoGetContextToken (in: pToken=0x133df40 | out: pToken=0x133df40) returned 0x0 [0157.413] CoGetContextToken (in: pToken=0x133dea0 | out: pToken=0x133dea0) returned 0x0 [0157.438] WbemDefPath:IUnknown:QueryInterface (in: This=0x159b8e8, riid=0x133df70*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x133df6c | out: ppvObject=0x133df6c*=0x159b8e8) returned 0x0 [0157.439] WbemDefPath:IUnknown:AddRef (This=0x159b8e8) returned 0x3 [0157.439] WbemDefPath:IUnknown:Release (This=0x159b8e8) returned 0x2 [0157.443] WbemDefPath:IWbemPath:SetText (This=0x159b8e8, uMode=0x4, pszPath="\\\\.\\ROOT\\cimv2") returned 0x0 [0157.451] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e0ec | out: puCount=0x133e0ec*=0x2) returned 0x0 [0157.451] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e0e8*=0x0, pszText=0x0 | out: puBuffLength=0x133e0e8*=0xf, pszText=0x0) returned 0x0 [0157.452] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e0e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e0e8*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0157.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e0e4 | out: puCount=0x133e0e4*=0x2) returned 0x0 [0157.453] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e0e0*=0x0, pszText=0x0 | out: puBuffLength=0x133e0e0*=0xf, pszText=0x0) returned 0x0 [0157.453] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e0e0*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e0e0*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0157.697] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x133df80*=0xbb8, lpdwindex=0x133de34 | out: lpdwindex=0x133de34) returned 0x0 [0168.149] CoGetContextToken (in: pToken=0x133dda8 | out: pToken=0x133dda8) returned 0x0 [0168.149] CoGetContextToken (in: pToken=0x133dd08 | out: pToken=0x133dd08) returned 0x0 [0168.149] CoGetContextToken (in: pToken=0x133dd08 | out: pToken=0x133dd08) returned 0x0 [0168.149] CoGetContextToken (in: pToken=0x133dcb0 | out: pToken=0x133dcb0) returned 0x0 [0168.150] IUnknown:QueryInterface (in: This=0x1520130, riid=0x73bef070*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133dc8c | out: ppvObject=0x133dc8c*=0x1520140) returned 0x0 [0168.150] CObjectContext::ContextCallback () returned 0x0 [0168.243] IUnknown:Release (This=0x1520140) returned 0x1 [0168.244] CoUnmarshalInterface (in: pStm=0x15a0248, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x133dcfc | out: ppv=0x133dcfc*=0x153c77c) returned 0x0 [0168.244] CoMarshalInterface (pStm=0x15a0248, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x153c77c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0168.244] WbemLocator:IUnknown:QueryInterface (in: This=0x153c77c, riid=0x133ddd8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x133ddd4 | out: ppvObject=0x133ddd4*=0x152b7a0) returned 0x0 [0168.249] WbemLocator:IUnknown:Release (This=0x153c77c) returned 0x1 [0168.249] IWbemServices:ExecQuery (in: This=0x152b7a0, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x133e044 | out: ppEnum=0x133e044*=0x15498e0) returned 0x0 [0168.263] IUnknown:QueryInterface (in: This=0x15498e0, riid=0x6f1d352c*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133de14 | out: ppvObject=0x133de14*=0x15498e4) returned 0x0 [0168.263] IClientSecurity:QueryBlanket (in: This=0x15498e4, pProxy=0x15498e0, pAuthnSvc=0x133de64, pAuthzSvc=0x133de60, pServerPrincName=0x133de58, pAuthnLevel=0x133de5c, pImpLevel=0x133de4c, pAuthInfo=0x133de50, pCapabilites=0x133de54 | out: pAuthnSvc=0x133de64*=0xa, pAuthzSvc=0x133de60*=0x0, pServerPrincName=0x133de58, pAuthnLevel=0x133de5c*=0x6, pImpLevel=0x133de4c*=0x2, pAuthInfo=0x133de50, pCapabilites=0x133de54*=0x1) returned 0x0 [0168.263] IUnknown:Release (This=0x15498e4) returned 0x1 [0168.263] IUnknown:QueryInterface (in: This=0x15498e0, riid=0x6f1d351c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133de08 | out: ppvObject=0x133de08*=0x153c87c) returned 0x0 [0168.264] IUnknown:QueryInterface (in: This=0x15498e0, riid=0x6f1d352c*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133ddf4 | out: ppvObject=0x133ddf4*=0x15498e4) returned 0x0 [0168.264] IClientSecurity:SetBlanket (This=0x15498e4, pProxy=0x15498e0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0168.443] IUnknown:Release (This=0x15498e4) returned 0x2 [0168.443] WbemLocator:IUnknown:Release (This=0x153c87c) returned 0x1 [0168.443] CoTaskMemFree (pv=0x15a1738) [0168.443] IUnknown:AddRef (This=0x15498e0) returned 0x2 [0168.443] CoGetContextToken (in: pToken=0x133d330 | out: pToken=0x133d330) returned 0x0 [0168.443] IUnknown:QueryInterface (in: This=0x1520078, riid=0x73bd5e8c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133d2ec | out: ppvObject=0x133d2ec*=0x1520084) returned 0x0 [0168.444] IComThreadingInfo:GetCurrentApartmentType (in: This=0x1520084, pAptType=0x133d31c | out: pAptType=0x133d31c*=3) returned 0x0 [0168.444] IUnknown:Release (This=0x1520084) returned 0x0 [0168.444] CoGetObjectContext (in: riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x159e2e4 | out: ppv=0x159e2e4*=0x1520078) returned 0x0 [0168.444] CoGetContextToken (in: pToken=0x133d738 | out: pToken=0x133d738) returned 0x0 [0168.444] IUnknown:QueryInterface (in: This=0x15498e0, riid=0x73bf02b4*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133d6d0 | out: ppvObject=0x133d6d0*=0x153c860) returned 0x0 [0168.444] WbemLocator:IRpcOptions:Query (in: This=0x153c860, pPrx=0x159e1f0, dwProperty=2, pdwValue=0x133d7d0 | out: pdwValue=0x133d7d0) returned 0x80004002 [0168.444] WbemLocator:IUnknown:Release (This=0x153c860) returned 0x2 [0168.444] CoGetContextToken (in: pToken=0x133dd10 | out: pToken=0x133dd10) returned 0x0 [0168.444] CoGetContextToken (in: pToken=0x133dc70 | out: pToken=0x133dc70) returned 0x0 [0168.444] IUnknown:QueryInterface (in: This=0x15498e0, riid=0x133dd40*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x133dc08 | out: ppvObject=0x133dc08*=0x15498e0) returned 0x0 [0168.445] IUnknown:Release (This=0x15498e0) returned 0x2 [0168.445] WbemLocator:IUnknown:Release (This=0x152b7a0) returned 0x0 [0168.445] SysStringLen (param_1=0x0) returned 0x0 [0168.445] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e094 | out: puCount=0x133e094*=0x2) returned 0x0 [0168.445] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e090*=0x0, pszText=0x0 | out: puBuffLength=0x133e090*=0xf, pszText=0x0) returned 0x0 [0168.446] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e090*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e090*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0168.446] CoGetContextToken (in: pToken=0x133de90 | out: pToken=0x133de90) returned 0x0 [0168.446] IEnumWbemClassObject:Clone (in: This=0x15498e0, ppEnum=0x133e0a0 | out: ppEnum=0x133e0a0*=0x15499a8) returned 0x0 [0168.551] IUnknown:QueryInterface (in: This=0x15499a8, riid=0x6f1d352c*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133df08 | out: ppvObject=0x133df08*=0x15499ac) returned 0x0 [0168.551] IClientSecurity:QueryBlanket (in: This=0x15499ac, pProxy=0x15499a8, pAuthnSvc=0x133df58, pAuthzSvc=0x133df54, pServerPrincName=0x133df4c, pAuthnLevel=0x133df50, pImpLevel=0x133df40, pAuthInfo=0x133df44, pCapabilites=0x133df48 | out: pAuthnSvc=0x133df58*=0xa, pAuthzSvc=0x133df54*=0x0, pServerPrincName=0x133df4c, pAuthnLevel=0x133df50*=0x6, pImpLevel=0x133df40*=0x2, pAuthInfo=0x133df44, pCapabilites=0x133df48*=0x1) returned 0x0 [0168.551] IUnknown:Release (This=0x15499ac) returned 0x1 [0168.551] IUnknown:QueryInterface (in: This=0x15499a8, riid=0x6f1d351c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133defc | out: ppvObject=0x133defc*=0x153c77c) returned 0x0 [0168.551] IUnknown:QueryInterface (in: This=0x15499a8, riid=0x6f1d352c*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133dee8 | out: ppvObject=0x133dee8*=0x15499ac) returned 0x0 [0168.551] IClientSecurity:SetBlanket (This=0x15499ac, pProxy=0x15499a8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0168.877] IUnknown:Release (This=0x15499ac) returned 0x2 [0168.877] WbemLocator:IUnknown:Release (This=0x153c77c) returned 0x1 [0168.877] CoTaskMemFree (pv=0x15a1828) [0168.877] IUnknown:AddRef (This=0x15499a8) returned 0x2 [0168.877] CoGetContextToken (in: pToken=0x133d410 | out: pToken=0x133d410) returned 0x0 [0168.878] CoGetContextToken (in: pToken=0x133d818 | out: pToken=0x133d818) returned 0x0 [0168.878] IUnknown:QueryInterface (in: This=0x15499a8, riid=0x73bf02b4*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133d7b0 | out: ppvObject=0x133d7b0*=0x153c760) returned 0x0 [0168.878] WbemLocator:IRpcOptions:Query (in: This=0x153c760, pPrx=0x159e1c0, dwProperty=2, pdwValue=0x133d8b0 | out: pdwValue=0x133d8b0) returned 0x80004002 [0168.878] WbemLocator:IUnknown:Release (This=0x153c760) returned 0x2 [0168.878] CoGetContextToken (in: pToken=0x133ddf8 | out: pToken=0x133ddf8) returned 0x0 [0168.878] CoGetContextToken (in: pToken=0x133dd58 | out: pToken=0x133dd58) returned 0x0 [0168.878] IUnknown:QueryInterface (in: This=0x15499a8, riid=0x133de28*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x133dcf0 | out: ppvObject=0x133dcf0*=0x15499a8) returned 0x0 [0168.878] IUnknown:Release (This=0x15499a8) returned 0x2 [0168.878] SysStringLen (param_1=0x0) returned 0x0 [0168.879] IEnumWbemClassObject:Reset (This=0x15499a8) returned 0x0 [0169.098] CoTaskMemAlloc (cb=0x4) returned 0x15521e8 [0169.098] IEnumWbemClassObject:Next (in: This=0x15499a8, lTimeout=-1, uCount=0x1, apObjects=0x15521e8, puReturned=0x33bea44 | out: apObjects=0x15521e8*=0x1542328, puReturned=0x33bea44*=0x1) returned 0x0 [0169.607] IUnknown:QueryInterface (in: This=0x1542328, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133d6f8 | out: ppvObject=0x133d6f8*=0x1542328) returned 0x0 [0169.607] IUnknown:QueryInterface (in: This=0x1542328, riid=0x73bf0328*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x133d6b4 | out: ppvObject=0x133d6b4*=0x0) returned 0x80004002 [0169.607] IUnknown:QueryInterface (in: This=0x1542328, riid=0x73bf03bc*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x133d4d4 | out: ppvObject=0x133d4d4*=0x0) returned 0x80004002 [0169.607] IUnknown:QueryInterface (in: This=0x1542328, riid=0x73bf0490*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x133d2ac | out: ppvObject=0x133d2ac*=0x0) returned 0x80004002 [0169.608] IUnknown:AddRef (This=0x1542328) returned 0x3 [0169.608] IUnknown:QueryInterface (in: This=0x1542328, riid=0x73bf0074*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x133d00c | out: ppvObject=0x133d00c*=0x0) returned 0x80004002 [0169.608] IUnknown:QueryInterface (in: This=0x1542328, riid=0x73beffc8*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x133cfbc | out: ppvObject=0x133cfbc*=0x0) returned 0x80004002 [0169.608] IUnknown:QueryInterface (in: This=0x1542328, riid=0x73b37604*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133cfc8 | out: ppvObject=0x133cfc8*=0x154232c) returned 0x0 [0169.608] IMarshal:GetUnmarshalClass (in: This=0x154232c, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x133cfd0 | out: pCid=0x133cfd0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0169.608] IUnknown:Release (This=0x154232c) returned 0x3 [0169.608] CoGetContextToken (in: pToken=0x133d028 | out: pToken=0x133d028) returned 0x0 [0169.608] CoGetContextToken (in: pToken=0x133d430 | out: pToken=0x133d430) returned 0x0 [0169.608] IUnknown:QueryInterface (in: This=0x1542328, riid=0x73bf02b4*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133d4bc | out: ppvObject=0x133d4bc*=0x0) returned 0x80004002 [0169.608] IUnknown:Release (This=0x1542328) returned 0x2 [0169.608] CoGetContextToken (in: pToken=0x133da08 | out: pToken=0x133da08) returned 0x0 [0169.608] CoGetContextToken (in: pToken=0x133d968 | out: pToken=0x133d968) returned 0x0 [0169.608] IUnknown:QueryInterface (in: This=0x1542328, riid=0x133da38*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x133da34 | out: ppvObject=0x133da34*=0x1542328) returned 0x0 [0169.608] IUnknown:AddRef (This=0x1542328) returned 0x4 [0169.608] IUnknown:Release (This=0x1542328) returned 0x3 [0169.609] IUnknown:Release (This=0x1542328) returned 0x2 [0169.609] CoTaskMemFree (pv=0x15521e8) [0169.610] CoGetContextToken (in: pToken=0x133dd80 | out: pToken=0x133dd80) returned 0x0 [0169.610] IUnknown:AddRef (This=0x1542328) returned 0x3 [0169.611] IWbemClassObject:Get (in: This=0x1542328, wszName="__GENUS", lFlags=0, pVal=0x133e07c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x133e110*=0, plFlavor=0x133e10c*=0 | out: pVal=0x133e07c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x133e110*=3, plFlavor=0x133e10c*=64) returned 0x0 [0169.614] IWbemClassObject:Get (in: This=0x1542328, wszName="__PATH", lFlags=0, pVal=0x133e060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x133e0f8*=0, plFlavor=0x133e0f4*=0 | out: pVal=0x133e060*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\NQDPDE\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x133e0f8*=8, plFlavor=0x133e0f4*=64) returned 0x0 [0169.616] SysStringByteLen (bstr="\\\\NQDPDE\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8a [0169.616] SysStringByteLen (bstr="\\\\NQDPDE\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x8a [0169.616] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac4c [0169.616] SetEvent (hEvent=0x5b8) returned 1 [0169.617] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x133e04c*=0xac4c, lpdwindex=0x133de6c | out: lpdwindex=0x133de6c) returned 0x0 [0169.621] CoGetContextToken (in: pToken=0x133df18 | out: pToken=0x133df18) returned 0x0 [0169.621] CoGetContextToken (in: pToken=0x133de78 | out: pToken=0x133de78) returned 0x0 [0169.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x159c448, riid=0x133df48*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x133df44 | out: ppvObject=0x133df44*=0x159c448) returned 0x0 [0169.621] WbemDefPath:IUnknown:AddRef (This=0x159c448) returned 0x3 [0169.621] WbemDefPath:IUnknown:Release (This=0x159c448) returned 0x2 [0169.621] WbemDefPath:IWbemPath:SetText (This=0x159c448, uMode=0x4, pszPath="\\\\NQDPDE\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0 [0169.621] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e0cc | out: puCount=0x133e0cc*=0x2) returned 0x0 [0169.621] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e0c8*=0x0, pszText=0x0 | out: puBuffLength=0x133e0c8*=0xf, pszText=0x0) returned 0x0 [0169.621] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e0c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e0c8*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0169.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e098 | out: puCount=0x133e098*=0x2) returned 0x0 [0169.622] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0x0, pszText=0x0 | out: puBuffLength=0x133e094*=0xf, pszText=0x0) returned 0x0 [0169.622] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e094*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0169.622] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e080*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf370*=0, plFlavor=0x33bf374*=0 | out: pVal=0x133e080*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf370*=8, plFlavor=0x33bf374*=32) returned 0x0 [0169.622] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.622] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.623] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e088*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf370*=8, plFlavor=0x33bf374*=32 | out: pVal=0x133e088*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf370*=8, plFlavor=0x33bf374*=32) returned 0x0 [0169.623] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.623] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.624] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e098 | out: puCount=0x133e098*=0x2) returned 0x0 [0169.624] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0x0, pszText=0x0 | out: puBuffLength=0x133e094*=0xf, pszText=0x0) returned 0x0 [0169.624] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e094*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0169.624] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e080*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf4b0*=0, plFlavor=0x33bf4b4*=0 | out: pVal=0x133e080*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf4b0*=8, plFlavor=0x33bf4b4*=32) returned 0x0 [0169.624] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.624] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.625] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e088*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf4b0*=8, plFlavor=0x33bf4b4*=32 | out: pVal=0x133e088*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf4b0*=8, plFlavor=0x33bf4b4*=32) returned 0x0 [0169.625] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.625] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.625] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e098 | out: puCount=0x133e098*=0x2) returned 0x0 [0169.625] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0x0, pszText=0x0 | out: puBuffLength=0x133e094*=0xf, pszText=0x0) returned 0x0 [0169.625] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e094*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0169.625] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e080*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf5d8*=0, plFlavor=0x33bf5dc*=0 | out: pVal=0x133e080*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf5d8*=8, plFlavor=0x33bf5dc*=32) returned 0x0 [0169.626] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.626] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.626] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e088*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf5d8*=8, plFlavor=0x33bf5dc*=32 | out: pVal=0x133e088*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf5d8*=8, plFlavor=0x33bf5dc*=32) returned 0x0 [0169.626] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.626] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.626] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e098 | out: puCount=0x133e098*=0x2) returned 0x0 [0169.626] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0x0, pszText=0x0 | out: puBuffLength=0x133e094*=0xf, pszText=0x0) returned 0x0 [0169.626] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e094*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0169.626] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e080*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf71c*=0, plFlavor=0x33bf720*=0 | out: pVal=0x133e080*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf71c*=8, plFlavor=0x33bf720*=32) returned 0x0 [0169.626] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.626] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.626] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e088*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf71c*=8, plFlavor=0x33bf720*=32 | out: pVal=0x133e088*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf71c*=8, plFlavor=0x33bf720*=32) returned 0x0 [0169.627] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.627] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.627] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e098 | out: puCount=0x133e098*=0x2) returned 0x0 [0169.627] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0x0, pszText=0x0 | out: puBuffLength=0x133e094*=0xf, pszText=0x0) returned 0x0 [0169.627] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e094*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0169.627] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e080*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf848*=0, plFlavor=0x33bf84c*=0 | out: pVal=0x133e080*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf848*=8, plFlavor=0x33bf84c*=32) returned 0x0 [0169.627] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.627] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.627] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e088*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf848*=8, plFlavor=0x33bf84c*=32 | out: pVal=0x133e088*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf848*=8, plFlavor=0x33bf84c*=32) returned 0x0 [0169.627] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.627] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.628] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x133e098 | out: puCount=0x133e098*=0x2) returned 0x0 [0169.628] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0x0, pszText=0x0 | out: puBuffLength=0x133e094*=0xf, pszText=0x0) returned 0x0 [0169.628] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=4, puBuffLength=0x133e094*=0xf, pszText="00000000000000" | out: puBuffLength=0x133e094*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0169.628] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e080*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf9a8*=0, plFlavor=0x33bf9ac*=0 | out: pVal=0x133e080*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf9a8*=8, plFlavor=0x33bf9ac*=32) returned 0x0 [0169.628] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.628] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.628] IWbemClassObject:Get (in: This=0x1542328, wszName="Description", lFlags=0, pVal=0x133e088*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33bf9a8*=8, plFlavor=0x33bf9ac*=32 | out: pVal=0x133e088*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Radeon (TM) RX 570 Graphics", varVal2=0x0), pType=0x33bf9a8*=8, plFlavor=0x33bf9ac*=32) returned 0x0 [0169.628] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.628] SysStringByteLen (bstr="Radeon (TM) RX 570 Graphics") returned 0x36 [0169.628] CoTaskMemAlloc (cb=0x4) returned 0x1529268 [0169.629] IEnumWbemClassObject:Next (in: This=0x15499a8, lTimeout=-1, uCount=0x1, apObjects=0x1529268, puReturned=0x33bea44 | out: apObjects=0x1529268*=0x0, puReturned=0x33bea44*=0x0) returned 0x1 [0169.632] CoTaskMemFree (pv=0x1529268) [0169.633] CoGetContextToken (in: pToken=0x133dfc0 | out: pToken=0x133dfc0) returned 0x0 [0169.633] IUnknown:Release (This=0x15498e0) returned 0x1 [0169.633] IUnknown:Release (This=0x15498e0) returned 0x0 [0170.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x33bfb78, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0170.100] GetUserNameA (in: lpBuffer=0x133e288, pcbBuffer=0x133e48c | out: lpBuffer="FD1HVy", pcbBuffer=0x133e48c) returned 1 [0170.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SbieDll.dll", cchWideChar=11, lpMultiByteStr=0x133e2b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SbieDll.dll", lpUsedDefaultChar=0x0) returned 11 [0170.169] GetModuleHandleA (lpModuleName="SbieDll.dll") returned 0x0 [0170.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Afx:400000:0", cchWideChar=12, lpMultiByteStr=0x133e2a4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Afx:400000:0\x80É\x7f\x0bÄyÍbðù°s°è3\x01@S¼s8M¼s", lpUsedDefaultChar=0x0) returned 12 [0170.178] FindWindowA (lpClassName="Afx:400000:0", lpWindowName=0x0) returned 0x0 [0170.186] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", nBufferLength=0x105, lpBuffer=0x133de2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", lpFilePart=0x0) returned 0x2c [0170.393] CreateProcessW (in: lpApplicationName="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x133e0c0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x133e3c0 | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x133e3c0*(hProcess=0x78d8, hThread=0x41d0, dwProcessId=0xe78, dwThreadId=0xcf4)) returned 1 [0170.436] GetThreadContext (in: hThread=0x41d0, lpContext=0x33c047c | out: lpContext=0x33c047c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0xbb9000, Edx=0x0, Ecx=0x0, Eax=0x8ab37a, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0170.483] ReadProcessMemory (in: hProcess=0x78d8, lpBaseAddress=0xbb9008, lpBuffer=0x133e3a8, nSize=0x4, lpNumberOfBytesRead=0x133e3f8 | out: lpBuffer=0x133e3a8*, lpNumberOfBytesRead=0x133e3f8*=0x4) returned 1 [0170.486] VirtualAllocEx (hProcess=0x78d8, lpAddress=0x400000, dwSize=0x2e000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0170.491] WriteProcessMemory (in: hProcess=0x78d8, lpBaseAddress=0x400000, lpBuffer=0x4476938*, nSize=0x200, lpNumberOfBytesWritten=0x133e3f8 | out: lpBuffer=0x4476938*, lpNumberOfBytesWritten=0x133e3f8*=0x200) returned 1 [0170.510] WriteProcessMemory (in: hProcess=0x78d8, lpBaseAddress=0x401000, lpBuffer=0x44a4158*, nSize=0x2c600, lpNumberOfBytesWritten=0x133e3f8 | out: lpBuffer=0x44a4158*, lpNumberOfBytesWritten=0x133e3f8*=0x2c600) returned 1 [0170.587] WriteProcessMemory (in: hProcess=0x78d8, lpBaseAddress=0xbb9008, lpBuffer=0x33c0754*, nSize=0x4, lpNumberOfBytesWritten=0x133e3f8 | out: lpBuffer=0x33c0754*, lpNumberOfBytesWritten=0x133e3f8*=0x4) returned 1 [0170.588] SetThreadContext (hThread=0x41d0, lpContext=0x33c047c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0xbb9000, Edx=0x0, Ecx=0x0, Eax=0x41ed10, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0170.595] ResumeThread (hThread=0x41d0) returned 0x1 [0171.449] CoGetContextToken (in: pToken=0x133e838 | out: pToken=0x133e838) returned 0x0 [0171.449] IUnknown:QueryInterface (in: This=0x1520078, riid=0x73bd5e8c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x133e85c | out: ppvObject=0x133e85c*=0x1520084) returned 0x0 [0171.449] IComThreadingInfo:GetCurrentThreadType (in: This=0x1520084, pThreadType=0x133e8bc | out: pThreadType=0x133e8bc*=1) returned 0x0 [0171.449] IUnknown:Release (This=0x1520084) returned 0x1 [0171.450] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x14ec0a0*=0x198, lpdwindex=0x133e6dc | out: lpdwindex=0x133e6dc) returned 0x0 [0171.663] CoGetContextToken (in: pToken=0x133d87c | out: pToken=0x133d87c) returned 0x0 [0171.663] CoGetContextToken (in: pToken=0x133d834 | out: pToken=0x133d834) returned 0x0 [0171.663] IUnknown:Release (This=0x15499a8) returned 0x1 [0171.663] IUnknown:Release (This=0x15499a8) returned 0x0 [0172.587] CoGetContextToken (in: pToken=0x133d87c | out: pToken=0x133d87c) returned 0x0 [0172.587] CoGetContextToken (in: pToken=0x133d85c | out: pToken=0x133d85c) returned 0x0 [0172.587] CoGetContextToken (in: pToken=0x133d7e0 | out: pToken=0x133d7e0) returned 0x0 [0172.587] IUnknown:Release (This=0x1542328) returned 0x1 [0172.587] IUnknown:Release (This=0x1542328) returned 0x0 Thread: id = 2 os_tid = 0x10f8 Thread: id = 3 os_tid = 0x114c Thread: id = 4 os_tid = 0x1134 [0108.124] CoGetContextToken (in: pToken=0x526fc64 | out: pToken=0x526fc64) returned 0x800401f0 [0108.124] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0108.124] RoInitialize () returned 0x1 [0108.124] RoUninitialize () returned 0x0 [0136.628] CloseHandle (hObject=0x162c) returned 1 [0136.628] CloseHandle (hObject=0xa868) returned 1 [0136.628] CloseHandle (hObject=0x29f0) returned 1 [0136.628] CloseHandle (hObject=0x57b8) returned 1 [0136.628] CloseHandle (hObject=0x7f44) returned 1 [0136.628] CloseHandle (hObject=0x87a8) returned 1 [0136.628] CloseHandle (hObject=0x1988) returned 1 [0136.628] CloseHandle (hObject=0x7e44) returned 1 [0136.628] CloseHandle (hObject=0x1158) returned 1 [0136.628] CloseHandle (hObject=0x86d8) returned 1 [0136.628] CloseHandle (hObject=0x2514) returned 1 [0136.629] CloseHandle (hObject=0x94d4) returned 1 [0136.629] CloseHandle (hObject=0x5d18) returned 1 [0136.629] CloseHandle (hObject=0xa7fc) returned 1 [0136.629] CloseHandle (hObject=0x71c0) returned 1 [0136.629] CloseHandle (hObject=0x5020) returned 1 [0136.629] CloseHandle (hObject=0x9914) returned 1 [0136.629] CloseHandle (hObject=0x209c) returned 1 [0136.629] CloseHandle (hObject=0x72b8) returned 1 [0136.629] CloseHandle (hObject=0x43e8) returned 1 [0136.629] CloseHandle (hObject=0x2a4c) returned 1 [0136.629] CloseHandle (hObject=0x3ca0) returned 1 [0136.629] CloseHandle (hObject=0x4b6c) returned 1 [0136.629] CloseHandle (hObject=0x9c14) returned 1 [0136.630] CloseHandle (hObject=0x14a0) returned 1 [0136.630] CloseHandle (hObject=0x85fc) returned 1 [0136.630] CloseHandle (hObject=0x2fd0) returned 1 [0136.630] CloseHandle (hObject=0x5124) returned 1 [0136.630] CloseHandle (hObject=0x20b0) returned 1 [0136.630] CloseHandle (hObject=0xc0c) returned 1 [0136.630] CloseHandle (hObject=0x6950) returned 1 [0136.630] CloseHandle (hObject=0x500) returned 1 [0136.630] CloseHandle (hObject=0x2f9c) returned 1 [0136.630] CloseHandle (hObject=0x6c78) returned 1 [0136.630] CloseHandle (hObject=0x2b78) returned 1 [0136.630] CloseHandle (hObject=0x5078) returned 1 [0136.630] CloseHandle (hObject=0xa2a4) returned 1 [0136.631] CloseHandle (hObject=0x8340) returned 1 [0136.631] CloseHandle (hObject=0x73fc) returned 1 [0136.631] CloseHandle (hObject=0x3990) returned 1 [0136.631] CloseHandle (hObject=0x14b4) returned 1 [0136.631] CloseHandle (hObject=0xa228) returned 1 [0136.631] CloseHandle (hObject=0x59c) returned 1 [0136.631] CloseHandle (hObject=0x756c) returned 1 [0136.631] CloseHandle (hObject=0x1778) returned 1 [0136.631] CloseHandle (hObject=0x6bcc) returned 1 [0136.631] CloseHandle (hObject=0x60bc) returned 1 [0136.632] CloseHandle (hObject=0x5bd4) returned 1 [0136.632] CloseHandle (hObject=0x5920) returned 1 [0136.632] CloseHandle (hObject=0xfa4) returned 1 [0136.632] CloseHandle (hObject=0x5804) returned 1 [0136.632] CloseHandle (hObject=0xa740) returned 1 [0136.632] CloseHandle (hObject=0x9f4) returned 1 [0136.632] CloseHandle (hObject=0x8ae8) returned 1 [0136.632] CloseHandle (hObject=0x8140) returned 1 [0136.632] CloseHandle (hObject=0x8fb8) returned 1 [0136.632] CloseHandle (hObject=0xb4f8) returned 1 [0136.633] CloseHandle (hObject=0x4dc4) returned 1 [0136.633] CloseHandle (hObject=0x5afc) returned 1 [0136.633] CloseHandle (hObject=0x2fcc) returned 1 [0136.633] CloseHandle (hObject=0x7a04) returned 1 [0136.633] CloseHandle (hObject=0x8380) returned 1 [0136.633] CloseHandle (hObject=0x1560) returned 1 [0136.633] CloseHandle (hObject=0xa7f0) returned 1 [0136.633] CloseHandle (hObject=0xa1c8) returned 1 [0136.633] CloseHandle (hObject=0x2d5c) returned 1 [0136.633] CloseHandle (hObject=0xb410) returned 1 [0136.633] CloseHandle (hObject=0x32bc) returned 1 [0136.633] CloseHandle (hObject=0x14fc) returned 1 [0136.633] CloseHandle (hObject=0xb570) returned 1 [0136.634] CloseHandle (hObject=0x9874) returned 1 [0136.634] CloseHandle (hObject=0x6b08) returned 1 [0136.634] CloseHandle (hObject=0x1840) returned 1 [0136.634] CloseHandle (hObject=0x96c4) returned 1 [0136.634] CloseHandle (hObject=0x9c24) returned 1 [0136.634] CloseHandle (hObject=0xa064) returned 1 [0136.634] CloseHandle (hObject=0xa080) returned 1 [0136.634] CloseHandle (hObject=0xa3ec) returned 1 [0136.634] CloseHandle (hObject=0x1020) returned 1 [0136.634] CloseHandle (hObject=0x29a8) returned 1 [0136.634] CloseHandle (hObject=0x46b8) returned 1 [0136.635] CloseHandle (hObject=0x1470) returned 1 [0136.635] CloseHandle (hObject=0x2d44) returned 1 [0136.635] CloseHandle (hObject=0x4cfc) returned 1 [0136.635] CloseHandle (hObject=0x471c) returned 1 [0136.635] CloseHandle (hObject=0x2684) returned 1 [0136.635] CloseHandle (hObject=0x8044) returned 1 [0136.635] CloseHandle (hObject=0x53bc) returned 1 [0136.635] CloseHandle (hObject=0xaba8) returned 1 [0136.635] CloseHandle (hObject=0x1598) returned 1 [0136.635] CloseHandle (hObject=0x992c) returned 1 [0136.635] CloseHandle (hObject=0x5860) returned 1 [0136.636] CloseHandle (hObject=0x87f0) returned 1 [0136.636] CloseHandle (hObject=0x9a8c) returned 1 [0136.636] CloseHandle (hObject=0x3e4c) returned 1 [0136.636] CloseHandle (hObject=0x6e90) returned 1 [0136.636] CloseHandle (hObject=0x499c) returned 1 [0136.636] CloseHandle (hObject=0x5464) returned 1 [0136.636] CloseHandle (hObject=0xa430) returned 1 [0136.636] CloseHandle (hObject=0x2518) returned 1 [0136.636] CloseHandle (hObject=0x6af8) returned 1 [0136.636] CloseHandle (hObject=0x7d4c) returned 1 [0136.636] CloseHandle (hObject=0x4828) returned 1 [0136.637] CloseHandle (hObject=0x1208) returned 1 [0136.637] CloseHandle (hObject=0x6d5c) returned 1 [0136.637] CloseHandle (hObject=0x43ec) returned 1 [0136.637] CloseHandle (hObject=0x8f00) returned 1 [0136.637] CloseHandle (hObject=0xae4c) returned 1 [0136.637] CloseHandle (hObject=0x1660) returned 1 [0136.637] CloseHandle (hObject=0x9d30) returned 1 [0136.637] CloseHandle (hObject=0x458) returned 1 [0136.637] CloseHandle (hObject=0x4f68) returned 1 [0136.637] CloseHandle (hObject=0x4a50) returned 1 [0136.637] CloseHandle (hObject=0x86d0) returned 1 [0136.637] CloseHandle (hObject=0x1874) returned 1 [0136.637] CloseHandle (hObject=0x14e8) returned 1 [0136.638] CloseHandle (hObject=0x632c) returned 1 [0136.638] CloseHandle (hObject=0x60c4) returned 1 [0136.638] CloseHandle (hObject=0x6cbc) returned 1 [0136.638] CloseHandle (hObject=0x3b9c) returned 1 [0136.638] CloseHandle (hObject=0x887c) returned 1 [0136.638] CloseHandle (hObject=0x700c) returned 1 [0136.638] CloseHandle (hObject=0x652c) returned 1 [0136.638] CloseHandle (hObject=0x5a64) returned 1 [0136.638] CloseHandle (hObject=0x1d90) returned 1 [0136.639] CloseHandle (hObject=0x9678) returned 1 [0136.639] CloseHandle (hObject=0x36ec) returned 1 [0136.639] CloseHandle (hObject=0x1630) returned 1 [0136.639] CloseHandle (hObject=0x3b2c) returned 1 [0136.639] CloseHandle (hObject=0xa8ec) returned 1 [0136.639] CloseHandle (hObject=0x3784) returned 1 [0136.639] CloseHandle (hObject=0x3b3c) returned 1 [0136.639] CloseHandle (hObject=0xa22c) returned 1 [0136.639] CloseHandle (hObject=0x5bdc) returned 1 [0136.639] CloseHandle (hObject=0x2344) returned 1 [0136.639] CloseHandle (hObject=0x15b8) returned 1 [0136.639] CloseHandle (hObject=0x9ec4) returned 1 [0136.639] CloseHandle (hObject=0x67f8) returned 1 [0136.640] CloseHandle (hObject=0xb440) returned 1 [0136.640] CloseHandle (hObject=0x14c8) returned 1 [0136.640] CloseHandle (hObject=0x367c) returned 1 [0136.640] CloseHandle (hObject=0x1d4c) returned 1 [0136.640] CloseHandle (hObject=0x8a64) returned 1 [0136.640] CloseHandle (hObject=0xb5c8) returned 1 [0136.640] CloseHandle (hObject=0x4ebc) returned 1 [0136.640] CloseHandle (hObject=0xb0bc) returned 1 [0136.640] CloseHandle (hObject=0x47e0) returned 1 [0136.640] CloseHandle (hObject=0x528c) returned 1 [0136.640] CloseHandle (hObject=0x7090) returned 1 [0136.640] CloseHandle (hObject=0x460) returned 1 [0136.641] CloseHandle (hObject=0x3e20) returned 1 [0136.641] CloseHandle (hObject=0x2644) returned 1 [0136.641] CloseHandle (hObject=0x414) returned 1 [0136.641] CloseHandle (hObject=0x9e00) returned 1 [0136.641] CloseHandle (hObject=0x2818) returned 1 [0136.641] CloseHandle (hObject=0x7368) returned 1 [0136.641] CloseHandle (hObject=0x3eb0) returned 1 [0136.641] CloseHandle (hObject=0x9098) returned 1 [0136.641] CloseHandle (hObject=0x7d30) returned 1 [0136.641] CloseHandle (hObject=0x95bc) returned 1 [0136.641] CloseHandle (hObject=0x9264) returned 1 [0136.641] CloseHandle (hObject=0x130c) returned 1 [0136.642] CloseHandle (hObject=0x7fb8) returned 1 [0136.642] CloseHandle (hObject=0x9fe0) returned 1 [0136.642] CloseHandle (hObject=0xa024) returned 1 [0136.642] CloseHandle (hObject=0x73ac) returned 1 [0136.642] CloseHandle (hObject=0x6ca4) returned 1 [0136.642] CloseHandle (hObject=0x1490) returned 1 [0136.642] CloseHandle (hObject=0x2010) returned 1 [0136.642] CloseHandle (hObject=0x718c) returned 1 [0136.642] CloseHandle (hObject=0xa9b8) returned 1 [0136.642] CloseHandle (hObject=0x8924) returned 1 [0136.642] CloseHandle (hObject=0x1068) returned 1 [0136.642] CloseHandle (hObject=0xa86c) returned 1 [0136.643] CloseHandle (hObject=0x16b0) returned 1 [0136.643] CloseHandle (hObject=0x1a5c) returned 1 [0136.643] CloseHandle (hObject=0x76a8) returned 1 [0136.643] CloseHandle (hObject=0x8a20) returned 1 [0136.643] CloseHandle (hObject=0x546c) returned 1 [0136.643] CloseHandle (hObject=0x12c4) returned 1 [0136.643] CloseHandle (hObject=0x5c58) returned 1 [0136.643] CloseHandle (hObject=0x6b24) returned 1 [0136.643] CloseHandle (hObject=0x82c8) returned 1 [0136.643] CloseHandle (hObject=0x7c28) returned 1 [0136.643] CloseHandle (hObject=0xb0fc) returned 1 [0136.644] CloseHandle (hObject=0x4700) returned 1 [0136.644] CloseHandle (hObject=0x77a0) returned 1 [0136.644] CloseHandle (hObject=0x9aec) returned 1 [0136.644] CloseHandle (hObject=0x7a0c) returned 1 [0136.644] CloseHandle (hObject=0xabc) returned 1 [0136.644] CloseHandle (hObject=0x3790) returned 1 [0136.644] CloseHandle (hObject=0xaea0) returned 1 [0136.644] CloseHandle (hObject=0x314c) returned 1 [0136.644] CloseHandle (hObject=0x6e88) returned 1 [0136.644] CloseHandle (hObject=0x2df4) returned 1 [0136.644] CloseHandle (hObject=0x350) returned 1 [0136.644] CloseHandle (hObject=0x484c) returned 1 [0136.645] CloseHandle (hObject=0x38fc) returned 1 [0136.645] CloseHandle (hObject=0xac10) returned 1 [0136.645] CloseHandle (hObject=0xb010) returned 1 [0136.645] CloseHandle (hObject=0x7c30) returned 1 [0136.645] CloseHandle (hObject=0xc4c) returned 1 [0136.645] CloseHandle (hObject=0x3fd8) returned 1 [0136.645] CloseHandle (hObject=0x1ca8) returned 1 [0136.645] CloseHandle (hObject=0x7eb0) returned 1 [0136.645] CloseHandle (hObject=0x6c88) returned 1 [0136.645] CloseHandle (hObject=0x3a24) returned 1 [0136.645] CloseHandle (hObject=0x3370) returned 1 [0136.646] CloseHandle (hObject=0x6d0c) returned 1 [0136.646] CloseHandle (hObject=0x16a0) returned 1 [0136.646] CloseHandle (hObject=0xa058) returned 1 [0136.646] CloseHandle (hObject=0x6310) returned 1 [0136.646] CloseHandle (hObject=0x8c60) returned 1 [0136.646] CloseHandle (hObject=0x1698) returned 1 [0136.646] CloseHandle (hObject=0x7d8) returned 1 [0136.646] CloseHandle (hObject=0xcfc) returned 1 [0136.646] CloseHandle (hObject=0x7fe0) returned 1 [0136.646] CloseHandle (hObject=0x9960) returned 1 [0136.646] CloseHandle (hObject=0x35dc) returned 1 [0136.646] CloseHandle (hObject=0x1cf4) returned 1 [0136.647] CloseHandle (hObject=0x3eb4) returned 1 [0136.647] CloseHandle (hObject=0x7eac) returned 1 [0136.647] CloseHandle (hObject=0xb2cc) returned 1 [0136.647] CloseHandle (hObject=0xb2e0) returned 1 [0136.647] CloseHandle (hObject=0x42dc) returned 1 [0136.647] CloseHandle (hObject=0x5ee8) returned 1 [0136.647] CloseHandle (hObject=0x543c) returned 1 [0136.647] CloseHandle (hObject=0xa1a4) returned 1 [0136.647] CloseHandle (hObject=0x5f04) returned 1 [0136.647] CloseHandle (hObject=0xa608) returned 1 [0136.647] CloseHandle (hObject=0x8e8) returned 1 [0136.648] CloseHandle (hObject=0x8994) returned 1 [0136.648] CloseHandle (hObject=0x4a70) returned 1 [0136.648] CloseHandle (hObject=0x5294) returned 1 [0136.648] CloseHandle (hObject=0x9074) returned 1 [0136.648] CloseHandle (hObject=0x408) returned 1 [0136.648] CloseHandle (hObject=0x47d8) returned 1 [0136.648] CloseHandle (hObject=0xa1b4) returned 1 [0136.648] CloseHandle (hObject=0x99a0) returned 1 [0136.648] CloseHandle (hObject=0x4e58) returned 1 [0136.648] CloseHandle (hObject=0x3b10) returned 1 [0136.648] CloseHandle (hObject=0x9b00) returned 1 [0136.648] CloseHandle (hObject=0x86d4) returned 1 [0136.649] CloseHandle (hObject=0x4bb0) returned 1 [0136.649] CloseHandle (hObject=0x8fc8) returned 1 [0136.649] CloseHandle (hObject=0xb390) returned 1 [0136.649] CloseHandle (hObject=0xa2e8) returned 1 [0136.649] CloseHandle (hObject=0x22b0) returned 1 [0136.649] CloseHandle (hObject=0x21a8) returned 1 [0171.639] LocalFree (hMem=0x15413a8) returned 0x0 [0171.640] LocalFree (hMem=0x1541078) returned 0x0 [0171.640] EtwEventUnregister (RegHandle=0x14f0e70) returned 0x0 [0171.661] IUnknown:Release (This=0x1542328) returned 0x2 [0171.662] CoGetContextToken (in: pToken=0x526fab8 | out: pToken=0x526fab8) returned 0x0 [0171.662] IUnknown:QueryInterface (in: This=0x1520078, riid=0x73bef070*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x526fa5c | out: ppvObject=0x526fa5c*=0x1520088) returned 0x0 [0171.662] CObjectContext::ContextCallback () returned 0x0 [0172.374] IUnknown:Release (This=0x1520088) returned 0x1 [0172.388] CloseHandle (hObject=0x22a4) returned 1 [0172.401] GdipDisposeImage (image=0x5a61f08) returned 0x0 [0172.404] RegCloseKey (hKey=0x69fc) returned 0x0 [0172.405] RegCloseKey (hKey=0x3798) returned 0x0 [0172.405] RegCloseKey (hKey=0x80000004) returned 0x0 [0172.406] CloseHandle (hObject=0xac4c) returned 1 [0172.408] CloseHandle (hObject=0x3548) returned 1 [0172.408] RegCloseKey (hKey=0x4d40) returned 0x0 [0172.409] RegCloseKey (hKey=0x74b4) returned 0x0 [0172.409] RegCloseKey (hKey=0x39c0) returned 0x0 [0172.410] CloseHandle (hObject=0x7f14) returned 1 [0172.410] RegCloseKey (hKey=0xbbc) returned 0x0 [0172.411] RegCloseKey (hKey=0x1ccc) returned 0x0 [0172.411] CloseHandle (hObject=0x6f84) returned 1 [0172.412] RegCloseKey (hKey=0x43f8) returned 0x0 [0172.412] RegCloseKey (hKey=0x2e0c) returned 0x0 [0172.414] CoGetContextToken (in: pToken=0x526f8a0 | out: pToken=0x526f8a0) returned 0x0 [0172.414] CoGetContextToken (in: pToken=0x526f820 | out: pToken=0x526f820) returned 0x0 [0172.415] WbemDefPath:IUnknown:Release (This=0x159b8e8) returned 0x1 [0172.415] WbemDefPath:IUnknown:Release (This=0x159b8e8) returned 0x0 [0172.415] CoGetContextToken (in: pToken=0x526f820 | out: pToken=0x526f820) returned 0x0 [0172.415] WbemDefPath:IUnknown:Release (This=0x159c448) returned 0x1 [0172.415] WbemDefPath:IUnknown:Release (This=0x159c448) returned 0x0 [0172.415] CoGetContextToken (in: pToken=0x526f8a0 | out: pToken=0x526f8a0) returned 0x0 [0172.415] CoGetContextToken (in: pToken=0x526f820 | out: pToken=0x526f820) returned 0x0 [0172.415] WbemLocator:IUnknown:Release (This=0x152bac0) returned 0x4 [0172.416] CoReleaseMarshalData (pStm=0x15a0248) returned 0x0 [0172.416] WbemLocator:IUnknown:Release (This=0x152bac0) returned 0x3 [0172.416] WbemLocator:IUnknown:Release (This=0x152bac0) returned 0x2 [0172.417] WbemLocator:IUnknown:Release (This=0x152bac0) returned 0x1 [0172.417] WbemLocator:IUnknown:Release (This=0x152bac0) returned 0x0 [0172.586] CoGetContextToken (in: pToken=0x526f820 | out: pToken=0x526f820) returned 0x0 [0172.586] WbemLocator:IUnknown:Release (This=0x15521b8) returned 0x1 [0172.586] WbemLocator:IUnknown:Release (This=0x15521b8) returned 0x0 [0172.586] IUnknown:Release (This=0x1520130) returned 0x0 [0172.586] CoGetContextToken (in: pToken=0x526f8a0 | out: pToken=0x526f8a0) returned 0x0 [0172.586] IUnknown:QueryInterface (in: This=0x1520078, riid=0x73bef070*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x526f844 | out: ppvObject=0x526f844*=0x1520088) returned 0x0 [0172.587] CObjectContext::ContextCallback () returned 0x0 [0172.588] IUnknown:Release (This=0x1520088) returned 0x1 [0172.588] IUnknown:Release (This=0x1520078) returned 0x0 [0172.588] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 5 os_tid = 0x10d8 Thread: id = 6 os_tid = 0x122c Thread: id = 7 os_tid = 0xeac Thread: id = 8 os_tid = 0xf98 [0157.047] CoGetContextToken (in: pToken=0x5e4fc4c | out: pToken=0x5e4fc4c) returned 0x0 [0157.047] CObjectContext::QueryInterface () returned 0x0 [0157.047] CObjectContext::GetCurrentThreadType () returned 0x0 [0157.047] Release () returned 0x0 Thread: id = 9 os_tid = 0x380 [0138.908] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0138.908] RoInitialize () returned 0x1 [0138.908] RoUninitialize () returned 0x0 [0139.052] SleepEx (dwMilliseconds=0x1f4, bAlertable=1) returned 0x0 [0139.576] IsDebuggerPresent () returned 0 [0139.576] GetCurrentProcessId () returned 0x10c0 [0139.576] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0139.576] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b4c50 | out: lpExitCode=0x33b4c50*=0x103) returned 1 [0139.576] CloseHandle (hObject=0x22a4) returned 1 [0139.577] OutputDebugStringW (lpOutputString="") [0139.577] CloseHandle (hObject=0x0) returned 0 [0139.577] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0140.600] IsDebuggerPresent () returned 0 [0140.600] GetCurrentProcessId () returned 0x10c0 [0140.600] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0140.600] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b4dc0 | out: lpExitCode=0x33b4dc0*=0x103) returned 1 [0140.600] CloseHandle (hObject=0x22a4) returned 1 [0140.600] OutputDebugStringW (lpOutputString="") [0140.601] CloseHandle (hObject=0x0) returned 0 [0140.601] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0141.611] IsDebuggerPresent () returned 0 [0141.611] GetCurrentProcessId () returned 0x10c0 [0141.611] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0141.611] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b4f30 | out: lpExitCode=0x33b4f30*=0x103) returned 1 [0141.611] CloseHandle (hObject=0x22a4) returned 1 [0141.611] OutputDebugStringW (lpOutputString="") [0141.612] CloseHandle (hObject=0x0) returned 0 [0141.612] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0142.656] IsDebuggerPresent () returned 0 [0142.656] GetCurrentProcessId () returned 0x10c0 [0142.656] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0142.656] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b50a0 | out: lpExitCode=0x33b50a0*=0x103) returned 1 [0142.656] CloseHandle (hObject=0x22a4) returned 1 [0142.656] OutputDebugStringW (lpOutputString="") [0142.657] CloseHandle (hObject=0x0) returned 0 [0142.657] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0143.673] IsDebuggerPresent () returned 0 [0143.673] GetCurrentProcessId () returned 0x10c0 [0143.673] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0143.673] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b5210 | out: lpExitCode=0x33b5210*=0x103) returned 1 [0143.673] CloseHandle (hObject=0x22a4) returned 1 [0143.673] OutputDebugStringW (lpOutputString="") [0143.674] CloseHandle (hObject=0x0) returned 0 [0143.674] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0144.694] IsDebuggerPresent () returned 0 [0144.695] GetCurrentProcessId () returned 0x10c0 [0144.695] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0144.695] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b5380 | out: lpExitCode=0x33b5380*=0x103) returned 1 [0144.695] CloseHandle (hObject=0x22a4) returned 1 [0144.695] OutputDebugStringW (lpOutputString="") [0144.695] CloseHandle (hObject=0x0) returned 0 [0144.695] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0145.704] IsDebuggerPresent () returned 0 [0145.704] GetCurrentProcessId () returned 0x10c0 [0145.704] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0145.704] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b54f0 | out: lpExitCode=0x33b54f0*=0x103) returned 1 [0145.704] CloseHandle (hObject=0x22a4) returned 1 [0145.705] OutputDebugStringW (lpOutputString="") [0145.707] CloseHandle (hObject=0x0) returned 0 [0145.707] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0146.727] IsDebuggerPresent () returned 0 [0146.727] GetCurrentProcessId () returned 0x10c0 [0146.727] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0146.727] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b5660 | out: lpExitCode=0x33b5660*=0x103) returned 1 [0146.727] CloseHandle (hObject=0x22a4) returned 1 [0146.727] OutputDebugStringW (lpOutputString="") [0146.728] CloseHandle (hObject=0x0) returned 0 [0146.728] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0147.976] IsDebuggerPresent () returned 0 [0147.976] GetCurrentProcessId () returned 0x10c0 [0147.976] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0147.977] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b57d0 | out: lpExitCode=0x33b57d0*=0x103) returned 1 [0147.977] CloseHandle (hObject=0x22a4) returned 1 [0147.977] OutputDebugStringW (lpOutputString="") [0147.977] CloseHandle (hObject=0x0) returned 0 [0147.978] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0149.014] IsDebuggerPresent () returned 0 [0149.014] GetCurrentProcessId () returned 0x10c0 [0149.014] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0149.014] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b5940 | out: lpExitCode=0x33b5940*=0x103) returned 1 [0149.014] CloseHandle (hObject=0x22a4) returned 1 [0149.014] OutputDebugStringW (lpOutputString="") [0149.015] CloseHandle (hObject=0x0) returned 0 [0149.015] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0150.533] IsDebuggerPresent () returned 0 [0150.534] GetCurrentProcessId () returned 0x10c0 [0150.534] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x83e0 [0150.536] GetExitCodeProcess (in: hProcess=0x83e0, lpExitCode=0x33b64c4 | out: lpExitCode=0x33b64c4*=0x103) returned 1 [0150.536] CloseHandle (hObject=0x83e0) returned 1 [0150.536] OutputDebugStringW (lpOutputString="") [0150.549] CloseHandle (hObject=0x0) returned 0 [0150.549] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0152.402] IsDebuggerPresent () returned 0 [0152.402] GetCurrentProcessId () returned 0x10c0 [0152.402] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x1c5c [0152.402] GetExitCodeProcess (in: hProcess=0x1c5c, lpExitCode=0x33b66ec | out: lpExitCode=0x33b66ec*=0x103) returned 1 [0152.402] CloseHandle (hObject=0x1c5c) returned 1 [0152.402] OutputDebugStringW (lpOutputString="") [0152.402] CloseHandle (hObject=0x0) returned 0 [0152.403] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0153.411] IsDebuggerPresent () returned 0 [0153.411] GetCurrentProcessId () returned 0x10c0 [0153.412] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0xa724 [0153.412] GetExitCodeProcess (in: hProcess=0xa724, lpExitCode=0x33b67a4 | out: lpExitCode=0x33b67a4*=0x103) returned 1 [0153.412] CloseHandle (hObject=0xa724) returned 1 [0153.412] OutputDebugStringW (lpOutputString="") [0153.413] CloseHandle (hObject=0x0) returned 0 [0153.413] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0154.440] IsDebuggerPresent () returned 0 [0154.440] GetCurrentProcessId () returned 0x10c0 [0154.440] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3798 [0154.440] GetExitCodeProcess (in: hProcess=0x3798, lpExitCode=0x33b69f0 | out: lpExitCode=0x33b69f0*=0x103) returned 1 [0154.440] CloseHandle (hObject=0x3798) returned 1 [0154.440] OutputDebugStringW (lpOutputString="") [0154.441] CloseHandle (hObject=0x0) returned 0 [0154.441] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0155.498] IsDebuggerPresent () returned 0 [0155.498] GetCurrentProcessId () returned 0x10c0 [0155.498] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x74b4 [0155.498] GetExitCodeProcess (in: hProcess=0x74b4, lpExitCode=0x33b98d0 | out: lpExitCode=0x33b98d0*=0x103) returned 1 [0155.498] CloseHandle (hObject=0x74b4) returned 1 [0155.498] OutputDebugStringW (lpOutputString="") [0155.499] CloseHandle (hObject=0x0) returned 0 [0155.499] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0157.040] IsDebuggerPresent () returned 0 [0157.040] GetCurrentProcessId () returned 0x10c0 [0157.040] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x2fa0 [0157.040] GetExitCodeProcess (in: hProcess=0x2fa0, lpExitCode=0x33bbb84 | out: lpExitCode=0x33bbb84*=0x103) returned 1 [0157.040] CloseHandle (hObject=0x2fa0) returned 1 [0157.040] OutputDebugStringW (lpOutputString="") [0157.041] CloseHandle (hObject=0x0) returned 0 [0157.042] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0158.101] IsDebuggerPresent () returned 0 [0158.101] GetCurrentProcessId () returned 0x10c0 [0158.101] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x9ff0 [0158.101] GetExitCodeProcess (in: hProcess=0x9ff0, lpExitCode=0x33bce40 | out: lpExitCode=0x33bce40*=0x103) returned 1 [0158.102] CloseHandle (hObject=0x9ff0) returned 1 [0158.102] OutputDebugStringW (lpOutputString="") [0158.102] CloseHandle (hObject=0x0) returned 0 [0158.103] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0159.197] IsDebuggerPresent () returned 0 [0159.197] GetCurrentProcessId () returned 0x10c0 [0159.197] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x9ff0 [0159.197] GetExitCodeProcess (in: hProcess=0x9ff0, lpExitCode=0x33bd89c | out: lpExitCode=0x33bd89c*=0x103) returned 1 [0159.198] CloseHandle (hObject=0x9ff0) returned 1 [0159.198] OutputDebugStringW (lpOutputString="") [0159.198] CloseHandle (hObject=0x0) returned 0 [0159.198] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0166.137] IsDebuggerPresent () returned 0 [0166.137] GetCurrentProcessId () returned 0x10c0 [0166.137] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x59ac [0166.137] GetExitCodeProcess (in: hProcess=0x59ac, lpExitCode=0x33bdf94 | out: lpExitCode=0x33bdf94*=0x103) returned 1 [0166.137] CloseHandle (hObject=0x59ac) returned 1 [0166.137] OutputDebugStringW (lpOutputString="") [0166.138] CloseHandle (hObject=0x0) returned 0 [0166.138] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0167.884] IsDebuggerPresent () returned 0 [0167.884] GetCurrentProcessId () returned 0x10c0 [0167.884] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x30c [0167.885] GetExitCodeProcess (in: hProcess=0x30c, lpExitCode=0x33be04c | out: lpExitCode=0x33be04c*=0x103) returned 1 [0167.885] CloseHandle (hObject=0x30c) returned 1 [0167.885] OutputDebugStringW (lpOutputString="") [0167.886] CloseHandle (hObject=0x0) returned 0 [0167.886] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0169.008] IsDebuggerPresent () returned 0 [0169.008] GetCurrentProcessId () returned 0x10c0 [0169.008] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0xac4c [0169.008] GetExitCodeProcess (in: hProcess=0xac4c, lpExitCode=0x33be9f4 | out: lpExitCode=0x33be9f4*=0x103) returned 1 [0169.008] CloseHandle (hObject=0xac4c) returned 1 [0169.008] OutputDebugStringW (lpOutputString="") [0169.009] CloseHandle (hObject=0x0) returned 0 [0169.009] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0170.083] IsDebuggerPresent () returned 0 [0170.088] GetCurrentProcessId () returned 0x10c0 [0170.088] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x2f14 [0170.088] GetExitCodeProcess (in: hProcess=0x2f14, lpExitCode=0x33bfb30 | out: lpExitCode=0x33bfb30*=0x103) returned 1 [0170.089] CloseHandle (hObject=0x2f14) returned 1 [0170.089] OutputDebugStringW (lpOutputString="") [0170.098] CloseHandle (hObject=0x0) returned 0 [0170.098] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0171.319] IsDebuggerPresent () returned 0 [0171.319] GetCurrentProcessId () returned 0x10c0 [0171.319] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4a1c [0171.319] GetExitCodeProcess (in: hProcess=0x4a1c, lpExitCode=0x33c0940 | out: lpExitCode=0x33c0940*=0x103) returned 1 [0171.319] CloseHandle (hObject=0x4a1c) returned 1 [0171.319] OutputDebugStringW (lpOutputString="") [0171.320] CloseHandle (hObject=0x0) returned 0 [0171.320] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0172.445] CoGetContextToken (in: pToken=0xb93f4c4 | out: pToken=0xb93f4c4) returned 0x0 [0172.445] IUnknown:QueryInterface (in: This=0x1520130, riid=0x73bd5e8c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xb93f4e8 | out: ppvObject=0xb93f4e8*=0x152013c) returned 0x0 [0172.445] IComThreadingInfo:GetCurrentThreadType (in: This=0x152013c, pThreadType=0xb93f514 | out: pThreadType=0xb93f514*=0) returned 0x0 [0172.445] IUnknown:Release (This=0x152013c) returned 0x2 Thread: id = 10 os_tid = 0x480 [0139.001] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0139.001] RoInitialize () returned 0x1 [0139.001] RoUninitialize () returned 0x0 [0139.037] IsDebuggerPresent () returned 0 [0139.037] GetCurrentProcessId () returned 0x10c0 [0139.038] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0xb26c [0139.038] GetExitCodeProcess (in: hProcess=0xb26c, lpExitCode=0x33b1bf0 | out: lpExitCode=0x33b1bf0*=0x103) returned 1 [0139.038] CloseHandle (hObject=0xb26c) returned 1 [0139.045] OutputDebugStringW (lpOutputString="") [0139.052] CloseHandle (hObject=0x0) returned 0 [0139.052] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0140.057] IsDebuggerPresent () returned 0 [0140.057] GetCurrentProcessId () returned 0x10c0 [0140.057] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0140.057] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b4d08 | out: lpExitCode=0x33b4d08*=0x103) returned 1 [0140.057] CloseHandle (hObject=0x22a4) returned 1 [0140.057] OutputDebugStringW (lpOutputString="") [0140.058] CloseHandle (hObject=0x0) returned 0 [0140.058] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0141.062] IsDebuggerPresent () returned 0 [0141.062] GetCurrentProcessId () returned 0x10c0 [0141.062] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0141.062] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b4e78 | out: lpExitCode=0x33b4e78*=0x103) returned 1 [0141.062] CloseHandle (hObject=0x22a4) returned 1 [0141.063] OutputDebugStringW (lpOutputString="") [0141.063] CloseHandle (hObject=0x0) returned 0 [0141.063] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0142.094] IsDebuggerPresent () returned 0 [0142.095] GetCurrentProcessId () returned 0x10c0 [0142.095] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0142.095] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b4fe8 | out: lpExitCode=0x33b4fe8*=0x103) returned 1 [0142.095] CloseHandle (hObject=0x22a4) returned 1 [0142.095] OutputDebugStringW (lpOutputString="") [0142.096] CloseHandle (hObject=0x0) returned 0 [0142.096] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0143.110] IsDebuggerPresent () returned 0 [0143.110] GetCurrentProcessId () returned 0x10c0 [0143.110] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0143.110] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b5158 | out: lpExitCode=0x33b5158*=0x103) returned 1 [0143.110] CloseHandle (hObject=0x22a4) returned 1 [0143.110] OutputDebugStringW (lpOutputString="") [0143.111] CloseHandle (hObject=0x0) returned 0 [0143.111] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0144.219] IsDebuggerPresent () returned 0 [0144.220] GetCurrentProcessId () returned 0x10c0 [0144.220] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0144.220] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b52c8 | out: lpExitCode=0x33b52c8*=0x103) returned 1 [0144.220] CloseHandle (hObject=0x22a4) returned 1 [0144.220] OutputDebugStringW (lpOutputString="") [0144.220] CloseHandle (hObject=0x0) returned 0 [0144.220] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0145.234] IsDebuggerPresent () returned 0 [0145.234] GetCurrentProcessId () returned 0x10c0 [0145.235] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0145.235] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b5438 | out: lpExitCode=0x33b5438*=0x103) returned 1 [0145.235] CloseHandle (hObject=0x22a4) returned 1 [0145.235] OutputDebugStringW (lpOutputString="") [0145.235] CloseHandle (hObject=0x0) returned 0 [0145.235] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0146.294] IsDebuggerPresent () returned 0 [0146.294] GetCurrentProcessId () returned 0x10c0 [0146.294] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0146.294] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b55a8 | out: lpExitCode=0x33b55a8*=0x103) returned 1 [0146.294] CloseHandle (hObject=0x22a4) returned 1 [0146.294] OutputDebugStringW (lpOutputString="") [0146.295] CloseHandle (hObject=0x0) returned 0 [0146.295] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0147.320] IsDebuggerPresent () returned 0 [0147.320] GetCurrentProcessId () returned 0x10c0 [0147.320] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0147.320] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b5718 | out: lpExitCode=0x33b5718*=0x103) returned 1 [0147.320] CloseHandle (hObject=0x22a4) returned 1 [0147.321] OutputDebugStringW (lpOutputString="") [0147.321] CloseHandle (hObject=0x0) returned 0 [0147.321] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0148.335] IsDebuggerPresent () returned 0 [0148.336] GetCurrentProcessId () returned 0x10c0 [0148.336] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0148.336] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b5888 | out: lpExitCode=0x33b5888*=0x103) returned 1 [0148.336] CloseHandle (hObject=0x22a4) returned 1 [0148.336] OutputDebugStringW (lpOutputString="") [0148.336] CloseHandle (hObject=0x0) returned 0 [0148.336] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0149.391] IsDebuggerPresent () returned 0 [0149.391] GetCurrentProcessId () returned 0x10c0 [0149.391] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x22a4 [0149.391] GetExitCodeProcess (in: hProcess=0x22a4, lpExitCode=0x33b59f8 | out: lpExitCode=0x33b59f8*=0x103) returned 1 [0149.391] CloseHandle (hObject=0x22a4) returned 1 [0149.391] OutputDebugStringW (lpOutputString="") [0149.392] CloseHandle (hObject=0x0) returned 0 [0149.392] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0150.623] IsDebuggerPresent () returned 0 [0150.623] GetCurrentProcessId () returned 0x10c0 [0150.623] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x794 [0150.623] GetExitCodeProcess (in: hProcess=0x794, lpExitCode=0x33b657c | out: lpExitCode=0x33b657c*=0x103) returned 1 [0150.623] CloseHandle (hObject=0x794) returned 1 [0150.623] OutputDebugStringW (lpOutputString="") [0150.624] CloseHandle (hObject=0x0) returned 0 [0150.624] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0152.401] IsDebuggerPresent () returned 0 [0152.401] GetCurrentProcessId () returned 0x10c0 [0152.401] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x1c5c [0152.401] GetExitCodeProcess (in: hProcess=0x1c5c, lpExitCode=0x33b6634 | out: lpExitCode=0x33b6634*=0x103) returned 1 [0152.401] CloseHandle (hObject=0x1c5c) returned 1 [0152.401] OutputDebugStringW (lpOutputString="") [0152.401] CloseHandle (hObject=0x0) returned 0 [0152.402] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0153.414] IsDebuggerPresent () returned 0 [0153.414] GetCurrentProcessId () returned 0x10c0 [0153.414] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0xa724 [0153.414] GetExitCodeProcess (in: hProcess=0xa724, lpExitCode=0x33b685c | out: lpExitCode=0x33b685c*=0x103) returned 1 [0153.414] CloseHandle (hObject=0xa724) returned 1 [0153.414] OutputDebugStringW (lpOutputString="") [0153.415] CloseHandle (hObject=0x0) returned 0 [0153.415] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0154.439] IsDebuggerPresent () returned 0 [0154.439] GetCurrentProcessId () returned 0x10c0 [0154.439] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x3798 [0154.439] GetExitCodeProcess (in: hProcess=0x3798, lpExitCode=0x33b6938 | out: lpExitCode=0x33b6938*=0x103) returned 1 [0154.439] CloseHandle (hObject=0x3798) returned 1 [0154.439] OutputDebugStringW (lpOutputString="") [0154.440] CloseHandle (hObject=0x0) returned 0 [0154.440] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0155.499] IsDebuggerPresent () returned 0 [0155.499] GetCurrentProcessId () returned 0x10c0 [0155.499] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x74b4 [0155.499] GetExitCodeProcess (in: hProcess=0x74b4, lpExitCode=0x33b9988 | out: lpExitCode=0x33b9988*=0x103) returned 1 [0155.499] CloseHandle (hObject=0x74b4) returned 1 [0155.499] OutputDebugStringW (lpOutputString="") [0155.500] CloseHandle (hObject=0x0) returned 0 [0155.500] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0157.039] IsDebuggerPresent () returned 0 [0157.039] GetCurrentProcessId () returned 0x10c0 [0157.039] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x2fa0 [0157.039] GetExitCodeProcess (in: hProcess=0x2fa0, lpExitCode=0x33bbacc | out: lpExitCode=0x33bbacc*=0x103) returned 1 [0157.039] CloseHandle (hObject=0x2fa0) returned 1 [0157.039] OutputDebugStringW (lpOutputString="") [0157.040] CloseHandle (hObject=0x0) returned 0 [0157.040] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0158.103] IsDebuggerPresent () returned 0 [0158.103] GetCurrentProcessId () returned 0x10c0 [0158.103] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x9ff0 [0158.103] GetExitCodeProcess (in: hProcess=0x9ff0, lpExitCode=0x33bcef8 | out: lpExitCode=0x33bcef8*=0x103) returned 1 [0158.103] CloseHandle (hObject=0x9ff0) returned 1 [0158.103] OutputDebugStringW (lpOutputString="") [0158.104] CloseHandle (hObject=0x0) returned 0 [0158.104] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0159.206] IsDebuggerPresent () returned 0 [0159.206] GetCurrentProcessId () returned 0x10c0 [0159.206] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x9ff0 [0159.206] GetExitCodeProcess (in: hProcess=0x9ff0, lpExitCode=0x33bd954 | out: lpExitCode=0x33bd954*=0x103) returned 1 [0159.206] CloseHandle (hObject=0x9ff0) returned 1 [0159.206] OutputDebugStringW (lpOutputString="") [0159.207] CloseHandle (hObject=0x0) returned 0 [0159.207] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0166.135] IsDebuggerPresent () returned 0 [0166.135] GetCurrentProcessId () returned 0x10c0 [0166.135] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x59ac [0166.135] GetExitCodeProcess (in: hProcess=0x59ac, lpExitCode=0x33bdedc | out: lpExitCode=0x33bdedc*=0x103) returned 1 [0166.135] CloseHandle (hObject=0x59ac) returned 1 [0166.136] OutputDebugStringW (lpOutputString="") [0166.136] CloseHandle (hObject=0x0) returned 0 [0166.136] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0167.886] IsDebuggerPresent () returned 0 [0167.887] GetCurrentProcessId () returned 0x10c0 [0167.887] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x30c [0167.887] GetExitCodeProcess (in: hProcess=0x30c, lpExitCode=0x33be104 | out: lpExitCode=0x33be104*=0x103) returned 1 [0167.887] CloseHandle (hObject=0x30c) returned 1 [0167.887] OutputDebugStringW (lpOutputString="") [0167.888] CloseHandle (hObject=0x0) returned 0 [0167.888] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0169.006] IsDebuggerPresent () returned 0 [0169.006] GetCurrentProcessId () returned 0x10c0 [0169.006] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0xac4c [0169.006] GetExitCodeProcess (in: hProcess=0xac4c, lpExitCode=0x33be93c | out: lpExitCode=0x33be93c*=0x103) returned 1 [0169.006] CloseHandle (hObject=0xac4c) returned 1 [0169.006] OutputDebugStringW (lpOutputString="") [0169.007] CloseHandle (hObject=0x0) returned 0 [0169.007] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0170.099] IsDebuggerPresent () returned 0 [0170.099] GetCurrentProcessId () returned 0x10c0 [0170.099] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x41d0 [0170.102] GetExitCodeProcess (in: hProcess=0x41d0, lpExitCode=0x33bfbf8 | out: lpExitCode=0x33bfbf8*=0x103) returned 1 [0170.102] CloseHandle (hObject=0x41d0) returned 1 [0170.102] OutputDebugStringW (lpOutputString="") [0170.103] CloseHandle (hObject=0x0) returned 0 [0170.103] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0171.318] IsDebuggerPresent () returned 0 [0171.318] GetCurrentProcessId () returned 0x10c0 [0171.318] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10c0) returned 0x4a1c [0171.318] GetExitCodeProcess (in: hProcess=0x4a1c, lpExitCode=0x33c0888 | out: lpExitCode=0x33c0888*=0x103) returned 1 [0171.318] CloseHandle (hObject=0x4a1c) returned 1 [0171.318] OutputDebugStringW (lpOutputString="") [0171.319] CloseHandle (hObject=0x0) returned 0 [0171.319] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0172.446] CoGetContextToken (in: pToken=0xbb7ef54 | out: pToken=0xbb7ef54) returned 0x0 [0172.446] IUnknown:QueryInterface (in: This=0x1520130, riid=0x73bd5e8c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xbb7ef78 | out: ppvObject=0xbb7ef78*=0x152013c) returned 0x0 [0172.446] IComThreadingInfo:GetCurrentThreadType (in: This=0x152013c, pThreadType=0xbb7efa4 | out: pThreadType=0xbb7efa4*=0) returned 0x0 [0172.446] IUnknown:Release (This=0x152013c) returned 0x2 Thread: id = 11 os_tid = 0xaac Thread: id = 12 os_tid = 0x564 [0155.558] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0155.558] RoInitialize () returned 0x1 [0155.558] RoUninitialize () returned 0x0 [0155.588] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0xde2f34c | out: lpiid=0xde2f34c) returned 0x0 [0155.591] CoGetClassObject (in: rclsid=0x158a41c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x73bfb24c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xde2f058 | out: ppv=0xde2f058*=0x1552258) returned 0x0 [0157.375] WbemDefPath:IUnknown:QueryInterface (in: This=0x1552258, riid=0x73c49e44*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xde2f274 | out: ppvObject=0xde2f274*=0x0) returned 0x80004002 [0157.375] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1552258, pUnkOuter=0x0, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xde2f280 | out: ppvObject=0xde2f280*=0x159b8e8) returned 0x0 [0157.376] WbemDefPath:IUnknown:Release (This=0x1552258) returned 0x0 [0157.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x159b8e8, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xde2eea4 | out: ppvObject=0xde2eea4*=0x159b8e8) returned 0x0 [0157.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x159b8e8, riid=0x73bf0328*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xde2ee60 | out: ppvObject=0xde2ee60*=0x0) returned 0x80004002 [0157.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x159b8e8, riid=0x73bf0490*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0xde2ea54 | out: ppvObject=0xde2ea54*=0x0) returned 0x80004002 [0157.376] WbemDefPath:IUnknown:AddRef (This=0x159b8e8) returned 0x3 [0157.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x159b8e8, riid=0x73bf0074*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0xde2e7b4 | out: ppvObject=0xde2e7b4*=0x0) returned 0x80004002 [0157.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x159b8e8, riid=0x73beffc8*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0xde2e764 | out: ppvObject=0xde2e764*=0x0) returned 0x80004002 [0157.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x159b8e8, riid=0x73b37604*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xde2e770 | out: ppvObject=0xde2e770*=0x15477e0) returned 0x0 [0157.377] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x15477e0, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xde2e778 | out: pCid=0xde2e778*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.377] WbemDefPath:IUnknown:Release (This=0x15477e0) returned 0x3 [0157.377] CoGetContextToken (in: pToken=0xde2e7d0 | out: pToken=0xde2e7d0) returned 0x0 [0157.377] CoGetContextToken (in: pToken=0xde2ebd8 | out: pToken=0xde2ebd8) returned 0x0 [0157.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x159b8e8, riid=0x73bf02b4*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xde2ec64 | out: ppvObject=0xde2ec64*=0x0) returned 0x80004002 [0157.377] WbemDefPath:IUnknown:Release (This=0x159b8e8) returned 0x2 [0157.377] WbemDefPath:IUnknown:Release (This=0x159b8e8) returned 0x1 [0157.378] SetEvent (hEvent=0x3548) returned 1 [0169.619] CoGetClassObject (in: rclsid=0x158a41c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x73bfb24c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xde2f058 | out: ppv=0xde2f058*=0x1529318) returned 0x0 [0169.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x1529318, riid=0x73c49e44*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0xde2f274 | out: ppvObject=0xde2f274*=0x0) returned 0x80004002 [0169.619] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1529318, pUnkOuter=0x0, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xde2f280 | out: ppvObject=0xde2f280*=0x159c448) returned 0x0 [0169.619] WbemDefPath:IUnknown:Release (This=0x1529318) returned 0x0 [0169.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x159c448, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xde2eea4 | out: ppvObject=0xde2eea4*=0x159c448) returned 0x0 [0169.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x159c448, riid=0x73bf0328*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0xde2ee60 | out: ppvObject=0xde2ee60*=0x0) returned 0x80004002 [0169.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x159c448, riid=0x73bf0490*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0xde2ea54 | out: ppvObject=0xde2ea54*=0x0) returned 0x80004002 [0169.620] WbemDefPath:IUnknown:AddRef (This=0x159c448) returned 0x3 [0169.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x159c448, riid=0x73bf0074*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0xde2e7b4 | out: ppvObject=0xde2e7b4*=0x0) returned 0x80004002 [0169.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x159c448, riid=0x73beffc8*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0xde2e764 | out: ppvObject=0xde2e764*=0x0) returned 0x80004002 [0169.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x159c448, riid=0x73b37604*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xde2e770 | out: ppvObject=0xde2e770*=0x159e280) returned 0x0 [0169.620] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x159e280, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0xde2e778 | out: pCid=0xde2e778*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0169.620] WbemDefPath:IUnknown:Release (This=0x159e280) returned 0x3 [0169.620] CoGetContextToken (in: pToken=0xde2e7d0 | out: pToken=0xde2e7d0) returned 0x0 [0169.620] CoGetContextToken (in: pToken=0xde2ebd8 | out: pToken=0xde2ebd8) returned 0x0 [0169.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x159c448, riid=0x73bf02b4*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xde2ec64 | out: ppvObject=0xde2ec64*=0x0) returned 0x80004002 [0169.620] WbemDefPath:IUnknown:Release (This=0x159c448) returned 0x2 [0169.620] WbemDefPath:IUnknown:Release (This=0x159c448) returned 0x1 [0169.620] SetEvent (hEvent=0xac4c) returned 1 Thread: id = 13 os_tid = 0xe00 Thread: id = 14 os_tid = 0x58c [0157.514] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0157.514] RoInitialize () returned 0x1 [0157.514] RoUninitialize () returned 0x0 [0157.515] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x5e4f0dc | out: lpiid=0x5e4f0dc) returned 0x0 [0157.517] CoGetClassObject (in: rclsid=0x158a6bc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x73bfb24c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5e4ede8 | out: ppv=0x5e4ede8*=0x159df20) returned 0x0 [0157.782] WbemLocator:IUnknown:QueryInterface (in: This=0x159df20, riid=0x73c49e44*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5e4f004 | out: ppvObject=0x5e4f004*=0x0) returned 0x80004002 [0157.782] WbemLocator:IClassFactory:CreateInstance (in: This=0x159df20, pUnkOuter=0x0, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5e4f010 | out: ppvObject=0x5e4f010*=0x15521b8) returned 0x0 [0157.783] WbemLocator:IUnknown:Release (This=0x159df20) returned 0x0 [0157.783] WbemLocator:IUnknown:QueryInterface (in: This=0x15521b8, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5e4ec34 | out: ppvObject=0x5e4ec34*=0x15521b8) returned 0x0 [0157.783] WbemLocator:IUnknown:QueryInterface (in: This=0x15521b8, riid=0x73bf0328*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5e4ebf0 | out: ppvObject=0x5e4ebf0*=0x0) returned 0x80004002 [0157.783] WbemLocator:IUnknown:QueryInterface (in: This=0x15521b8, riid=0x73bf0490*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x5e4e7e4 | out: ppvObject=0x5e4e7e4*=0x0) returned 0x80004002 [0157.783] WbemLocator:IUnknown:AddRef (This=0x15521b8) returned 0x3 [0157.783] WbemLocator:IUnknown:QueryInterface (in: This=0x15521b8, riid=0x73bf0074*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5e4e544 | out: ppvObject=0x5e4e544*=0x0) returned 0x80004002 [0157.783] WbemLocator:IUnknown:QueryInterface (in: This=0x15521b8, riid=0x73beffc8*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5e4e4f4 | out: ppvObject=0x5e4e4f4*=0x0) returned 0x80004002 [0157.783] WbemLocator:IUnknown:QueryInterface (in: This=0x15521b8, riid=0x73b37604*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5e4e500 | out: ppvObject=0x5e4e500*=0x0) returned 0x80004002 [0157.783] CoGetContextToken (in: pToken=0x5e4e560 | out: pToken=0x5e4e560) returned 0x0 [0157.784] CoGetObjectContext (in: riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x159e014 | out: ppv=0x159e014*=0x1520130) returned 0x0 [0157.785] CoGetContextToken (in: pToken=0x5e4e968 | out: pToken=0x5e4e968) returned 0x0 [0157.785] WbemLocator:IUnknown:QueryInterface (in: This=0x15521b8, riid=0x73bf02b4*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5e4e9f4 | out: ppvObject=0x5e4e9f4*=0x0) returned 0x80004002 [0157.785] WbemLocator:IUnknown:Release (This=0x15521b8) returned 0x2 [0157.786] WbemLocator:IUnknown:Release (This=0x15521b8) returned 0x1 [0157.786] CoGetContextToken (in: pToken=0x5e4eff0 | out: pToken=0x5e4eff0) returned 0x0 [0157.786] CoGetContextToken (in: pToken=0x5e4ef50 | out: pToken=0x5e4ef50) returned 0x0 [0157.786] WbemLocator:IUnknown:QueryInterface (in: This=0x15521b8, riid=0x5e4f020*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5e4f01c | out: ppvObject=0x5e4f01c*=0x15521b8) returned 0x0 [0157.786] WbemLocator:IUnknown:AddRef (This=0x15521b8) returned 0x3 [0157.786] WbemLocator:IUnknown:Release (This=0x15521b8) returned 0x2 [0157.791] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x159b8e8, puCount=0x5e4f1b8 | out: puCount=0x5e4f1b8*=0x2) returned 0x0 [0157.791] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=8, puBuffLength=0x5e4f1b4*=0x0, pszText=0x0 | out: puBuffLength=0x5e4f1b4*=0xf, pszText=0x0) returned 0x0 [0157.791] WbemDefPath:IWbemPath:GetText (in: This=0x159b8e8, lFlags=8, puBuffLength=0x5e4f1b4*=0xf, pszText="00000000000000" | out: puBuffLength=0x5e4f1b4*=0xf, pszText="\\\\.\\ROOT\\cimv2") returned 0x0 [0157.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x5e4e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0157.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x5e4e908, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll\x05²38oÄyÍbðù°s\x14ìä\x05\x01", lpUsedDefaultChar=0x0) returned 63 [0157.824] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6f1d0000 [0158.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x5e4e93c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity58oÄyÍbðù°s\x14ìä\x05\x01", lpUsedDefaultChar=0x0) returned 13 [0158.067] GetProcAddress (hModule=0x6f1d0000, lpProcName="ResetSecurity") returned 0x6f1d7a70 [0158.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x5e4e93c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 11 [0158.077] GetProcAddress (hModule=0x6f1d0000, lpProcName="SetSecurity") returned 0x6f1d7ac0 [0158.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x5e4e938, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 18 [0158.089] GetProcAddress (hModule=0x6f1d0000, lpProcName="BlessIWbemServices") returned 0x6f1d6b60 [0158.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x5e4e930, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 24 [0158.169] GetProcAddress (hModule=0x6f1d0000, lpProcName="BlessIWbemServicesObject") returned 0x6f1d6bc0 [0158.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x5e4e938, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 17 [0158.194] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetPropertyHandle") returned 0x6f1d7500 [0158.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x5e4e938, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 18 [0158.252] GetProcAddress (hModule=0x6f1d0000, lpProcName="WritePropertyValue") returned 0x6f1d7c30 [0158.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x5e4e944, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 5 [0158.262] GetProcAddress (hModule=0x6f1d0000, lpProcName="Clone") returned 0x6f1d6c20 [0158.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x5e4e938, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 15 [0158.270] GetProcAddress (hModule=0x6f1d0000, lpProcName="VerifyClientKey") returned 0x6f1d7bb0 [0158.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x5e4e938, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 15 [0158.279] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetQualifierSet") returned 0x6f1d72c0 [0158.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x5e4e944, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 3 [0158.281] GetProcAddress (hModule=0x6f1d0000, lpProcName="Get") returned 0x6f1d7290 [0158.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x5e4e944, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 3 [0158.490] GetProcAddress (hModule=0x6f1d0000, lpProcName="Put") returned 0x6f1d76c0 [0158.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x5e4e944, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 6 [0158.503] GetProcAddress (hModule=0x6f1d0000, lpProcName="Delete") returned 0x6f1d6ff0 [0158.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x5e4e940, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 8 [0158.512] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetNames") returned 0x6f1d74a0 [0158.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x5e4e938, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 16 [0158.674] GetProcAddress (hModule=0x6f1d0000, lpProcName="BeginEnumeration") returned 0x6f1d6b20 [0158.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x5e4e944, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 4 [0158.680] GetProcAddress (hModule=0x6f1d0000, lpProcName="Next") returned 0x6f1d7660 [0158.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x5e4e93c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 14 [0158.695] GetProcAddress (hModule=0x6f1d0000, lpProcName="EndEnumeration") returned 0x6f1d70b0 [0158.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x5e4e930, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 23 [0158.702] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetPropertyQualifierSet") returned 0x6f1d7590 [0158.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x5e4e944, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 5 [0158.712] GetProcAddress (hModule=0x6f1d0000, lpProcName="Clone") returned 0x6f1d6c20 [0158.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x5e4e93c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 13 [0158.788] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetObjectText") returned 0x6f1d74d0 [0158.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x5e4e938, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 17 [0158.799] GetProcAddress (hModule=0x6f1d0000, lpProcName="SpawnDerivedClass") returned 0x6f1d7b10 [0158.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x5e4e93c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 13 [0158.820] GetProcAddress (hModule=0x6f1d0000, lpProcName="SpawnInstance") returned 0x6f1d7b40 [0158.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x5e4e940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 9 [0158.822] GetProcAddress (hModule=0x6f1d0000, lpProcName="CompareTo") returned 0x6f1d6d10 [0158.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x5e4e938, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 17 [0158.829] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetPropertyOrigin") returned 0x6f1d7560 [0158.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x5e4e93c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 12 [0158.887] GetProcAddress (hModule=0x6f1d0000, lpProcName="InheritsFrom") returned 0x6f1d75c0 [0158.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x5e4e940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 9 [0158.888] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetMethod") returned 0x6f1d7410 [0158.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x5e4e940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 9 [0158.897] GetProcAddress (hModule=0x6f1d0000, lpProcName="PutMethod") returned 0x6f1d7890 [0158.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x5e4e93c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 12 [0158.909] GetProcAddress (hModule=0x6f1d0000, lpProcName="DeleteMethod") returned 0x6f1d7010 [0158.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x5e4e934, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 22 [0158.910] GetProcAddress (hModule=0x6f1d0000, lpProcName="BeginMethodEnumeration") returned 0x6f1d6b40 [0158.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x5e4e940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 10 [0158.912] GetProcAddress (hModule=0x6f1d0000, lpProcName="NextMethod") returned 0x6f1d7690 [0158.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x5e4e934, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 20 [0158.923] GetProcAddress (hModule=0x6f1d0000, lpProcName="EndMethodEnumeration") returned 0x6f1d70d0 [0158.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x5e4e934, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 21 [0158.924] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetMethodQualifierSet") returned 0x6f1d7470 [0158.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x5e4e938, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 15 [0158.926] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetMethodOrigin") returned 0x6f1d7440 [0158.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x5e4e938, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 16 [0158.927] GetProcAddress (hModule=0x6f1d0000, lpProcName="QualifierSet_Get") returned 0x6f1d7920 [0158.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x5e4e938, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 16 [0159.001] GetProcAddress (hModule=0x6f1d0000, lpProcName="QualifierSet_Put") returned 0x6f1d79b0 [0159.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x5e4e934, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 19 [0159.011] GetProcAddress (hModule=0x6f1d0000, lpProcName="QualifierSet_Delete") returned 0x6f1d78e0 [0159.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x5e4e934, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 21 [0159.013] GetProcAddress (hModule=0x6f1d0000, lpProcName="QualifierSet_GetNames") returned 0x6f1d7950 [0159.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x5e4e92c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 29 [0159.024] GetProcAddress (hModule=0x6f1d0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6f1d78c0 [0159.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x5e4e938, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 17 [0159.119] GetProcAddress (hModule=0x6f1d0000, lpProcName="QualifierSet_Next") returned 0x6f1d7980 [0159.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x5e4e92c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 27 [0159.131] GetProcAddress (hModule=0x6f1d0000, lpProcName="QualifierSet_EndEnumeration") returned 0x6f1d7900 [0159.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x5e4e930, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 23 [0159.132] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetCurrentApartmentType") returned 0x6f1d72c0 [0159.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x5e4e934, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 20 [0159.140] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetDemultiplexedStub") returned 0x6f1d72e0 [0159.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x5e4e934, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi58oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 21 [0159.208] GetProcAddress (hModule=0x6f1d0000, lpProcName="CreateInstanceEnumWmi") returned 0x6f1d6f20 [0159.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x5e4e938, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 18 [0159.234] GetProcAddress (hModule=0x6f1d0000, lpProcName="CreateClassEnumWmi") returned 0x6f1d6e50 [0159.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x5e4e93c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 12 [0159.236] GetProcAddress (hModule=0x6f1d0000, lpProcName="ExecQueryWmi") returned 0x6f1d71c0 [0159.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x5e4e930, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 24 [0159.321] GetProcAddress (hModule=0x6f1d0000, lpProcName="ExecNotificationQueryWmi") returned 0x6f1d70f0 [0159.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x5e4e93c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 14 [0159.324] GetProcAddress (hModule=0x6f1d0000, lpProcName="PutInstanceWmi") returned 0x6f1d77c0 [0159.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x5e4e93c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi\x05\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 11 [0159.496] GetProcAddress (hModule=0x6f1d0000, lpProcName="PutClassWmi") returned 0x6f1d76f0 [0159.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x5e4e930, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 24 [0159.498] GetProcAddress (hModule=0x6f1d0000, lpProcName="CloneEnumWbemClassObject") returned 0x6f1d6c40 [0159.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x5e4e938, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 16 [0159.517] GetProcAddress (hModule=0x6f1d0000, lpProcName="ConnectServerWmi") returned 0x6f1d6d40 [0159.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetErrorInfo", cchWideChar=12, lpMultiByteStr=0x5e4e93c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetErrorInfo\x0458oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 12 [0159.612] GetProcAddress (hModule=0x6f1d0000, lpProcName="GetErrorInfo") returned 0x6f1d7330 [0159.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Initialize", cchWideChar=10, lpMultiByteStr=0x5e4e940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Initialize8oÄyÍbðù°s\x14ìä\x05", lpUsedDefaultChar=0x0) returned 10 [0159.617] GetProcAddress (hModule=0x6f1d0000, lpProcName="Initialize") returned 0x6f1d75e0 [0159.625] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x5e4e8f0 | out: phkResult=0x5e4e8f0*=0x9ff0) returned 0x0 [0159.626] RegQueryValueExW (in: hKey=0x9ff0, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x5e4e90c, lpData=0x0, lpcbData=0x5e4e908*=0x0 | out: lpType=0x5e4e90c*=0x0, lpData=0x0, lpcbData=0x5e4e908*=0x0) returned 0x2 [0159.626] RegCloseKey (hKey=0x9ff0) returned 0x0 [0159.626] CoCreateInstance (in: rclsid=0x6f1d36ac*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6f1d370c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5e4eff4 | out: ppv=0x5e4eff4*=0x1552128) returned 0x0 [0159.627] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1552128, strNetworkResource="\\\\.\\ROOT\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5e4f0fc | out: ppNamespace=0x5e4f0fc*=0x152bac0) returned 0x0 [0167.939] WbemLocator:IUnknown:QueryInterface (in: This=0x152bac0, riid=0x6f1d352c*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5e4ef1c | out: ppvObject=0x5e4ef1c*=0x153b658) returned 0x0 [0167.940] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x153b658, pProxy=0x152bac0, pAuthnSvc=0x5e4ef6c, pAuthzSvc=0x5e4ef68, pServerPrincName=0x5e4ef60, pAuthnLevel=0x5e4ef64, pImpLevel=0x5e4ef54, pAuthInfo=0x5e4ef58, pCapabilites=0x5e4ef5c | out: pAuthnSvc=0x5e4ef6c*=0xa, pAuthzSvc=0x5e4ef68*=0x0, pServerPrincName=0x5e4ef60, pAuthnLevel=0x5e4ef64*=0x6, pImpLevel=0x5e4ef54*=0x2, pAuthInfo=0x5e4ef58, pCapabilites=0x5e4ef5c*=0x1) returned 0x0 [0167.940] WbemLocator:IUnknown:Release (This=0x153b658) returned 0x1 [0167.940] WbemLocator:IUnknown:QueryInterface (in: This=0x152bac0, riid=0x6f1d351c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5e4ef10 | out: ppvObject=0x5e4ef10*=0x153b67c) returned 0x0 [0167.940] WbemLocator:IUnknown:QueryInterface (in: This=0x152bac0, riid=0x6f1d352c*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5e4eefc | out: ppvObject=0x5e4eefc*=0x153b658) returned 0x0 [0167.940] WbemLocator:IClientSecurity:SetBlanket (This=0x153b658, pProxy=0x152bac0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.940] WbemLocator:IUnknown:Release (This=0x153b658) returned 0x2 [0167.940] WbemLocator:IUnknown:Release (This=0x153b67c) returned 0x1 [0167.940] CoTaskMemFree (pv=0x15a1858) [0167.941] WbemLocator:IUnknown:AddRef (This=0x152bac0) returned 0x2 [0167.941] WbemLocator:IUnknown:Release (This=0x1552128) returned 0x0 [0167.941] CoGetContextToken (in: pToken=0x5e4e438 | out: pToken=0x5e4e438) returned 0x0 [0167.942] CoGetContextToken (in: pToken=0x5e4e840 | out: pToken=0x5e4e840) returned 0x0 [0167.942] WbemLocator:IUnknown:QueryInterface (in: This=0x152bac0, riid=0x73bf02b4*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5e4e7d8 | out: ppvObject=0x5e4e7d8*=0x153b660) returned 0x0 [0167.942] WbemLocator:IRpcOptions:Query (in: This=0x153b660, pPrx=0x159df68, dwProperty=2, pdwValue=0x5e4e8d8 | out: pdwValue=0x5e4e8d8) returned 0x80004002 [0167.942] WbemLocator:IUnknown:Release (This=0x153b660) returned 0x2 [0167.942] CoGetContextToken (in: pToken=0x5e4ee20 | out: pToken=0x5e4ee20) returned 0x0 [0167.942] CoGetContextToken (in: pToken=0x5e4ed80 | out: pToken=0x5e4ed80) returned 0x0 [0167.942] WbemLocator:IUnknown:QueryInterface (in: This=0x152bac0, riid=0x5e4ee50*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5e4ed18 | out: ppvObject=0x5e4ed18*=0x152bac0) returned 0x0 [0167.943] WbemLocator:IUnknown:Release (This=0x152bac0) returned 0x2 [0167.951] SysStringLen (param_1=0x0) returned 0x0 [0167.953] CoUninitialize () Thread: id = 108 os_tid = 0xec4 [0168.239] CoGetContextToken (in: pToken=0x5e4f02c | out: pToken=0x5e4f02c) returned 0x0 [0168.239] CoGetContextToken (in: pToken=0x5e4f01c | out: pToken=0x5e4f01c) returned 0x0 [0168.240] CoGetMarshalSizeMax (in: pulSize=0x5e4efd8, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x159df68, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x5e4efd8) returned 0x0 [0168.241] CoMarshalInterface (pStm=0x15a0248, riid=0x73bc3e5c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x159df68, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0168.246] WbemLocator:IUnknown:QueryInterface (in: This=0x152bac0, riid=0x1594b04*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5e4ee64 | out: ppvObject=0x5e4ee64*=0x152bac0) returned 0x0 [0168.247] WbemLocator:IUnknown:QueryInterface (in: This=0x152bac0, riid=0x6f104cd4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5e4ed9c | out: ppvObject=0x5e4ed9c*=0x152bac0) returned 0x0 [0168.248] WbemLocator:IUnknown:QueryInterface (in: This=0x152bac0, riid=0x6f104cd4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5e4ed18 | out: ppvObject=0x5e4ed18*=0x152bac0) returned 0x0 Thread: id = 136 os_tid = 0xd64 [0171.423] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0171.423] RoInitialize () returned 0x1 [0171.423] RoUninitialize () returned 0x0 [0171.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x43c8d40, Length=0x25348, ResultLength=0xe0af410 | out: SystemInformation=0x43c8d40, ResultLength=0xe0af410*=0x19878) returned 0x0 [0171.606] SleepEx (dwMilliseconds=0x7d0, bAlertable=1) Thread: id = 137 os_tid = 0xac8 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x742fe000" os_pid = "0x3ac" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xa], "NT SERVICE\\wuauserv" [0xa], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 15 os_tid = 0x12cc Thread: id = 16 os_tid = 0xf64 Thread: id = 17 os_tid = 0x1190 Thread: id = 18 os_tid = 0x117c Thread: id = 19 os_tid = 0x1184 Thread: id = 20 os_tid = 0x1174 Thread: id = 21 os_tid = 0x760 Thread: id = 22 os_tid = 0x10c8 Thread: id = 23 os_tid = 0xa7c Thread: id = 24 os_tid = 0x1020 Thread: id = 25 os_tid = 0x12d4 Thread: id = 26 os_tid = 0x129c Thread: id = 27 os_tid = 0x1298 Thread: id = 28 os_tid = 0x1294 Thread: id = 29 os_tid = 0x1264 Thread: id = 30 os_tid = 0x1224 Thread: id = 31 os_tid = 0x1220 Thread: id = 32 os_tid = 0x121c Thread: id = 33 os_tid = 0x1218 Thread: id = 34 os_tid = 0x1214 Thread: id = 35 os_tid = 0x1210 Thread: id = 36 os_tid = 0x1130 Thread: id = 37 os_tid = 0x1050 Thread: id = 38 os_tid = 0x1040 Thread: id = 39 os_tid = 0x103c Thread: id = 40 os_tid = 0x1038 Thread: id = 41 os_tid = 0xf90 Thread: id = 42 os_tid = 0xd94 Thread: id = 43 os_tid = 0xf74 Thread: id = 44 os_tid = 0xd9c Thread: id = 45 os_tid = 0xebc Thread: id = 46 os_tid = 0xf1c Thread: id = 47 os_tid = 0xec0 Thread: id = 48 os_tid = 0x5f0 Thread: id = 49 os_tid = 0xcd0 Thread: id = 50 os_tid = 0xa8c Thread: id = 51 os_tid = 0xf20 Thread: id = 52 os_tid = 0xaa0 Thread: id = 53 os_tid = 0xa30 Thread: id = 54 os_tid = 0xa14 Thread: id = 55 os_tid = 0xa0c Thread: id = 56 os_tid = 0x9e8 Thread: id = 57 os_tid = 0x9e0 Thread: id = 58 os_tid = 0x9d8 Thread: id = 59 os_tid = 0x9cc Thread: id = 60 os_tid = 0x9c4 Thread: id = 61 os_tid = 0x9b8 Thread: id = 62 os_tid = 0x9b0 Thread: id = 63 os_tid = 0x9a0 Thread: id = 64 os_tid = 0x998 Thread: id = 65 os_tid = 0x984 Thread: id = 66 os_tid = 0x978 Thread: id = 67 os_tid = 0x968 Thread: id = 68 os_tid = 0x95c Thread: id = 69 os_tid = 0x958 Thread: id = 70 os_tid = 0x944 Thread: id = 71 os_tid = 0x930 Thread: id = 72 os_tid = 0x914 Thread: id = 73 os_tid = 0x8ac Thread: id = 74 os_tid = 0x840 Thread: id = 75 os_tid = 0x83c Thread: id = 76 os_tid = 0x430 Thread: id = 77 os_tid = 0x7c0 Thread: id = 78 os_tid = 0x7bc Thread: id = 79 os_tid = 0x7ac Thread: id = 80 os_tid = 0x784 Thread: id = 81 os_tid = 0x780 Thread: id = 82 os_tid = 0x77c Thread: id = 83 os_tid = 0x6fc Thread: id = 84 os_tid = 0x678 Thread: id = 85 os_tid = 0x670 Thread: id = 86 os_tid = 0x660 Thread: id = 87 os_tid = 0x654 Thread: id = 88 os_tid = 0x61c Thread: id = 89 os_tid = 0x5d0 Thread: id = 90 os_tid = 0x5a0 Thread: id = 91 os_tid = 0x4ac Thread: id = 92 os_tid = 0x41c Thread: id = 93 os_tid = 0x414 Thread: id = 94 os_tid = 0x404 Thread: id = 95 os_tid = 0x158 Thread: id = 96 os_tid = 0x39c Thread: id = 97 os_tid = 0x2e8 Thread: id = 98 os_tid = 0x180 Thread: id = 99 os_tid = 0x234 Thread: id = 100 os_tid = 0x26c Thread: id = 101 os_tid = 0x2a0 Thread: id = 102 os_tid = 0x170 Thread: id = 103 os_tid = 0x1a8 Thread: id = 104 os_tid = 0x16c Thread: id = 105 os_tid = 0x3b0 Thread: id = 127 os_tid = 0xf38 Thread: id = 128 os_tid = 0xd98 Thread: id = 129 os_tid = 0xdb0 Thread: id = 130 os_tid = 0xef8 Thread: id = 131 os_tid = 0xf34 Thread: id = 198 os_tid = 0xf80 Thread: id = 205 os_tid = 0x12fc Thread: id = 206 os_tid = 0x11b0 Thread: id = 207 os_tid = 0x1280 Thread: id = 208 os_tid = 0x1208 Thread: id = 209 os_tid = 0x127c Thread: id = 210 os_tid = 0x1278 Process: id = "3" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x4baaa000" os_pid = "0xa80" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x3ac" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 106 os_tid = 0x860 Thread: id = 107 os_tid = 0xf4 Thread: id = 126 os_tid = 0xf28 Thread: id = 132 os_tid = 0xfcc Thread: id = 133 os_tid = 0xe14 Thread: id = 134 os_tid = 0xea0 Thread: id = 233 os_tid = 0xd00 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x7a9f2000" os_pid = "0x1060" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x2a4" cmd_line = "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xa], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 109 os_tid = 0x1090 Thread: id = 110 os_tid = 0x108c Thread: id = 111 os_tid = 0x1088 Thread: id = 112 os_tid = 0x1080 Thread: id = 113 os_tid = 0x1078 Thread: id = 114 os_tid = 0x1070 Thread: id = 115 os_tid = 0x106c Thread: id = 116 os_tid = 0x1064 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x3a6d1000" os_pid = "0xe0c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x2a4" cmd_line = "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0002e7d2" [0xc000000f] Thread: id = 117 os_tid = 0xf6c Thread: id = 118 os_tid = 0xe34 Thread: id = 119 os_tid = 0xe30 Thread: id = 120 os_tid = 0xe2c Thread: id = 121 os_tid = 0xe28 Thread: id = 122 os_tid = 0xe24 Thread: id = 123 os_tid = 0xe20 Thread: id = 124 os_tid = 0xe1c Thread: id = 125 os_tid = 0xe10 Process: id = "6" image_name = "mfo4ed9hfrpsso4o.exe" filename = "c:\\users\\fd1hvy\\desktop\\mfo4ed9hfrpsso4o.exe" page_root = "0x2f145000" os_pid = "0xe78" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x10c0" cmd_line = "\"{path}\"" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 135 os_tid = 0xcf4 [0170.758] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0xcfed18 | out: HeapArray=0xcfed18*=0xf00000) returned 0x1 [0170.770] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtPathName=0xcfecc8, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0170.774] NtCreateFile (in: FileHandle=0xcfece8, DesiredAccess=0x120089, ObjectAttributes=0xcfecb0*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xcfecd0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xcfece8*=0xa4, IoStatusBlock=0xcfecd0*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0171.201] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf02d58) returned 1 [0171.210] NtQueryInformationFile (in: FileHandle=0xa4, IoStatusBlock=0xcfecd0, FileInformation=0xcfec28, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xcfecd0, FileInformation=0xcfec28) returned 0x0 [0171.218] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x18bd90) returned 0x100f020 [0171.387] NtReadFile (in: FileHandle=0xa4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0xcfecd0, Buffer=0x100f020, BufferLength=0x18b990, ByteOffset=0xcfec40*=0, Key=0x0 | out: IoStatusBlock=0xcfecd0, Buffer=0x100f020*) returned 0x0 [0171.510] NtClose (Handle=0xa4) returned 0x0 [0171.510] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x18e001) returned 0x11aa020 [0171.611] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf038b0 [0171.611] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf048b8 [0171.611] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf058c0 [0171.611] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x2000) returned 0xf068c8 [0171.612] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf058c0) returned 1 [0171.612] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x3000) returned 0xf088d0 [0171.612] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf068c8) returned 1 [0171.612] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x4000) returned 0xf0b8d8 [0171.613] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf088d0) returned 1 [0171.613] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x5000) returned 0xf058c0 [0171.613] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0b8d8) returned 1 [0171.613] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf0a8c8 [0171.613] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x2000) returned 0xf0b8d0 [0171.613] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0a8c8) returned 1 [0171.613] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x3000) returned 0xf0d8d8 [0171.613] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0b8d0) returned 1 [0171.613] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x4000) returned 0xf108e0 [0171.614] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0d8d8) returned 1 [0171.614] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x5000) returned 0xf0a8c8 [0171.614] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf108e0) returned 1 [0171.614] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf0f8d0 [0171.614] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x2000) returned 0xf108d8 [0171.614] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0f8d0) returned 1 [0171.614] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x3000) returned 0xf128e0 [0171.614] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf108d8) returned 1 [0171.614] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x4000) returned 0xf158e8 [0171.614] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf128e0) returned 1 [0171.614] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x5000) returned 0xf0f8d0 [0171.614] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf158e8) returned 1 [0171.615] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf038b0) returned 1 [0171.615] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf048b8) returned 1 [0171.615] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf058c0) returned 1 [0171.615] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0a8c8) returned 1 [0171.615] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0f8d0) returned 1 [0171.674] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf038b0 [0171.723] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf048b8 [0171.723] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf058c0 [0171.723] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x2000) returned 0xf068c8 [0171.723] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf058c0) returned 1 [0171.723] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x3000) returned 0xf088d0 [0171.724] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf068c8) returned 1 [0171.724] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x4000) returned 0xf0b8d8 [0171.724] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf088d0) returned 1 [0171.724] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x5000) returned 0xf058c0 [0171.725] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0b8d8) returned 1 [0171.725] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf0a8c8 [0171.725] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x2000) returned 0xf0b8d0 [0171.725] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0a8c8) returned 1 [0171.725] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x3000) returned 0xf0d8d8 [0171.725] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0b8d0) returned 1 [0171.725] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x4000) returned 0xf108e0 [0171.725] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0d8d8) returned 1 [0171.725] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x5000) returned 0xf0a8c8 [0171.725] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf108e0) returned 1 [0171.725] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1000) returned 0xf0f8d0 [0171.726] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x2000) returned 0xf108d8 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0f8d0) returned 1 [0171.726] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x3000) returned 0xf128e0 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf108d8) returned 1 [0171.726] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x4000) returned 0xf158e8 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf128e0) returned 1 [0171.726] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x5000) returned 0xf0f8d0 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf158e8) returned 1 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf038b0) returned 1 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf048b8) returned 1 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf058c0) returned 1 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0a8c8) returned 1 [0171.726] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0f8d0) returned 1 [0171.727] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtPathName=0xcfec68, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0171.727] NtCreateFile (in: FileHandle=0xcfec88, DesiredAccess=0x120089, ObjectAttributes=0xcfec50*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xcfec70, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xcfec88*=0xa4, IoStatusBlock=0xcfec70*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0171.727] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf02d58) returned 1 [0171.727] NtQueryInformationFile (in: FileHandle=0xa4, IoStatusBlock=0xcfec70, FileInformation=0xcfe9e4, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0xcfec70, FileInformation=0xcfe9e4) returned 0x0 [0171.727] NtClose (Handle=0xa4) returned 0x0 [0171.727] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x208) returned 0xf038b0 [0171.727] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf038b0) returned 1 [0171.733] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x51f36000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0xcfeca4, Length=0x1c, ResultLength=0x0 | out: VirtualMemoryInformation=0xcfeca4*(BaseAddress=0x51f36000, AllocationBase=0x51f30000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000), ResultLength=0x0) returned 0x0 [0173.147] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0xcfecfc, Length=0x2, ResultLength=0x0 | out: SystemInformation=0xcfecfc, ResultLength=0x0) returned 0x0 [0173.325] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0xcfed20, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xcfed20, ReturnLength=0x0) returned 0x0 [0173.337] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0x11aa020) returned 1 [0173.341] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfe9b0*=0x0, ZeroBits=0x0, RegionSize=0xcfe9b4*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xcfe9b0*=0x8c0000, RegionSize=0xcfe9b4*=0x10000) returned 0x0 [0173.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x8c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x8c0000, ResultLength=0x0) returned 0xc0000004 [0173.355] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xcfed10*=0x8c0000, RegionSize=0xcfe9d4, FreeType=0x8000) returned 0x0 [0173.356] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfe99c*=0x0, ZeroBits=0x0, RegionSize=0xcfe9a0*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xcfe99c*=0x8c0000, RegionSize=0xcfe9a0*=0x20000) returned 0x0 [0173.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x8c0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x8c0000, ResultLength=0x0) returned 0xc0000004 [0173.359] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xcfed10*=0x8c0000, RegionSize=0xcfe9d4, FreeType=0x8000) returned 0x0 [0173.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfe99c*=0x0, ZeroBits=0x0, RegionSize=0xcfe9a0*=0x30000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xcfe99c*=0x970000, RegionSize=0xcfe9a0*=0x30000) returned 0x0 [0173.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x970000, Length=0x30000, ResultLength=0x0 | out: SystemInformation=0x970000, ResultLength=0x0) returned 0x0 [0173.482] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xcfed10*=0x970000, RegionSize=0xcfed14, FreeType=0x8000) returned 0x0 [0173.496] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xcfeacc | out: Value="FD1HVy") returned 0x0 [0173.496] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0xcfeb3c | out: BaseAddress=0xcfeb3c*=0x756e0000) returned 0x0 [0173.598] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0xcfed28 | out: TokenHandle=0xcfed28*=0xbc) returned 0x0 [0173.603] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcfed1c | out: lpLuid=0xcfed1c*(LowPart=0x14, HighPart=0)) returned 1 [0173.684] NtAdjustPrivilegesToken (in: TokenHandle=0xbc, DisableAllPrivileges=0, NewState=0xcfed18, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x0 [0173.687] NtClose (Handle=0xbc) returned 0x0 [0173.688] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xcfe2f4 | out: Value="FD1HVy") returned 0x0 [0173.744] RtlSetEnvironmentVariable (in: Environment=0x0, Name="310A-4BA", Value="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe" | out: Environment=0x0) returned 0x0 [0173.747] NtCreateSection (in: SectionHandle=0xcfe7f4, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xcfe594, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xcfe7f4*=0xbc) returned 0x0 [0173.750] NtMapViewOfSection (in: SectionHandle=0xbc, ProcessHandle=0xffffffff, BaseAddress=0xcfe7f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xcfe594*=0x2d600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xcfe7f8*=0x9b0000, SectionOffset=0x0, ViewSize=0xcfe594*=0x2e000) returned 0x0 [0173.755] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfdefc*=0x0, ZeroBits=0x0, RegionSize=0xcfdf00*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xcfdefc*=0x8d0000, RegionSize=0xcfdf00*=0x10000) returned 0x0 [0173.755] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x8d0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x8d0000, ResultLength=0x0) returned 0xc0000004 [0173.758] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xcfe588*=0x8d0000, RegionSize=0xcfdf20, FreeType=0x8000) returned 0x0 [0173.758] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfdee8*=0x0, ZeroBits=0x0, RegionSize=0xcfdeec*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xcfdee8*=0x9e0000, RegionSize=0xcfdeec*=0x20000) returned 0x0 [0173.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x9e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x9e0000, ResultLength=0x0) returned 0xc0000004 [0173.759] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xcfe588*=0x9e0000, RegionSize=0xcfdf20, FreeType=0x8000) returned 0x0 [0173.759] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfdee8*=0x0, ZeroBits=0x0, RegionSize=0xcfdeec*=0x30000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xcfdee8*=0xdd0000, RegionSize=0xcfdeec*=0x30000) returned 0x0 [0173.760] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0xdd0000, Length=0x30000, ResultLength=0x0 | out: SystemInformation=0xdd0000, ResultLength=0x0) returned 0x0 [0173.766] NtOpenProcess (in: ProcessHandle=0xcfe550, DesiredAccess=0x438, ObjectAttributes=0xcfe570*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xcfe544*(UniqueProcess=0x560, UniqueThread=0x0) | out: ProcessHandle=0xcfe550*=0xfc) returned 0x0 [0173.766] NtQueryInformationProcess (in: ProcessHandle=0xfc, ProcessInformationClass=0x1a, ProcessInformation=0xcfe25c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xcfe25c, ReturnLength=0x0) returned 0x0 [0173.766] NtCreateSection (in: SectionHandle=0xcfdef8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xcfdeb8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xcfdef8*=0x100) returned 0x0 [0173.766] NtMapViewOfSection (in: SectionHandle=0x100, ProcessHandle=0xffffffff, BaseAddress=0xcfdf00*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xcfdeb8*=0x103600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xcfdf00*=0x1660000, SectionOffset=0x0, ViewSize=0xcfdeb8*=0x104000) returned 0x0 [0173.771] NtMapViewOfSection (in: SectionHandle=0x100, ProcessHandle=0xfc, BaseAddress=0xcfdefc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xcfdef4*=0x103600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xcfdefc*=0x6120000, SectionOffset=0x0, ViewSize=0xcfdef4*=0x104000) returned 0x0 [0175.163] NtClose (Handle=0x100) returned 0x0 [0175.171] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x2000) returned 0xf0b1b8 [0175.172] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xcfdbc4 | out: TokenHandle=0xcfdbc4*=0x100) returned 0x0 [0175.177] NtQueryInformationToken (in: TokenHandle=0x100, TokenInformationClass=0x1, TokenInformation=0xcfd3bc, TokenInformationLength=0x400, ReturnLength=0xcfdbbc | out: TokenInformation=0xcfd3bc, ReturnLength=0xcfdbbc) returned 0x0 [0175.179] ConvertSidToStringSidW () returned 0x1 [0175.179] NtClose (Handle=0x100) returned 0x0 [0175.179] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfde34*=0x0, ZeroBits=0x0, RegionSize=0xcfde38*=0x13796, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xcfde34*=0x9e0000, RegionSize=0xcfde38*=0x14000) returned 0x0 [0175.180] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfde20*=0x0, ZeroBits=0x0, RegionSize=0xcfde24*=0x13796, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xcfde20*=0xe00000, RegionSize=0xcfde24*=0x14000) returned 0x0 [0175.190] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xcfde34*=0x41ee56, NumberOfBytesToProtect=0xcfde38, NewAccessProtection=0x40, OldAccessProtection=0xcfde80 | out: BaseAddress=0xcfde34*=0x41e000, NumberOfBytesToProtect=0xcfde38, OldAccessProtection=0xcfde80*=0x40) returned 0x0 [0175.190] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0b1b8) returned 1 [0175.252] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtPathName=0xcfdc2c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0175.254] NtCreateFile (in: FileHandle=0xcfdc4c, DesiredAccess=0x120089, ObjectAttributes=0xcfdc14*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xcfdc34, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xcfdc4c*=0x100, IoStatusBlock=0xcfdc34*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0175.255] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf00550) returned 1 [0175.259] NtQueryInformationFile (in: FileHandle=0x100, IoStatusBlock=0xcfdc34, FileInformation=0xcfd9a8, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0xcfdc34, FileInformation=0xcfd9a8) returned 0x0 [0175.259] NtClose (Handle=0x100) returned 0x0 [0175.260] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x208) returned 0xf054f0 [0175.260] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf054f0) returned 1 [0175.268] NtOpenProcess (in: ProcessHandle=0xcfde38, DesiredAccess=0x438, ObjectAttributes=0xcfd3e8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xcfd428*(UniqueProcess=0x560, UniqueThread=0x0) | out: ProcessHandle=0xcfde38*=0x100) returned 0x0 [0175.272] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x0, ProcessInformation=0xcfd438, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xcfd438, ReturnLength=0x0) returned 0x0 [0175.279] NtOpenThread (in: ThreadHandle=0xcfd3e0, DesiredAccess=0x1a, ObjectAttributes=0xcfd3e8, ClientId=0xcfd418*(UniqueProcess=0x0, UniqueThread=0x5cc) | out: ThreadHandle=0xcfd3e0*=0x104) returned 0x0 [0175.284] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0175.388] NtGetContextThread (in: ThreadHandle=0x104, Context=0xcfd930 | out: Context=0xcfd930*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x40, [65]=0xbe, [66]=0xa6, [67]=0xff, [68]=0xff, [69]=0xff, [70]=0xff, [71]=0xff, [72]=0x15, [73]=0x5, [74]=0x1, [75]=0x9f, [76]=0xff, [77]=0xff, [78]=0xff, [79]=0xff), FloatSave.Cr0NpxState=0xdf0680, SegGs=0x0, SegFs=0xc96200, SegEs=0x0, SegDs=0x75f2c8, Edi=0x0, Esi=0x75f340, Ebx=0x0, Edx=0xc952c0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x75ebd0, SegCs=0x0, EFlags=0x75ebd0, Esp=0x0, SegSs=0x9ce726b2, ExtendedRegisters=([0]=0xff, [1]=0xf, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x1, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x4, [11]=0x0, [12]=0xff, [13]=0xff, [14]=0xff, [15]=0xff, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0xf0, [29]=0x96, [30]=0xd6, [31]=0xe7, [32]=0xfc, [33]=0x7f, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x4, [45]=0x12, [46]=0xff, [47]=0xe6, [48]=0xfc, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x3e, [213]=0xf, [214]=0xe9, [215]=0x41, [216]=0xc1, [217]=0x56, [218]=0x33, [219]=0x46, [220]=0x81, [221]=0xc3, [222]=0x6e, [223]=0x8b, [224]=0xac, [225]=0x8b, [226]=0xdd, [227]=0x70, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0175.392] NtSetContextThread (ThreadHandle=0x104, Context=0xcfd930*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x40, [65]=0xbe, [66]=0xa6, [67]=0xff, [68]=0xff, [69]=0xff, [70]=0xff, [71]=0xff, [72]=0x15, [73]=0x5, [74]=0x1, [75]=0x9f, [76]=0xff, [77]=0xff, [78]=0xff, [79]=0xff), FloatSave.Cr0NpxState=0xdf0680, SegGs=0x0, SegFs=0xc96200, SegEs=0x0, SegDs=0x75f2c8, Edi=0x0, Esi=0x75f340, Ebx=0x0, Edx=0xc952c0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x75ebd0, SegCs=0x0, EFlags=0x75ebd0, Esp=0x0, SegSs=0x9ce726b2, ExtendedRegisters=([0]=0xff, [1]=0xf, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x1, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x4, [11]=0x0, [12]=0xff, [13]=0xff, [14]=0xff, [15]=0xff, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0xf0, [29]=0x96, [30]=0xd6, [31]=0xe7, [32]=0xfc, [33]=0x7f, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x15, [45]=0x35, [46]=0x18, [47]=0x6, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x3e, [213]=0xf, [214]=0xe9, [215]=0x41, [216]=0xc1, [217]=0x56, [218]=0x33, [219]=0x46, [220]=0x81, [221]=0xc3, [222]=0x6e, [223]=0x8b, [224]=0xac, [225]=0x8b, [226]=0xdd, [227]=0x70, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0175.394] NtQueueApcThread (ThreadHandle=0x104, ApcRoutine=0x6183539, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0175.399] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0175.399] NtClose (Handle=0x100) returned 0x0 [0175.399] NtClose (Handle=0x104) returned 0x0 [0175.399] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32.dll", BaseAddress=0xcfdb38 | out: BaseAddress=0xcfdb38*=0x750c0000) returned 0x0 [0175.518] PostThreadMessageW (idThread=0x5cc, Msg=0x111, wParam=0x0, lParam=0x0) returned 1 [0175.605] NtDelayExecution (Alertable=0, Interval=0xcfdbb0*=-30000000) returned 0x0 [0178.645] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x61c6000, Buffer=0xcfdbd4, NumberOfBytesToRead=0x2a8, NumberOfBytesRead=0x0 | out: Buffer=0xcfdbd4*, NumberOfBytesRead=0x0) returned 0x0 [0178.645] NtClose (Handle=0xfc) returned 0x0 [0178.645] NtOpenProcess (in: ProcessHandle=0xcfecb0, DesiredAccess=0x438, ObjectAttributes=0xcfe570*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xcfe544*(UniqueProcess=0xf5c, UniqueThread=0x0) | out: ProcessHandle=0xcfecb0*=0xfc) returned 0x0 [0178.649] NtOpenThread (in: ThreadHandle=0xcfecb4, DesiredAccess=0x1a, ObjectAttributes=0xcfe570, ClientId=0xcfe53c*(UniqueProcess=0x0, UniqueThread=0x4f0) | out: ThreadHandle=0xcfecb4*=0x118) returned 0x0 [0178.649] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\netsh.exe", NtPathName=0xcfdb74, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\netsh.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0178.649] NtCreateFile (in: FileHandle=0xcfdb94, DesiredAccess=0x120089, ObjectAttributes=0xcfdb5c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\netsh.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xcfdb7c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xcfdb94*=0x11c, IoStatusBlock=0xcfdb7c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0178.650] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf01158) returned 1 [0178.650] NtQueryInformationFile (in: FileHandle=0x11c, IoStatusBlock=0xcfdb7c, FileInformation=0xcfdad4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xcfdb7c, FileInformation=0xcfdad4) returned 0x0 [0178.650] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x14800) returned 0xf0f678 [0178.656] NtReadFile (in: FileHandle=0x11c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0xcfdb7c, Buffer=0xf0f678, BufferLength=0x14400, ByteOffset=0xcfdaec*=0, Key=0x0 | out: IoStatusBlock=0xcfdb7c, Buffer=0xf0f678*) returned 0x0 [0179.072] NtClose (Handle=0x11c) returned 0x0 [0179.072] RtlAllocateHeap (HeapHandle=0xf00000, Flags=0x0, Size=0x1e001) returned 0xf23e80 [0179.075] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf0f678) returned 1 [0179.075] NtQueryInformationProcess (in: ProcessHandle=0xfc, ProcessInformationClass=0x0, ProcessInformation=0xcfdee0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xcfdee0, ReturnLength=0x0) returned 0x0 [0179.075] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0x8d1008, Buffer=0xcfeaa4, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x0 | out: Buffer=0xcfeaa4*, NumberOfBytesRead=0x0) returned 0x0 [0179.075] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xcfe588*=0xdd0000, RegionSize=0xcfe58c, FreeType=0x8000) returned 0x0 [0179.075] NtReadVirtualMemory (in: ProcessHandle=0xfc, BaseAddress=0xa40000, Buffer=0xf23e80, NumberOfBytesToRead=0x1e000, NumberOfBytesRead=0x0 | out: Buffer=0xf23e80*, NumberOfBytesRead=0x0) returned 0x0 [0179.078] NtCreateSection (in: SectionHandle=0xcfed40, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xcfe594, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xcfed40*=0x11c) returned 0x0 [0179.078] NtMapViewOfSection (in: SectionHandle=0x11c, ProcessHandle=0xffffffff, BaseAddress=0xcfed3c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xcfe594*=0x2d600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xcfed3c*=0xdd0000, SectionOffset=0x0, ViewSize=0xcfe594*=0x2e000) returned 0x0 [0179.080] NtMapViewOfSection (in: SectionHandle=0x11c, ProcessHandle=0xfc, BaseAddress=0xcfe7fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xcfea28*=0x2d600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xcfe7fc*=0x760000, SectionOffset=0x0, ViewSize=0xcfea28*=0x2e000) returned 0x0 [0179.082] NtCreateSection (in: SectionHandle=0xcfea9c, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xcfe5a4, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xcfea9c*=0x120) returned 0x0 [0179.082] NtMapViewOfSection (in: SectionHandle=0x120, ProcessHandle=0xffffffff, BaseAddress=0xcfeaa0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xcfe5a4*=0x1e000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xcfeaa0*=0xe40000, SectionOffset=0x0, ViewSize=0xcfe5a4*=0x1e000) returned 0x0 [0179.085] RtlFreeHeap (HeapHandle=0xf00000, Flags=0x0, BaseAddress=0xf23e80) returned 1 [0179.092] NtUnmapViewOfSection (ProcessHandle=0xfc, BaseAddress=0xa40000) returned 0x0 [0179.094] NtMapViewOfSection (in: SectionHandle=0x120, ProcessHandle=0xfc, BaseAddress=0xcfeaa4*=0xa40000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xcfecd0*=0x1e000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xcfeaa4*=0xa40000, SectionOffset=0x0, ViewSize=0xcfecd0*=0x1e000) returned 0x0 [0179.104] NtResumeThread (in: ThreadHandle=0x118, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0179.108] ExitProcess (uExitCode=0x0) Thread: id = 138 os_tid = 0x728 Process: id = "7" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x46d7a000" os_pid = "0x560" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "6" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\WINDOWS\\Explorer.EXE" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 139 os_tid = 0xb50 Thread: id = 140 os_tid = 0xd8c Thread: id = 141 os_tid = 0xd30 Thread: id = 142 os_tid = 0xf94 Thread: id = 143 os_tid = 0xcb4 Thread: id = 144 os_tid = 0xcb0 Thread: id = 145 os_tid = 0xcac Thread: id = 146 os_tid = 0xca8 Thread: id = 147 os_tid = 0xca0 Thread: id = 148 os_tid = 0xc9c Thread: id = 149 os_tid = 0xc98 Thread: id = 150 os_tid = 0xc94 Thread: id = 151 os_tid = 0xc70 Thread: id = 152 os_tid = 0xc3c Thread: id = 153 os_tid = 0xc38 Thread: id = 154 os_tid = 0xc34 Thread: id = 155 os_tid = 0x6e4 Thread: id = 156 os_tid = 0x880 Thread: id = 157 os_tid = 0xb10 Thread: id = 158 os_tid = 0xaf8 Thread: id = 159 os_tid = 0xaf4 Thread: id = 160 os_tid = 0xaf0 Thread: id = 161 os_tid = 0xaec Thread: id = 162 os_tid = 0xae8 Thread: id = 163 os_tid = 0xae4 Thread: id = 164 os_tid = 0xae0 Thread: id = 165 os_tid = 0xadc Thread: id = 166 os_tid = 0xad8 Thread: id = 167 os_tid = 0xad4 Thread: id = 168 os_tid = 0xad0 Thread: id = 169 os_tid = 0xacc Thread: id = 170 os_tid = 0xac4 Thread: id = 171 os_tid = 0xa98 Thread: id = 172 os_tid = 0xa78 Thread: id = 173 os_tid = 0xa44 Thread: id = 174 os_tid = 0xa40 Thread: id = 175 os_tid = 0xa2c Thread: id = 176 os_tid = 0x988 Thread: id = 177 os_tid = 0x970 Thread: id = 178 os_tid = 0x96c Thread: id = 179 os_tid = 0x940 Thread: id = 180 os_tid = 0x920 Thread: id = 181 os_tid = 0x904 Thread: id = 182 os_tid = 0x8fc Thread: id = 183 os_tid = 0x8f8 Thread: id = 184 os_tid = 0x8d8 Thread: id = 185 os_tid = 0x89c Thread: id = 186 os_tid = 0x884 Thread: id = 187 os_tid = 0x820 Thread: id = 188 os_tid = 0x810 Thread: id = 189 os_tid = 0x80c Thread: id = 190 os_tid = 0x668 Thread: id = 191 os_tid = 0x5d8 Thread: id = 192 os_tid = 0x64c Thread: id = 193 os_tid = 0x788 Thread: id = 194 os_tid = 0x5cc [0175.665] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.665] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.665] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.665] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.665] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.666] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.667] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.668] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.669] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.670] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.671] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.672] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.673] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.674] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.675] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.676] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.677] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.678] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.679] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.679] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\dwm.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0), hNewToken=0x0) returned 0 [0175.964] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\netsh.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x75f158*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x75f130, hNewToken=0x0 | out: lpProcessInformation=0x75f130*(hProcess=0x9d8, hThread=0x1754, dwProcessId=0xf5c, dwThreadId=0x4f0), hNewToken=0x0) returned 1 [0216.778] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x75edc0 | out: HeapArray=0x75edc0*=0xbb0000) returned 0x5 [0216.783] RtlAllocateHeap (HeapHandle=0xbb0000, Flags=0x0, Size=0x3da0) returned 0x83a2e50 [0216.794] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x75eba0 | out: Value="FD1HVy") returned 0x0 [0216.973] RtlIntegerToChar (in: Value=0x560, Base=0x0, Length=0x20, String=0x75f180 | out: String="1376") returned 0x0 [0216.973] RtlIntegerToChar (in: Value=0xf2cc053, Base=0x0, Length=0x20, String=0x75f180 | out: String="254591059") returned 0x0 [0216.973] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="S-1-5-21-1051304-1376254591059") returned 0x177c [0216.973] GetLastError () returned 0x0 [0217.086] LdrGetProcedureAddress (in: BaseAddress=0x7ffce94f0000, Name="CoUninitialize", Ordinal=0x0, ProcedureAddress=0x75f040 | out: ProcedureAddress=0x75f040*=0x7ffce9f4f020) returned 0x0 [0217.089] LdrGetProcedureAddress (in: BaseAddress=0x7ffce94f0000, Name="CoInitializeEx", Ordinal=0x0, ProcedureAddress=0x75f040 | out: ProcedureAddress=0x75f040*=0x7ffce9f4efc0) returned 0x0 [0217.091] LdrGetProcedureAddress (in: BaseAddress=0x7ffce94f0000, Name="CoCreateInstance", Ordinal=0x0, ProcedureAddress=0x75f040 | out: ProcedureAddress=0x75f040*=0x7ffce9fc5110) returned 0x0 [0217.224] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x75e930 | out: Value="FD1HVy") returned 0x0 [0217.233] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x75ec30 | out: Value="C:\\Users\\FD1HVy\\AppData\\Roaming") returned 0x0 [0217.253] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x75ede8*=0x7ffce929f610, NumberOfBytesToProtect=0x75ede0, NewAccessProtection=0x40, OldAccessProtection=0x75ef30 | out: BaseAddress=0x75ede8*=0x7ffce929f000, NumberOfBytesToProtect=0x75ede0, OldAccessProtection=0x75ef30*=0x20) returned 0x0 [0217.357] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x75ede8*=0x7ffce929f610, NumberOfBytesToProtect=0x75ede0, NewAccessProtection=0x20, OldAccessProtection=0x75ef30 | out: BaseAddress=0x75ede8*=0x7ffce929f000, NumberOfBytesToProtect=0x75ede0, OldAccessProtection=0x75ef30*=0x40) returned 0x0 [0217.942] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x75ede8*=0x7ffce92a2c40, NumberOfBytesToProtect=0x75ede0, NewAccessProtection=0x40, OldAccessProtection=0x75ef30 | out: BaseAddress=0x75ede8*=0x7ffce92a2000, NumberOfBytesToProtect=0x75ede0, OldAccessProtection=0x75ef30*=0x20) returned 0x0 [0218.002] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x75ede8*=0x7ffce92a2c40, NumberOfBytesToProtect=0x75ede0, NewAccessProtection=0x20, OldAccessProtection=0x75ef30 | out: BaseAddress=0x75ede8*=0x7ffce92a2000, NumberOfBytesToProtect=0x75ede0, OldAccessProtection=0x75ef30*=0x40) returned 0x0 [0218.114] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x75ede8*=0x7ffce929ef80, NumberOfBytesToProtect=0x75ede0, NewAccessProtection=0x40, OldAccessProtection=0x75ef30 | out: BaseAddress=0x75ede8*=0x7ffce929e000, NumberOfBytesToProtect=0x75ede0, OldAccessProtection=0x75ef30*=0x20) returned 0x0 [0218.130] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x75ede8*=0x7ffce929ef80, NumberOfBytesToProtect=0x75ede0, NewAccessProtection=0x20, OldAccessProtection=0x75ef30 | out: BaseAddress=0x75ede8*=0x7ffce929e000, NumberOfBytesToProtect=0x75ede0, OldAccessProtection=0x75ef30*=0x40) returned 0x0 [0218.336] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x75ede8*=0x7ffce929f0b0, NumberOfBytesToProtect=0x75ede0, NewAccessProtection=0x40, OldAccessProtection=0x75ef30 | out: BaseAddress=0x75ede8*=0x7ffce929f000, NumberOfBytesToProtect=0x75ede0, OldAccessProtection=0x75ef30*=0x20) returned 0x0 [0218.350] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x75ede8*=0x7ffce929f0b0, NumberOfBytesToProtect=0x75ede0, NewAccessProtection=0x20, OldAccessProtection=0x75ef30 | out: BaseAddress=0x75ede8*=0x7ffce929f000, NumberOfBytesToProtect=0x75ede0, OldAccessProtection=0x75ef30*=0x40) returned 0x0 [0218.697] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x75ebce, cbSize=0x75eba0 | out: pszUAOut="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", cbSize=0x75eba0) returned 0x0 [0224.599] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x75efa0 | out: lpWSAData=0x75efa0) returned 0 [0224.606] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2a8a405, lpParameter=0x2a8f796, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14f8 Thread: id = 214 os_tid = 0x368 Thread: id = 226 os_tid = 0x1394 [0224.694] Sleep (dwMilliseconds=0x7d0) [0226.738] Sleep (dwMilliseconds=0x7d0) [0228.867] Sleep (dwMilliseconds=0x7d0) [0230.930] Sleep (dwMilliseconds=0x7d0) [0232.944] Sleep (dwMilliseconds=0x7d0) [0234.959] Sleep (dwMilliseconds=0x7d0) [0236.960] Sleep (dwMilliseconds=0x7d0) [0238.963] Sleep (dwMilliseconds=0x7d0) [0240.977] Sleep (dwMilliseconds=0x7d0) [0242.992] Sleep (dwMilliseconds=0x7d0) [0245.102] Sleep (dwMilliseconds=0x7d0) [0247.196] Sleep (dwMilliseconds=0x7d0) [0249.212] Sleep (dwMilliseconds=0x7d0) [0251.228] Sleep (dwMilliseconds=0x7d0) [0253.243] Sleep (dwMilliseconds=0x7d0) [0255.336] Sleep (dwMilliseconds=0x7d0) [0257.353] Sleep (dwMilliseconds=0x7d0) [0259.370] Sleep (dwMilliseconds=0x7d0) [0261.400] Sleep (dwMilliseconds=0x7d0) [0263.444] Sleep (dwMilliseconds=0x7d0) [0265.491] Sleep (dwMilliseconds=0x7d0) [0267.508] Sleep (dwMilliseconds=0x7d0) [0269.539] Sleep (dwMilliseconds=0x7d0) [0271.555] Sleep (dwMilliseconds=0x7d0) [0273.580] Sleep (dwMilliseconds=0x7d0) [0275.627] Sleep (dwMilliseconds=0x7d0) [0277.644] Sleep (dwMilliseconds=0x7d0) [0279.706] Sleep (dwMilliseconds=0x7d0) [0281.816] Sleep (dwMilliseconds=0x7d0) [0283.860] Sleep (dwMilliseconds=0x7d0) [0285.908] Sleep (dwMilliseconds=0x7d0) [0287.923] Sleep (dwMilliseconds=0x7d0) [0289.970] Sleep (dwMilliseconds=0x7d0) [0291.987] Sleep (dwMilliseconds=0x7d0) [0294.022] Sleep (dwMilliseconds=0x7d0) [0296.069] Sleep (dwMilliseconds=0x7d0) [0298.189] Sleep (dwMilliseconds=0x7d0) [0300.244] Sleep (dwMilliseconds=0x7d0) [0302.251] Sleep (dwMilliseconds=0x7d0) [0304.286] Sleep (dwMilliseconds=0x7d0) [0306.304] Sleep (dwMilliseconds=0x7d0) [0308.363] Sleep (dwMilliseconds=0x7d0) [0310.472] Sleep (dwMilliseconds=0x7d0) [0312.515] Sleep (dwMilliseconds=0x7d0) [0314.542] Sleep (dwMilliseconds=0x7d0) [0316.625] Sleep (dwMilliseconds=0x7d0) [0318.640] Sleep (dwMilliseconds=0x7d0) [0320.675] Sleep (dwMilliseconds=0x7d0) Thread: id = 229 os_tid = 0x1260 Thread: id = 230 os_tid = 0x1230 Process: id = "8" image_name = "netsh.exe" filename = "c:\\windows\\syswow64\\netsh.exe" page_root = "0x621e000" os_pid = "0xf5c" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x560" cmd_line = "\"C:\\Windows\\SysWOW64\\netsh.exe\"" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 195 os_tid = 0x4f0 [0179.345] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x2b5efa8 | out: HeapArray=0x2b5efa8*=0x2c00000) returned 0x2 [0179.357] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtPathName=0x2b5ef58, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0179.378] NtCreateFile (in: FileHandle=0x2b5ef78, DesiredAccess=0x120089, ObjectAttributes=0x2b5ef40*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5ef60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5ef78*=0xf8, IoStatusBlock=0x2b5ef60*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0180.664] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04e80) returned 1 [0180.668] NtQueryInformationFile (in: FileHandle=0xf8, IoStatusBlock=0x2b5ef60, FileInformation=0x2b5eeb8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5ef60, FileInformation=0x2b5eeb8) returned 0x0 [0180.677] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x18bd90) returned 0x3021020 [0180.713] NtReadFile (in: FileHandle=0xf8, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x2b5ef60, Buffer=0x3021020, BufferLength=0x18b990, ByteOffset=0x2b5eed0*=0, Key=0x0 | out: IoStatusBlock=0x2b5ef60, Buffer=0x3021020*) returned 0x0 [0180.723] NtClose (Handle=0xf8) returned 0x0 [0180.723] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x18e001) returned 0x31b1020 [0180.750] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x3021020) returned 1 [0180.760] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5ef4c*=0x0, ZeroBits=0x0, RegionSize=0x2b5ef50*=0x31f69c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x2b5ef4c*=0x3350000, RegionSize=0x2b5ef50*=0x320000) returned 0x0 [0180.847] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c0c9e0 [0180.848] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c0d9e8 [0180.848] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c0e9f0 [0180.848] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x2000) returned 0x2c0f9f8 [0180.848] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0e9f0) returned 1 [0180.848] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x3000) returned 0x2c11a00 [0180.849] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0f9f8) returned 1 [0180.849] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x4000) returned 0x2c14a08 [0180.849] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c11a00) returned 1 [0180.849] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x5000) returned 0x2c0e9f0 [0180.849] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c14a08) returned 1 [0180.849] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c139f8 [0180.849] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x2000) returned 0x2c14a00 [0180.849] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c139f8) returned 1 [0180.849] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x3000) returned 0x2c16a08 [0180.849] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c14a00) returned 1 [0180.849] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x4000) returned 0x2c19a10 [0180.850] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c16a08) returned 1 [0180.850] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x5000) returned 0x2c139f8 [0180.850] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c19a10) returned 1 [0180.850] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c18a00 [0180.850] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x2000) returned 0x2c19a08 [0180.850] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c18a00) returned 1 [0180.850] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x3000) returned 0x2c1ba10 [0180.850] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c19a08) returned 1 [0180.850] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x4000) returned 0x2c1ea18 [0180.851] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1ba10) returned 1 [0180.851] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x5000) returned 0x2c18a00 [0180.851] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1ea18) returned 1 [0180.851] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0c9e0) returned 1 [0180.851] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0d9e8) returned 1 [0180.851] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0e9f0) returned 1 [0180.852] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c139f8) returned 1 [0180.852] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c18a00) returned 1 [0181.029] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c0c9e0 [0181.029] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c0d9e8 [0181.029] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c0e9f0 [0181.029] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x2000) returned 0x2c0f9f8 [0181.030] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0e9f0) returned 1 [0181.030] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x3000) returned 0x2c11a00 [0181.030] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0f9f8) returned 1 [0181.030] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x4000) returned 0x2c14a08 [0181.030] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c11a00) returned 1 [0181.031] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x5000) returned 0x2c0e9f0 [0181.032] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c14a08) returned 1 [0181.032] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c139f8 [0181.033] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x2000) returned 0x2c14a00 [0181.033] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c139f8) returned 1 [0181.033] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x3000) returned 0x2c16a08 [0181.033] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c14a00) returned 1 [0181.033] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x4000) returned 0x2c19a10 [0181.034] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c16a08) returned 1 [0181.034] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x5000) returned 0x2c139f8 [0181.034] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c19a10) returned 1 [0181.034] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c18a00 [0181.034] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x2000) returned 0x2c19a08 [0181.034] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c18a00) returned 1 [0181.034] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x3000) returned 0x2c1ba10 [0181.034] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c19a08) returned 1 [0181.034] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x4000) returned 0x2c1ea18 [0181.034] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1ba10) returned 1 [0181.034] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x5000) returned 0x2c18a00 [0181.035] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1ea18) returned 1 [0181.035] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0c9e0) returned 1 [0181.035] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0d9e8) returned 1 [0181.035] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0e9f0) returned 1 [0181.035] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c139f8) returned 1 [0181.036] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c18a00) returned 1 [0181.037] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtPathName=0x2b5eef8, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0181.037] NtCreateFile (in: FileHandle=0x2b5ef18, DesiredAccess=0x120089, ObjectAttributes=0x2b5eee0*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5ef00, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5ef18*=0xf8, IoStatusBlock=0x2b5ef00*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0181.037] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04e80) returned 1 [0181.037] NtQueryInformationFile (in: FileHandle=0xf8, IoStatusBlock=0x2b5ef00, FileInformation=0x2b5ec74, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x2b5ef00, FileInformation=0x2b5ec74) returned 0x0 [0181.037] NtClose (Handle=0xf8) returned 0x0 [0181.037] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x208) returned 0x2c0c9e0 [0181.037] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0c9e0) returned 1 [0181.043] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x51f36000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x2b5ef34, Length=0x1c, ResultLength=0x0 | out: VirtualMemoryInformation=0x2b5ef34*(BaseAddress=0x51f36000, AllocationBase=0x51f30000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000), ResultLength=0x0) returned 0x0 [0181.748] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0x2b5ef8c, Length=0x2, ResultLength=0x0 | out: SystemInformation=0x2b5ef8c, ResultLength=0x0) returned 0x0 [0181.783] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x2b5efb0, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5efb0, ReturnLength=0x0) returned 0x0 [0181.806] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x31b1020) returned 1 [0181.816] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5ec40*=0x0, ZeroBits=0x0, RegionSize=0x2b5ec44*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x2b5ec40*=0x6c0000, RegionSize=0x2b5ec44*=0x10000) returned 0x0 [0181.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x6c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x6c0000, ResultLength=0x0) returned 0xc0000004 [0181.828] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x2b5efa0*=0x6c0000, RegionSize=0x2b5ec64, FreeType=0x8000) returned 0x0 [0181.828] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5ec2c*=0x0, ZeroBits=0x0, RegionSize=0x2b5ec30*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x2b5ec2c*=0x7e0000, RegionSize=0x2b5ec30*=0x20000) returned 0x0 [0181.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x7e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x7e0000, ResultLength=0x0) returned 0xc0000004 [0181.832] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x2b5efa0*=0x7e0000, RegionSize=0x2b5ec64, FreeType=0x8000) returned 0x0 [0181.833] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5ec2c*=0x0, ZeroBits=0x0, RegionSize=0x2b5ec30*=0x30000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x2b5ec2c*=0xa00000, RegionSize=0x2b5ec30*=0x30000) returned 0x0 [0181.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0xa00000, Length=0x30000, ResultLength=0x0 | out: SystemInformation=0xa00000, ResultLength=0x0) returned 0x0 [0181.859] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x2b5efa0*=0xa00000, RegionSize=0x2b5efa4, FreeType=0x8000) returned 0x0 [0181.874] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x2b5ed5c | out: Value="FD1HVy") returned 0x0 [0181.874] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0x2b5edcc | out: BaseAddress=0x2b5edcc*=0x756e0000) returned 0x0 [0181.882] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x2b5efb8 | out: TokenHandle=0x2b5efb8*=0xf8) returned 0x0 [0181.887] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x2b5efac | out: lpLuid=0x2b5efac*(LowPart=0x14, HighPart=0)) returned 1 [0181.896] NtAdjustPrivilegesToken (in: TokenHandle=0xf8, DisableAllPrivileges=0, NewState=0x2b5efa8, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x106 [0181.898] NtClose (Handle=0xf8) returned 0x0 [0181.898] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x2b5eb00 | out: Value="FD1HVy") returned 0x0 [0181.898] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="310A-4BA", Value=0x2b5ed98 | out: Value=0x2b5ed98) returned 0xc0000100 [0181.898] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x2b5e8e0 | out: Value="FD1HVy") returned 0x0 [0181.902] NtOpenDirectoryObject (in: FileHandle=0x2b5eb8c, DesiredAccess=0x2000f, ObjectAttributes=0x2b5eb58*(Length=0x18, RootDirectory=0x0, ObjectName="\\BaseNamedObjects", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: FileHandle=0x2b5eb8c*=0xf8) returned 0x0 [0181.904] NtCreateMutant (in: MutantHandle=0x2b5edb8, DesiredAccess=0x1f0001, ObjectAttributes=0x2b5eb40*(Length=0x18, RootDirectory=0xf8, ObjectName="310A-4BA29U3JAIZ", Attributes=0x80, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), InitialOwner=0 | out: MutantHandle=0x2b5edb8*=0x11c) returned 0x0 [0181.904] NtClose (Handle=0xf8) returned 0x0 [0181.905] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x2b5e7c0 | out: Value="FD1HVy") returned 0x0 [0181.905] NtOpenDirectoryObject (in: FileHandle=0x2b5eb84, DesiredAccess=0x2000f, ObjectAttributes=0x2b5eb50*(Length=0x18, RootDirectory=0x0, ObjectName="\\BaseNamedObjects", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: FileHandle=0x2b5eb84*=0xf8) returned 0x0 [0181.905] NtCreateMutant (in: MutantHandle=0x2b5edb0, DesiredAccess=0x1f0001, ObjectAttributes=0x2b5eb38*(Length=0x18, RootDirectory=0xf8, ObjectName="-6NBP70TX9468WZz", Attributes=0x80, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), InitialOwner=0 | out: MutantHandle=0x2b5edb0*=0x120) returned 0x0 [0181.905] NtClose (Handle=0xf8) returned 0x0 [0181.937] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c10920 [0181.937] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c11928 [0181.937] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c12930 [0181.950] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", NtPathName=0x2b5ed70, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0181.952] NtCreateFile (in: FileHandle=0x2b5ed90, DesiredAccess=0x120089, ObjectAttributes=0x2b5ed58*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5ed78, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5ed90*=0xf8, IoStatusBlock=0x2b5ed78*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0181.952] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0181.956] NtQueryInformationFile (in: FileHandle=0xf8, IoStatusBlock=0x2b5ed78, FileInformation=0x2b5ecd0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5ed78, FileInformation=0x2b5ecd0) returned 0x0 [0181.957] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0xda200) returned 0x3025020 [0182.058] NtReadFile (in: FileHandle=0xf8, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x2b5ed78, Buffer=0x3025020, BufferLength=0xd9e00, ByteOffset=0x2b5ece8*=0, Key=0x0 | out: IoStatusBlock=0x2b5ed78, Buffer=0x3025020*) returned 0x0 [0182.071] NtClose (Handle=0xf8) returned 0x0 [0182.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", NtPathName=0x2b5ed60, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0182.071] NtCreateFile (in: FileHandle=0x2b5ed80, DesiredAccess=0x120089, ObjectAttributes=0x2b5ed48*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5ed68, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5ed80*=0xf8, IoStatusBlock=0x2b5ed68*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0182.072] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0182.072] NtQueryInformationFile (in: FileHandle=0xf8, IoStatusBlock=0x2b5ed68, FileInformation=0x2b5ecc0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5ed68, FileInformation=0x2b5ecc0) returned 0x0 [0182.072] NtClose (Handle=0xf8) returned 0x0 [0182.072] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", NtPathName=0x2b5ed90, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0182.072] NtCreateFile (in: FileHandle=0x2b5edb0, DesiredAccess=0x120089, ObjectAttributes=0x2b5ed78*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\Desktop\\mFO4ED9hfrpsSO4O.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5ed98, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5edb0*=0xf8, IoStatusBlock=0x2b5ed98*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0182.072] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0182.157] SetErrorMode (uMode=0x8003) returned 0x1 [0182.160] NtCreateSection (in: SectionHandle=0x2b5e9d8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e754, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e9d8*=0x124) returned 0x0 [0182.163] NtMapViewOfSection (in: SectionHandle=0x124, ProcessHandle=0xffffffff, BaseAddress=0x2b5e9dc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e754*=0x2d600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e9dc*=0xa00000, SectionOffset=0x0, ViewSize=0x2b5e754*=0x2e000) returned 0x0 [0182.168] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5e74c*=0x0, ZeroBits=0x0, RegionSize=0x2b5e750*=0x2d600, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x2b5e74c*=0x2b60000, RegionSize=0x2b5e750*=0x2e000) returned 0x0 [0182.172] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x2000) returned 0x2c13938 [0182.182] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x2b5e490 | out: TokenHandle=0x2b5e490*=0x128) returned 0x0 [0182.186] NtQueryInformationToken (in: TokenHandle=0x128, TokenInformationClass=0x1, TokenInformation=0x2b5dc88, TokenInformationLength=0x400, ReturnLength=0x2b5e488 | out: TokenInformation=0x2b5dc88, ReturnLength=0x2b5e488) returned 0x0 [0182.187] ConvertSidToStringSidW () returned 0x1 [0182.187] NtClose (Handle=0x128) returned 0x0 [0182.188] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5e700*=0x0, ZeroBits=0x0, RegionSize=0x2b5e704*=0x92796, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x2b5e700*=0x3110000, RegionSize=0x2b5e704*=0x93000) returned 0x0 [0182.226] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5e6ec*=0x0, ZeroBits=0x0, RegionSize=0x2b5e6f0*=0x92796, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x2b5e6ec*=0x31b0000, RegionSize=0x2b5e6f0*=0x93000) returned 0x0 [0182.238] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c13938) returned 1 [0182.238] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c13938 [0182.239] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="windir", Value=0x2b5e4b8 | out: Value="C:\\WINDOWS") returned 0x0 [0182.239] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\WINDOWS\\System32\\drivers\\etc\\hosts", NtPathName=0x2b5e480, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\WINDOWS\\System32\\drivers\\etc\\hosts", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0182.239] NtCreateFile (in: FileHandle=0x2b5e4a0, DesiredAccess=0x120089, ObjectAttributes=0x2b5e468*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\System32\\drivers\\etc\\hosts", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5e488, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5e4a0*=0x128, IoStatusBlock=0x2b5e488*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0182.239] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0182.239] NtQueryInformationFile (in: FileHandle=0x128, IoStatusBlock=0x2b5e488, FileInformation=0x2b5e3e0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5e488, FileInformation=0x2b5e3e0) returned 0x0 [0182.239] NtClose (Handle=0x128) returned 0x0 [0182.239] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\WINDOWS\\System32\\drivers\\etc\\hosts", NtPathName=0x2b5e470, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\WINDOWS\\System32\\drivers\\etc\\hosts", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0182.239] NtCreateFile (in: FileHandle=0x2b5e490, DesiredAccess=0x120089, ObjectAttributes=0x2b5e458*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\System32\\drivers\\etc\\hosts", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5e478, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5e490*=0x128, IoStatusBlock=0x2b5e478*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0182.239] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0182.240] NtQueryInformationFile (in: FileHandle=0x128, IoStatusBlock=0x2b5e478, FileInformation=0x2b5e3d0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5e478, FileInformation=0x2b5e3d0) returned 0x0 [0182.240] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x738) returned 0x2c14940 [0182.240] NtReadFile (in: FileHandle=0x128, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x2b5e478, Buffer=0x2c14940, BufferLength=0x338, ByteOffset=0x2b5e3e8*=0, Key=0x0 | out: IoStatusBlock=0x2b5e478, Buffer=0x2c14940*) returned 0x0 [0182.241] NtClose (Handle=0x128) returned 0x0 [0182.241] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c14940) returned 1 [0182.241] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5e76c*=0x0, ZeroBits=0x0, RegionSize=0x2b5e770*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x2b5e76c*=0x6c0000, RegionSize=0x2b5e770*=0x10000) returned 0x0 [0182.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x6c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x6c0000, ResultLength=0x0) returned 0xc0000004 [0182.245] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x2b5edb0*=0x6c0000, RegionSize=0x2b5e790, FreeType=0x8000) returned 0x0 [0182.245] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5e758*=0x0, ZeroBits=0x0, RegionSize=0x2b5e75c*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x2b5e758*=0x7e0000, RegionSize=0x2b5e75c*=0x20000) returned 0x0 [0182.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x7e0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x7e0000, ResultLength=0x0) returned 0xc0000004 [0182.247] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x2b5edb0*=0x7e0000, RegionSize=0x2b5e790, FreeType=0x8000) returned 0x0 [0182.247] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5e758*=0x0, ZeroBits=0x0, RegionSize=0x2b5e75c*=0x30000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x2b5e758*=0x2b90000, RegionSize=0x2b5e75c*=0x30000) returned 0x0 [0182.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2b90000, Length=0x30000, ResultLength=0x0 | out: SystemInformation=0x2b90000, ResultLength=0x0) returned 0x0 [0182.313] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x2b5de14 | out: Value="FD1HVy") returned 0x0 [0182.313] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x2b5e180 | out: Value="C:\\Users\\FD1HVy\\AppData\\Roaming") returned 0x0 [0182.313] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T", NtPathName=0x2b5e1bc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0182.313] NtCreateFile (in: FileHandle=0x2b5e1dc, DesiredAccess=0x100181, ObjectAttributes=0x2b5e1a4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5e1c4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x21, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5e1dc*=0x128, IoStatusBlock=0x2b5e1c4*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0182.314] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0d848) returned 1 [0182.314] NtQueryInformationFile (in: FileHandle=0x128, IoStatusBlock=0x2b5e1c4, FileInformation=0x2b5e164, Length=0x28, FileInformationClass=0x4 | out: IoStatusBlock=0x2b5e1c4, FileInformation=0x2b5e164) returned 0x0 [0182.320] NtSetInformationFile (FileHandle=0x128, IoStatusBlock=0x2b5e1c4, FileInformation=0x2b5e164, Length=0x28, FileInformationClass=0x4) returned 0x0 [0182.320] NtClose (Handle=0x128) returned 0x0 [0182.320] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x2b5e198 | out: Value="C:\\Users\\FD1HVy\\AppData\\Roaming") returned 0x0 [0182.320] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlog.ini", NtPathName=0x2b5e1bc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlog.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0182.320] NtCreateFile (in: FileHandle=0x2b5e1dc, DesiredAccess=0x12019f, ObjectAttributes=0x2b5e1a4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlog.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5e1c4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5e1dc*=0x128, IoStatusBlock=0x2b5e1c4*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0182.320] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0182.320] NtClose (Handle=0x128) returned 0x0 [0182.321] NtCreateSection (in: SectionHandle=0x2b5f7c8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e1d0, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5f7c8*=0x128) returned 0x0 [0182.321] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0xffffffff, BaseAddress=0x2b5f7c4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e1d0*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5f7c4*=0x3670000, SectionOffset=0x0, ViewSize=0x2b5e1d0*=0x9c4000) returned 0x0 [0182.322] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x4000) returned 0x2c14940 [0182.325] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x2b5d934 | out: TokenHandle=0x2b5d934*=0x12c) returned 0x0 [0182.325] NtQueryInformationToken (in: TokenHandle=0x12c, TokenInformationClass=0x1, TokenInformation=0x2b5d12c, TokenInformationLength=0x400, ReturnLength=0x2b5d92c | out: TokenInformation=0x2b5d12c, ReturnLength=0x2b5d92c) returned 0x0 [0182.325] ConvertSidToStringSidW () returned 0x1 [0182.325] NtClose (Handle=0x12c) returned 0x0 [0182.335] RtlIntegerToChar (in: Value=0x8e4367a3, Base=0x10, Length=0x20, String=0x3676485 | out: String="8E4367A3") returned 0x0 [0182.338] NtCreateKey (in: KeyHandle=0x2b5e3a8, DesiredAccess=0x20219, ObjectAttributes=0x2b5d934*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5e3a8*=0x12c) returned 0x0 [0182.344] NtQueryValueKey (in: KeyHandle=0x12c, ValueName="ProductName", KeyValueInformationClass=0x1, KeyValueInformation=0x2b5df80, Length=0x100, ResultLength=0x2b5e3fc | out: KeyValueInformation=0x2b5df80*(TitleIndex=0x0, Type=0x1, DataOffset=0x30, DataLength=0x1e, NameLength=0x16, Name="ProductName", Data="Windows 10 Pro"), ResultLength=0x2b5e3fc) returned 0x0 [0182.344] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5d964*=0x0, ZeroBits=0x0, RegionSize=0x2b5d968*=0x1f4400, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x2b5d964*=0x4040000, RegionSize=0x2b5d968*=0x1f5000) returned 0x0 [0182.344] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x2b5d950*=0x0, ZeroBits=0x0, RegionSize=0x2b5d954*=0x1f4400, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x2b5d950*=0x4240000, RegionSize=0x2b5d954*=0x1f5000) returned 0x0 [0182.344] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="TEMP", Value=0x2b5d954 | out: Value="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x0 [0182.345] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0x2b5d91c | out: Value="C:\\Program Files (x86)") returned 0x0 [0182.347] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x77ee49, lpParameter=0x2b5efec, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x130 [0182.349] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1000) returned 0x2c18948 [0182.350] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x2b5dd88 | out: TokenHandle=0x2b5dd88*=0x134) returned 0x0 [0182.350] NtQueryInformationToken (in: TokenHandle=0x134, TokenInformationClass=0x1, TokenInformation=0x2b5d580, TokenInformationLength=0x400, ReturnLength=0x2b5dd80 | out: TokenInformation=0x2b5d580, ReturnLength=0x2b5dd80) returned 0x0 [0182.350] ConvertSidToStringSidW () returned 0x1 [0182.350] NtClose (Handle=0x134) returned 0x0 [0182.350] NtCreateKey (in: KeyHandle=0x2b5e3fc, DesiredAccess=0x20219, ObjectAttributes=0x2b5dd84*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5e3fc*=0x0) returned 0xc0000034 [0183.311] NtCreateKey (in: KeyHandle=0x2b5e3fc, DesiredAccess=0x20219, ObjectAttributes=0x2b5dd7c*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5e3fc*=0x0) returned 0xc0000034 [0183.312] NtCreateKey (in: KeyHandle=0x2b5e3fc, DesiredAccess=0x20219, ObjectAttributes=0x2b5dd98*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5e3fc*=0x13c) returned 0x0 [0183.312] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5dc74, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.312] NtCreateFile (in: FileHandle=0x2b5dc94, DesiredAccess=0x120089, ObjectAttributes=0x2b5dc5c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5dc7c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5dc94*=0x0, IoStatusBlock=0x2b5dc7c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0183.312] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.312] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5dc8c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.312] NtCreateFile (in: FileHandle=0x2b5dcac, DesiredAccess=0x12019f, ObjectAttributes=0x2b5dc74*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5dc94, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5dcac*=0x140, IoStatusBlock=0x2b5dc94*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0183.313] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.313] NtQueryInformationFile (in: FileHandle=0x140, IoStatusBlock=0x2b5dc94, FileInformation=0x2b5dbec, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5dc94, FileInformation=0x2b5dbec) returned 0x0 [0183.319] NtWriteFile (in: FileHandle=0x140, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5dc94, Buffer=0x2c18948*, Length=0x28, ByteOffset=0x2b5dc04*=0, Key=0x0 | out: IoStatusBlock=0x2b5dc94, Buffer=0x2c18948*) returned 0x0 [0183.320] NtClose (Handle=0x140) returned 0x0 [0183.325] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.325] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\00568502698af0439be8841b68034dfb", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.325] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.325] NtClose (Handle=0x140) returned 0x0 [0183.325] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.326] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.326] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.326] NtClose (Handle=0x140) returned 0x0 [0183.326] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.326] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.326] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.327] NtClose (Handle=0x140) returned 0x0 [0183.327] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.327] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\218578a43d628c44a10b99677e0ac26d", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.327] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.327] NtClose (Handle=0x140) returned 0x0 [0183.327] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.327] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.328] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.328] NtClose (Handle=0x140) returned 0x0 [0183.328] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x5, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.328] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\359319914d3d374fbfb59d68dc930dae", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.328] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.328] NtClose (Handle=0x140) returned 0x0 [0183.328] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x6, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.328] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\639e40e39678b140ba542215785646ac", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.329] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.329] NtClose (Handle=0x140) returned 0x0 [0183.329] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x7, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.329] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\82926373c8be9c41a6f55990abdb6a7a", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.329] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.329] NtClose (Handle=0x140) returned 0x0 [0183.329] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x8, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.329] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.330] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.330] NtClose (Handle=0x140) returned 0x0 [0183.330] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x9, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.330] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.330] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.330] NtClose (Handle=0x140) returned 0x0 [0183.330] NtEnumerateKey (in: KeyHandle=0x13c, Index=0xa, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0183.330] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0183.331] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x0 [0183.331] NtCreateKey (in: KeyHandle=0x2b5dd9c, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dd9c*=0x144) returned 0x0 [0183.335] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.335] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.335] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.335] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.335] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.335] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0xc, ByteOffset=0x2b5cfcc*=40, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.336] NtClose (Handle=0x148) returned 0x0 [0183.337] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.337] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.337] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.337] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.337] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x52, ByteOffset=0x2b5cfcc*=52, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.337] NtClose (Handle=0x148) returned 0x0 [0183.338] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.338] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.338] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.338] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.339] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.339] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x12, ByteOffset=0x2b5cfcc*=134, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.339] NtClose (Handle=0x148) returned 0x0 [0183.349] RtlIntegerToChar (in: Value=0x49384d8c, Base=0x0, Length=0x20, String=0x2b5d0b4 | out: String="1228426636") returned 0x0 [0183.350] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.350] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.350] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.350] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.350] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x18, ByteOffset=0x2b5cfcc*=152, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.350] NtClose (Handle=0x148) returned 0x0 [0183.398] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.398] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.398] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.398] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.398] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.398] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x18, ByteOffset=0x2b5cfcc*=176, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.398] NtClose (Handle=0x148) returned 0x0 [0183.399] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.399] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.400] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.400] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.400] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x14, ByteOffset=0x2b5cfcc*=200, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.400] NtClose (Handle=0x148) returned 0x0 [0183.401] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.401] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.401] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.401] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.401] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.401] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1a, ByteOffset=0x2b5cfcc*=220, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.401] NtClose (Handle=0x148) returned 0x0 [0183.405] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.405] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.405] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.405] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.405] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x12, ByteOffset=0x2b5cfcc*=246, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.405] NtClose (Handle=0x148) returned 0x0 [0183.406] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.406] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.406] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.406] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04408) returned 1 [0183.406] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.406] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1c, ByteOffset=0x2b5cfcc*=264, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.406] NtClose (Handle=0x148) returned 0x0 [0183.454] RtlIntegerToChar (in: Value=0x2, Base=0x0, Length=0x20, String=0x2b5d0b4 | out: String="2") returned 0x0 [0183.454] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.454] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.454] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.454] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.454] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x6, ByteOffset=0x2b5cfcc*=292, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.454] NtClose (Handle=0x148) returned 0x0 [0183.455] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.455] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.455] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.455] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.456] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.456] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1a, ByteOffset=0x2b5cfcc*=298, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.456] NtClose (Handle=0x148) returned 0x0 [0183.461] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.461] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.461] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.461] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.461] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x2e, ByteOffset=0x2b5cfcc*=324, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.461] NtClose (Handle=0x148) returned 0x0 [0183.463] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.463] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.463] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.463] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.463] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.463] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x20, ByteOffset=0x2b5cfcc*=370, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.464] NtClose (Handle=0x148) returned 0x0 [0183.467] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.467] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.468] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.468] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.468] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x14, ByteOffset=0x2b5cfcc*=402, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.468] NtClose (Handle=0x148) returned 0x0 [0183.468] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x8000001a [0183.469] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d0ec, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.469] NtCreateFile (in: FileHandle=0x2b5d10c, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d0d4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d0f4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d10c*=0x148, IoStatusBlock=0x2b5d0f4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.469] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.469] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d0f4, FileInformation=0x2b5d04c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d0f4, FileInformation=0x2b5d04c) returned 0x0 [0183.469] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d0f4, Buffer=0x2c18948*, Length=0x4, ByteOffset=0x2b5d064*=422, Key=0x0 | out: IoStatusBlock=0x2b5d0f4, Buffer=0x2c18948*) returned 0x0 [0183.469] NtClose (Handle=0x148) returned 0x0 [0183.471] NtClose (Handle=0x144) returned 0x0 [0183.471] NtEnumerateKey (in: KeyHandle=0x140, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x0 [0183.471] NtCreateKey (in: KeyHandle=0x2b5dd9c, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dd9c*=0x144) returned 0x0 [0183.471] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.471] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.471] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.471] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.472] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.472] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0xc, ByteOffset=0x2b5cfcc*=426, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.472] NtClose (Handle=0x148) returned 0x0 [0183.472] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.472] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.473] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.473] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.473] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x52, ByteOffset=0x2b5cfcc*=438, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.473] NtClose (Handle=0x148) returned 0x0 [0183.473] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.473] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.473] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.474] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.474] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.474] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x12, ByteOffset=0x2b5cfcc*=520, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.474] NtClose (Handle=0x148) returned 0x0 [0183.531] RtlIntegerToChar (in: Value=0x2a7f87c9, Base=0x0, Length=0x20, String=0x2b5d0b4 | out: String="713000905") returned 0x0 [0183.531] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.531] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.532] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.532] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.532] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x16, ByteOffset=0x2b5cfcc*=538, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.532] NtClose (Handle=0x148) returned 0x0 [0183.533] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.533] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.533] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.533] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.533] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.533] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1a, ByteOffset=0x2b5cfcc*=560, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.533] NtClose (Handle=0x148) returned 0x0 [0183.534] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.534] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.534] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.534] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.534] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1e, ByteOffset=0x2b5cfcc*=586, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.534] NtClose (Handle=0x148) returned 0x0 [0183.544] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.544] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.544] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.544] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.544] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.544] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1a, ByteOffset=0x2b5cfcc*=616, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.544] NtClose (Handle=0x148) returned 0x0 [0183.549] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.549] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.549] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.549] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.549] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x10, ByteOffset=0x2b5cfcc*=642, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.549] NtClose (Handle=0x148) returned 0x0 [0183.553] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.553] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.553] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.553] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.553] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.553] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0xc, ByteOffset=0x2b5cfcc*=658, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.554] NtClose (Handle=0x148) returned 0x0 [0183.554] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.554] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.554] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.555] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.555] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1e, ByteOffset=0x2b5cfcc*=670, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.555] NtClose (Handle=0x148) returned 0x0 [0183.555] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.555] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.555] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.556] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.556] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.556] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x18, ByteOffset=0x2b5cfcc*=700, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.601] NtClose (Handle=0x148) returned 0x0 [0183.602] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.602] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.602] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.602] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.603] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0xe, ByteOffset=0x2b5cfcc*=724, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.603] NtClose (Handle=0x148) returned 0x0 [0183.604] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.604] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.604] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.604] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.604] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.604] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x18, ByteOffset=0x2b5cfcc*=738, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.605] NtClose (Handle=0x148) returned 0x0 [0183.608] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.608] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.608] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.608] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.608] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x12, ByteOffset=0x2b5cfcc*=762, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.608] NtClose (Handle=0x148) returned 0x0 [0183.609] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.609] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.609] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.609] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.609] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.609] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x14, ByteOffset=0x2b5cfcc*=780, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.609] NtClose (Handle=0x148) returned 0x0 [0183.610] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.610] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.610] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.610] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.610] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x10, ByteOffset=0x2b5cfcc*=800, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.610] NtClose (Handle=0x148) returned 0x0 [0183.614] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x8, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.614] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.614] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.614] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.614] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.614] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x2e, ByteOffset=0x2b5cfcc*=816, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.614] NtClose (Handle=0x148) returned 0x0 [0183.626] RtlIntegerToChar (in: Value=0x0, Base=0x0, Length=0x20, String=0x2b5d0b4 | out: String="0") returned 0x0 [0183.626] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.626] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.626] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.626] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.626] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x6, ByteOffset=0x2b5cfcc*=862, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.626] NtClose (Handle=0x148) returned 0x0 [0183.628] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x9, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.628] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.628] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.628] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.628] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.628] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x20, ByteOffset=0x2b5cfcc*=868, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.628] NtClose (Handle=0x148) returned 0x0 [0183.642] RtlIntegerToChar (in: Value=0xe0003, Base=0x0, Length=0x20, String=0x2b5d0b4 | out: String="917507") returned 0x0 [0183.642] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.642] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.642] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.642] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.642] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x10, ByteOffset=0x2b5cfcc*=900, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.642] NtClose (Handle=0x148) returned 0x0 [0183.695] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0xa, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.695] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.695] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.695] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.695] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.695] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x2e, ByteOffset=0x2b5cfcc*=916, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.695] NtClose (Handle=0x148) returned 0x0 [0183.700] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.700] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.700] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.700] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.700] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0xac, ByteOffset=0x2b5cfcc*=962, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.700] NtClose (Handle=0x148) returned 0x0 [0183.704] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0xb, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.704] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.704] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.704] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.704] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.704] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x30, ByteOffset=0x2b5cfcc*=1134, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.704] NtClose (Handle=0x148) returned 0x0 [0183.709] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.710] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.710] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.710] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.710] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1c, ByteOffset=0x2b5cfcc*=1182, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.710] NtClose (Handle=0x148) returned 0x0 [0183.711] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0xc, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.711] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.711] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.711] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.711] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.711] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x20, ByteOffset=0x2b5cfcc*=1210, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.711] NtClose (Handle=0x148) returned 0x0 [0183.717] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.717] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.717] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.717] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.717] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x14, ByteOffset=0x2b5cfcc*=1242, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.717] NtClose (Handle=0x148) returned 0x0 [0183.718] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0xd, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0183.718] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0183.718] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x148, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0183.718] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c04888) returned 1 [0183.718] NtQueryInformationFile (in: FileHandle=0x148, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0183.718] NtWriteFile (in: FileHandle=0x148, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1c, ByteOffset=0x2b5cfcc*=1262, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0183.719] NtClose (Handle=0x148) returned 0x0 [0183.719] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="crypt32.dll", BaseAddress=0x2b5d008 | out: BaseAddress=0x2b5d008*=0x74df0000) returned 0x0 [0183.729] CryptUnprotectData (in: pDataIn=0x2b5d08c, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x2b5d084 | out: ppszDataDescr=0x0, pDataOut=0x2b5d084) returned 1 [0185.310] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c0f438) returned 1 [0185.310] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.311] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.311] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c03a60) returned 1 [0185.311] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.311] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x20, ByteOffset=0x2b5cfcc*=1290, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.311] NtClose (Handle=0x154) returned 0x0 [0185.312] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0xe, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x8000001a [0185.312] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d0ec, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.312] NtCreateFile (in: FileHandle=0x2b5d10c, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d0d4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d0f4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d10c*=0x154, IoStatusBlock=0x2b5d0f4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.312] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1cde0) returned 1 [0185.312] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d0f4, FileInformation=0x2b5d04c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d0f4, FileInformation=0x2b5d04c) returned 0x0 [0185.312] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d0f4, Buffer=0x2c18948*, Length=0x4, ByteOffset=0x2b5d064*=1322, Key=0x0 | out: IoStatusBlock=0x2b5d0f4, Buffer=0x2c18948*) returned 0x0 [0185.312] NtClose (Handle=0x154) returned 0x0 [0185.313] NtClose (Handle=0x144) returned 0x0 [0185.313] NtEnumerateKey (in: KeyHandle=0x140, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x0 [0185.313] NtCreateKey (in: KeyHandle=0x2b5dd9c, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dd9c*=0x144) returned 0x0 [0185.313] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0185.313] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.313] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.314] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1cee0) returned 1 [0185.314] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.314] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0xc, ByteOffset=0x2b5cfcc*=1326, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.314] NtClose (Handle=0x154) returned 0x0 [0185.315] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.315] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.315] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d9e0) returned 1 [0185.315] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.316] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x52, ByteOffset=0x2b5cfcc*=1338, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.316] NtClose (Handle=0x154) returned 0x0 [0185.316] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0185.316] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.316] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.316] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d4e0) returned 1 [0185.316] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.317] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x12, ByteOffset=0x2b5cfcc*=1420, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.317] NtClose (Handle=0x154) returned 0x0 [0185.443] RtlIntegerToChar (in: Value=0x609fe3a6, Base=0x0, Length=0x20, String=0x2b5d0b4 | out: String="1621091238") returned 0x0 [0185.443] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.443] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.443] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d260) returned 1 [0185.443] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.443] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x18, ByteOffset=0x2b5cfcc*=1438, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.443] NtClose (Handle=0x154) returned 0x0 [0185.445] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0185.445] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.445] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.445] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1cde0) returned 1 [0185.445] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.445] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x18, ByteOffset=0x2b5cfcc*=1462, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.445] NtClose (Handle=0x154) returned 0x0 [0185.446] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.446] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.446] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d5e0) returned 1 [0185.446] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.446] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x14, ByteOffset=0x2b5cfcc*=1486, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.446] NtClose (Handle=0x154) returned 0x0 [0185.448] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0185.448] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.448] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.448] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d460) returned 1 [0185.448] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.448] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1a, ByteOffset=0x2b5cfcc*=1506, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.448] NtClose (Handle=0x154) returned 0x0 [0185.449] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.449] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.449] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d0e0) returned 1 [0185.449] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.450] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x18, ByteOffset=0x2b5cfcc*=1532, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.450] NtClose (Handle=0x154) returned 0x0 [0185.450] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0185.450] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.450] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.451] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1ce60) returned 1 [0185.451] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.451] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1c, ByteOffset=0x2b5cfcc*=1556, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.451] NtClose (Handle=0x154) returned 0x0 [0185.470] RtlIntegerToChar (in: Value=0x4, Base=0x0, Length=0x20, String=0x2b5d0b4 | out: String="4") returned 0x0 [0185.470] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.470] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.470] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d5e0) returned 1 [0185.470] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.471] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x6, ByteOffset=0x2b5cfcc*=1584, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.471] NtClose (Handle=0x154) returned 0x0 [0185.472] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0185.472] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.472] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.472] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d560) returned 1 [0185.472] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.472] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1a, ByteOffset=0x2b5cfcc*=1590, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.472] NtClose (Handle=0x154) returned 0x0 [0185.473] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.473] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.473] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1cde0) returned 1 [0185.474] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.474] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x1e, ByteOffset=0x2b5cfcc*=1616, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.474] NtClose (Handle=0x154) returned 0x0 [0185.475] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x0 [0185.475] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.475] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.475] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d0e0) returned 1 [0185.475] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.475] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x20, ByteOffset=0x2b5cfcc*=1646, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.475] NtClose (Handle=0x154) returned 0x0 [0185.540] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.540] NtCreateFile (in: FileHandle=0x2b5d074, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d074*=0x154, IoStatusBlock=0x2b5d05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.541] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d3e0) returned 1 [0185.541] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d05c, FileInformation=0x2b5cfb4) returned 0x0 [0185.541] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*, Length=0x14, ByteOffset=0x2b5cfcc*=1678, Key=0x0 | out: IoStatusBlock=0x2b5d05c, Buffer=0x2c18948*) returned 0x0 [0185.541] NtClose (Handle=0x154) returned 0x0 [0185.544] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d14c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyValueInformation=0x2b5d14c, ResultLength=0x2b5dda8) returned 0x8000001a [0185.544] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtPathName=0x2b5d0ec, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.544] NtCreateFile (in: FileHandle=0x2b5d10c, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d0d4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d0f4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d10c*=0x154, IoStatusBlock=0x2b5d0f4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0185.544] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d660) returned 1 [0185.544] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d0f4, FileInformation=0x2b5d04c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d0f4, FileInformation=0x2b5d04c) returned 0x0 [0185.544] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d0f4, Buffer=0x2c18948*, Length=0x4, ByteOffset=0x2b5d064*=1698, Key=0x0 | out: IoStatusBlock=0x2b5d0f4, Buffer=0x2c18948*) returned 0x0 [0185.545] NtClose (Handle=0x154) returned 0x0 [0185.548] NtClose (Handle=0x144) returned 0x0 [0185.548] NtEnumerateKey (in: KeyHandle=0x140, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0185.548] NtClose (Handle=0x140) returned 0x0 [0185.548] NtEnumerateKey (in: KeyHandle=0x13c, Index=0xb, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0185.548] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0185.549] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0185.549] NtClose (Handle=0x140) returned 0x0 [0185.549] NtEnumerateKey (in: KeyHandle=0x13c, Index=0xc, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0185.549] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\db257a828627ae4aa57a2e41ad166870", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0185.549] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0185.549] NtClose (Handle=0x140) returned 0x0 [0185.549] NtEnumerateKey (in: KeyHandle=0x13c, Index=0xd, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0185.549] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f7a20347e930b94fadcc6ece7cd55c43", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0185.550] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0185.550] NtClose (Handle=0x140) returned 0x0 [0185.550] NtEnumerateKey (in: KeyHandle=0x13c, Index=0xe, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x0 [0185.550] NtCreateKey (in: KeyHandle=0x2b5dda0, DesiredAccess=0x20219, ObjectAttributes=0x2b5d104*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5dda0*=0x140) returned 0x0 [0185.551] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d54c, Length=0x400, ResultLength=0x2b5dda8 | out: KeyInformation=0x2b5d54c, ResultLength=0x2b5dda8) returned 0x8000001a [0185.551] NtClose (Handle=0x140) returned 0x0 [0185.551] NtEnumerateKey (in: KeyHandle=0x13c, Index=0xf, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x8000001a [0185.551] NtCreateKey (in: KeyHandle=0x2b5e3fc, DesiredAccess=0x20219, ObjectAttributes=0x2b5dd8c*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook_2016\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5e3fc*=0x140) returned 0x0 [0185.551] NtEnumerateKey (in: KeyHandle=0x140, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x2b5d94c, Length=0x200, ResultLength=0x2b5dd94 | out: KeyInformation=0x2b5d94c, ResultLength=0x2b5dd94) returned 0x8000001a [0185.553] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x2b5d4e4 | out: TokenHandle=0x2b5d4e4*=0x144) returned 0x0 [0185.553] NtQueryInformationToken (in: TokenHandle=0x144, TokenInformationClass=0x1, TokenInformation=0x2b5ccdc, TokenInformationLength=0x400, ReturnLength=0x2b5d4dc | out: TokenInformation=0x2b5ccdc, ReturnLength=0x2b5d4dc) returned 0x0 [0185.553] ConvertSidToStringSidW () returned 0x1 [0185.553] NtClose (Handle=0x144) returned 0x0 [0185.553] NtCreateKey (in: KeyHandle=0x2b5e3f8, DesiredAccess=0x20219, ObjectAttributes=0x2b5d4e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1051304884-625712362-2192934891-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5e3f8*=0x144) returned 0x0 [0185.554] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogri.ini", NtPathName=0x2b5d3dc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.554] NtCreateFile (in: FileHandle=0x2b5d3fc, DesiredAccess=0x120089, ObjectAttributes=0x2b5d3c4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d3e4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d3fc*=0x0, IoStatusBlock=0x2b5d3e4*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0185.554] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d960) returned 1 [0185.554] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogri.ini", NtPathName=0x2b5d3f4, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0185.554] NtCreateFile (in: FileHandle=0x2b5d414, DesiredAccess=0x12019f, ObjectAttributes=0x2b5d3dc*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d3fc, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d414*=0x154, IoStatusBlock=0x2b5d3fc*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0185.554] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c1d460) returned 1 [0185.554] NtQueryInformationFile (in: FileHandle=0x154, IoStatusBlock=0x2b5d3fc, FileInformation=0x2b5d354, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5d3fc, FileInformation=0x2b5d354) returned 0x0 [0185.554] NtWriteFile (in: FileHandle=0x154, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5d3fc, Buffer=0x2c18948*, Length=0x28, ByteOffset=0x2b5d36c*=0, Key=0x0 | out: IoStatusBlock=0x2b5d3fc, Buffer=0x2c18948*) returned 0x0 [0185.556] NtClose (Handle=0x154) returned 0x0 [0185.574] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x2b5d408 | out: BaseAddress=0x2b5d408*=0x753c0000) returned 0x0 [0185.794] LdrGetProcedureAddress (in: BaseAddress=0x753c0000, Name="CoUninitialize", Ordinal=0x0, ProcedureAddress=0x2b5d3ec | out: ProcedureAddress=0x2b5d3ec*=0x74a222b0) returned 0x0 [0185.796] LdrGetProcedureAddress (in: BaseAddress=0x753c0000, Name="CoCreateInstance", Ordinal=0x0, ProcedureAddress=0x2b5d3d8 | out: ProcedureAddress=0x2b5d3d8*=0x749e7490) returned 0x0 [0185.796] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x1f4400) returned 0x5be5020 [0185.969] CoInitialize (pvReserved=0x0) returned 0x0 [0186.197] CoCreateInstance (in: rclsid=0x2b5d4f0*(Data1=0x3c374a40, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x2b5d500*(Data1=0xafa0dc11, Data2=0xc313, Data3=0x11d0, Data4=([0]=0x83, [1]=0x1a, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0xae, [7]=0x38)), ppv=0x2b5d518 | out: ppv=0x2b5d518*=0x2c24360) returned 0x0 [0200.811] IUrlHistoryStg:EnumUrls (in: This=0x2c24360, ppenum=0x2b5d514 | out: ppenum=0x2b5d514*=0x2c2f1a0) returned 0x0 [0200.816] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x2b5efec | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.101] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.101] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.101] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.102] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.102] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.102] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.102] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.102] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.102] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.102] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.102] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.103] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.103] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.103] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.103] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.103] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.103] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.103] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.104] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.104] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.104] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.104] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.105] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.105] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.105] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.105] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.105] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.105] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.105] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.106] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.106] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.106] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.108] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.108] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.108] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.109] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.109] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.109] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.109] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.109] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.109] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.109] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.110] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.110] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.110] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.110] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.110] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.110] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.110] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.111] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.111] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.111] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.111] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.111] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.111] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.111] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.112] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.112] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.112] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.112] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.112] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.112] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.112] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.113] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.114] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.114] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.114] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.115] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.115] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.115] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.115] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.115] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.115] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.115] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.115] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.116] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.116] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.116] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.116] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.116] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.116] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.116] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.116] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.117] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.117] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.117] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.117] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.117] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.117] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.117] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.118] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.118] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.118] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.118] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.118] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.119] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.120] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.120] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.121] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.121] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.121] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.121] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.121] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.121] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.121] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.122] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.122] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.122] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.122] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.122] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.122] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.122] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.123] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.123] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.123] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.123] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.123] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.124] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.124] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.124] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.125] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.125] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.125] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.125] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.126] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.126] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.126] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.126] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.208] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.208] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.208] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.209] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.209] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.209] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.209] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.210] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.210] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.210] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.210] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.210] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.210] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.211] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.211] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.211] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.211] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.211] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.212] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.212] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.212] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.213] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.213] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.213] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.213] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.213] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.213] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.213] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.214] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.214] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.214] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.214] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.217] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.217] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.217] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.217] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.217] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.217] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.217] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.218] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.218] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.218] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.218] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.218] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.218] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.219] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.219] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.219] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.219] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.219] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.219] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.220] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.220] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.220] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.220] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.220] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.220] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.220] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.221] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.221] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.221] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.221] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.221] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.221] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.223] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.223] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.223] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.223] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.223] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.224] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.224] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.224] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.224] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.224] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.224] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.225] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.225] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.226] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.226] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.226] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.226] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.226] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.226] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.226] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.226] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.227] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.227] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.227] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.227] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.227] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.227] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.227] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.227] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.228] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.228] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.228] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.229] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.229] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.230] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.230] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.230] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.230] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.230] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.231] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.231] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.231] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.231] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.231] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.231] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.231] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.231] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1) returned 0x0 [0203.232] IEnumSTATURL:Next (in: This=0x2c2f1a0, celt=0x1, rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x1 | out: rgelt=0x2b5d4c8, pceltFetched=0x2b5d510*=0x0) returned 0x1 [0203.232] IUnknown:Release (This=0x2c2f1a0) returned 0x0 [0203.234] IUnknown:Release (This=0x2c24360) returned 0x1 [0203.234] CoUninitialize () [0203.320] NtEnumerateValueKey (in: KeyHandle=0x144, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x2b5d53c, Length=0x800, ResultLength=0x2b5e3f4 | out: KeyValueInformation=0x2b5d53c, ResultLength=0x2b5e3f4) returned 0x8000001a [0203.320] NtClose (Handle=0x144) returned 0x0 [0203.320] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x5be5020) returned 1 [0203.331] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x7374) returned 0x2c546d8 [0203.332] NtCreateKey (in: KeyHandle=0x2b5e358, DesiredAccess=0x20219, ObjectAttributes=0x2b5e1d0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Mozilla\\Mozilla Firefox\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5e358*=0x0) returned 0xc0000022 [0203.332] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0x2b5df08 | out: Value="C:\\Program Files (x86)") returned 0x0 [0203.332] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtPathName=0x2b5dedc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.332] NtCreateFile (in: FileHandle=0x2b5defc, DesiredAccess=0x120089, ObjectAttributes=0x2b5dec4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5dee4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5defc*=0x0, IoStatusBlock=0x2b5dee4*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.333] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c4cb10) returned 1 [0203.333] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtPathName=0x2b5dedc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.333] NtCreateFile (in: FileHandle=0x2b5defc, DesiredAccess=0x120089, ObjectAttributes=0x2b5dec4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5dee4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5defc*=0x198, IoStatusBlock=0x2b5dee4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0203.333] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c37cb8) returned 1 [0203.333] NtQueryInformationFile (in: FileHandle=0x198, IoStatusBlock=0x2b5dee4, FileInformation=0x2b5de3c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5dee4, FileInformation=0x2b5de3c) returned 0x0 [0203.333] NtClose (Handle=0x198) returned 0x0 [0203.333] NtCreateKey (in: KeyHandle=0x2b5e350, DesiredAccess=0x20219, ObjectAttributes=0x2b5e1c8*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Mozilla\\Mozilla Thunderbird\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x2b5e350*=0x0) returned 0xc0000022 [0203.334] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0x2b5df00 | out: Value="C:\\Program Files (x86)") returned 0x0 [0203.334] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtPathName=0x2b5ded4, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.334] NtCreateFile (in: FileHandle=0x2b5def4, DesiredAccess=0x120089, ObjectAttributes=0x2b5debc*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5dedc, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5def4*=0x0, IoStatusBlock=0x2b5dedc*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.334] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c4cc78) returned 1 [0203.334] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtPathName=0x2b5ded4, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.334] NtCreateFile (in: FileHandle=0x2b5def4, DesiredAccess=0x120089, ObjectAttributes=0x2b5debc*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5dedc, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5def4*=0x144, IoStatusBlock=0x2b5dedc*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0203.334] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c386c8) returned 1 [0203.334] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0x2b5dedc, FileInformation=0x2b5de34, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5dedc, FileInformation=0x2b5de34) returned 0x0 [0203.334] NtClose (Handle=0x144) returned 0x0 [0203.334] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c546d8) returned 1 [0203.523] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="LOCALAPPDATA", Value=0x2b5dfb8 | out: Value="C:\\Users\\FD1HVy\\AppData\\Local") returned 0x0 [0203.523] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", NtPathName=0x2b5df8c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.523] NtCreateFile (in: FileHandle=0x2b5dfac, DesiredAccess=0x120089, ObjectAttributes=0x2b5df74*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5df94, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5dfac*=0x144, IoStatusBlock=0x2b5df94*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0203.529] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c4d120) returned 1 [0203.529] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0x2b5df94, FileInformation=0x2b5deec, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5df94, FileInformation=0x2b5deec) returned 0x0 [0203.529] NtClose (Handle=0x144) returned 0x0 [0203.529] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="winsqlite3.dll", BaseAddress=0x2b5df48 | out: BaseAddress=0x2b5df48*=0x73f70000) returned 0x0 [0204.048] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x7500) returned 0x2c546d8 [0204.059] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrg.ini", NtPathName=0x2b5dcc8, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.059] NtCreateFile (in: FileHandle=0x2b5dce8, DesiredAccess=0x120089, ObjectAttributes=0x2b5dcb0*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5dcd0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5dce8*=0x0, IoStatusBlock=0x2b5dcd0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0204.059] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c49140) returned 1 [0204.059] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrg.ini", NtPathName=0x2b5dcb8, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.059] NtCreateFile (in: FileHandle=0x2b5dcd8, DesiredAccess=0x12019f, ObjectAttributes=0x2b5dca0*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5dcc0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5dcd8*=0x144, IoStatusBlock=0x2b5dcc0*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0204.060] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c49cc0) returned 1 [0204.060] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0x2b5dcc0, FileInformation=0x2b5dc18, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5dcc0, FileInformation=0x2b5dc18) returned 0x0 [0204.060] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5dcc0, Buffer=0x2c18948*, Length=0x26, ByteOffset=0x2b5dc30*=0, Key=0x0 | out: IoStatusBlock=0x2b5dcc0, Buffer=0x2c18948*) returned 0x0 [0204.061] NtClose (Handle=0x144) returned 0x0 [0204.134] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="TEMP", Value=0x2b5dfb4 | out: Value="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x0 [0204.134] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtPathName=0x2b5d448, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.135] NtCreateFile (in: FileHandle=0x2b5d468, DesiredAccess=0x120089, ObjectAttributes=0x2b5d430*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\WINDOWS\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5d450, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5d468*=0x144, IoStatusBlock=0x2b5d450*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0204.135] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c239f8) returned 1 [0204.135] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0x2b5d450, FileInformation=0x2b5d1c4, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x2b5d450, FileInformation=0x2b5d1c4) returned 0x0 [0204.135] NtClose (Handle=0x144) returned 0x0 [0204.135] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x208) returned 0x2c378d8 [0204.135] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c378d8) returned 1 [0204.138] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\cmd.exe", lpCommandLine="/c copy \"C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data\" \"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1\" /V", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2b5db18*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2b5db5c, hNewToken=0x0 | out: lpProcessInformation=0x2b5db5c*(hProcess=0x198, hThread=0x144, dwProcessId=0x1300, dwThreadId=0x1388), hNewToken=0x0) returned 1 [0204.984] NtWaitForSingleObject (Object=0x198, Alertable=0, Time=0x0) returned 0x0 [0208.982] sqlite3_open () returned 0x0 [0208.999] sqlite3_prepare_v2 () returned 0x0 [0209.050] sqlite3_step () returned 0x65 [0209.071] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c546d8) returned 1 [0209.072] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x2b5df08 | out: Value="C:\\Users\\FD1HVy\\AppData\\Roaming") returned 0x0 [0209.073] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", NtPathName=0x2b5deec, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.150] NtCreateFile (in: FileHandle=0x2b5df0c, DesiredAccess=0x120089, ObjectAttributes=0x2b5ded4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5def4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5df0c*=0x0, IoStatusBlock=0x2b5def4*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.151] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c3b1f0) returned 1 [0209.152] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="vaultcli.dll", BaseAddress=0x2b5e130 | out: BaseAddress=0x2b5e130*=0x73f30000) returned 0x0 [0209.346] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", NtPathName=0x2b5e000, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.347] NtCreateFile (in: FileHandle=0x2b5e020, DesiredAccess=0x120089, ObjectAttributes=0x2b5dfe8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5e008, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5e020*=0x0, IoStatusBlock=0x2b5e008*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0209.347] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c49c40) returned 1 [0209.347] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", NtPathName=0x2b5e018, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.347] NtCreateFile (in: FileHandle=0x2b5e038, DesiredAccess=0x12019f, ObjectAttributes=0x2b5e000*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5e020, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5e038*=0x21c, IoStatusBlock=0x2b5e020*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0209.348] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c494c0) returned 1 [0209.348] NtQueryInformationFile (in: FileHandle=0x21c, IoStatusBlock=0x2b5e020, FileInformation=0x2b5df78, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5e020, FileInformation=0x2b5df78) returned 0x0 [0209.348] NtWriteFile (in: FileHandle=0x21c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5e020, Buffer=0x2c18948*, Length=0x28, ByteOffset=0x2b5df90*=0, Key=0x0 | out: IoStatusBlock=0x2b5e020, Buffer=0x2c18948*) returned 0x0 [0209.349] NtClose (Handle=0x21c) returned 0x0 [0209.350] VaultEnumerateVaults () returned 0x0 [0209.400] VaultOpenVault () returned 0x0 [0209.401] VaultEnumerateItems () returned 0x0 [0209.401] VaultFree () returned 0x0 [0209.401] VaultCloseVault () returned 0x0 [0209.401] VaultOpenVault () returned 0x0 [0209.402] VaultEnumerateItems () returned 0x0 [0209.412] VaultGetItem () returned 0x0 [0209.419] VaultFree () returned 0x1 [0209.419] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", NtPathName=0x2b5e070, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.419] NtCreateFile (in: FileHandle=0x2b5e090, DesiredAccess=0x12019f, ObjectAttributes=0x2b5e058*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x2b5e078, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x2b5e090*=0x224, IoStatusBlock=0x2b5e078*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0209.419] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c490c0) returned 1 [0209.419] NtQueryInformationFile (in: FileHandle=0x224, IoStatusBlock=0x2b5e078, FileInformation=0x2b5dfd0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x2b5e078, FileInformation=0x2b5dfd0) returned 0x0 [0209.419] NtWriteFile (in: FileHandle=0x224, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x2b5e078, Buffer=0x2c18948*, Length=0xaa, ByteOffset=0x2b5dfe8*=40, Key=0x0 | out: IoStatusBlock=0x2b5e078, Buffer=0x2c18948*) returned 0x0 [0209.419] NtClose (Handle=0x224) returned 0x0 [0209.424] VaultFree () returned 0x1 [0209.424] VaultCloseVault () returned 0x0 [0209.425] VaultFree () returned 0x1 [0209.426] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="gdiplus.dll", BaseAddress=0x2b5dfec | out: BaseAddress=0x2b5dfec*=0x73ce0000) returned 0x0 [0209.573] GetDC (hWnd=0x0) returned 0xf0105ee [0209.573] CreateCompatibleDC (hdc=0xf0105ee) returned 0x27010710 [0209.573] GetSystemMetrics (nIndex=0) returned 1440 [0209.573] GetSystemMetrics (nIndex=1) returned 900 [0209.573] CreateCompatibleBitmap (hdc=0xf0105ee, cx=1440, cy=900) returned 0x3e05067a [0209.675] SelectObject (hdc=0x27010710, h=0x3e05067a) returned 0x85000f [0209.675] BitBlt (hdc=0x27010710, x=0, y=0, cx=1440, cy=900, hdcSrc=0xf0105ee, x1=0, y1=0, rop=0xcc0020) returned 1 [0210.438] GdiplusStartup (in: token=0x2b5e3c0, input=0x2b5e38c, output=0x0 | out: token=0x2b5e3c0, output=0x0) returned 0x0 [0210.444] GdipCreateBitmapFromHBITMAP (hbm=0x3e05067a, hpal=0x0, bitmap=0x2b5e3bc) returned 0x0 [0210.740] GdipGetImageEncodersSize (numEncoders=0x2b5e058, size=0x2b5e054) returned 0x0 [0210.740] RtlAllocateHeap (HeapHandle=0x2c00000, Flags=0x0, Size=0x410) returned 0x2c42ca8 [0210.741] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x2c42ca8 | out: encoders=0x2c42ca8) returned 0x0 [0210.741] RtlFreeHeap (HeapHandle=0x2c00000, Flags=0x0, BaseAddress=0x2c42ca8) returned 1 [0210.741] GdipSaveImageToFile (image=0x5d21f08, filename="C:\\Users\\FD1HVy\\AppData\\Roaming\\-6NBP70T\\-6Nlogim.jpeg", clsidEncoder=0x2b5e37c*(Data1=0x557cf401, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0210.923] GdiplusShutdown (token=0x4a787) [0211.036] DeleteObject (ho=0x3e05067a) returned 1 [0211.036] DeleteObject (ho=0x27010710) returned 1 [0211.037] ReleaseDC (hWnd=0x0, hDC=0xf0105ee) returned 1 [0211.043] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x560, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x24c) returned 0x0 [0211.043] NtQueryInformationProcess (in: ProcessHandle=0x24c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0211.043] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x24c, BaseAddress=0x2b5e768*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e764*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e768*=0xa540000, SectionOffset=0x0, ViewSize=0x2b5e764*=0x9c4000) returned 0x0 [0211.045] NtClose (Handle=0x24c) returned 0x0 [0211.047] NtDelayExecution (Alertable=0, Interval=0x2b5e3c4*=-50000000) returned 0x0 [0216.085] NtOpenProcess (in: ProcessHandle=0x2b5e378, DesiredAccess=0x438, ObjectAttributes=0x2b5d928*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5d968*(UniqueProcess=0x560, UniqueThread=0x0) | out: ProcessHandle=0x2b5e378*=0x118) returned 0x0 [0216.089] NtQueryInformationProcess (in: ProcessHandle=0x118, ProcessInformationClass=0x0, ProcessInformation=0x2b5d978, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x2b5d978, ReturnLength=0x0) returned 0x0 [0216.096] NtOpenThread (in: ThreadHandle=0x2b5d920, DesiredAccess=0x1a, ObjectAttributes=0x2b5d928, ClientId=0x2b5d958*(UniqueProcess=0x0, UniqueThread=0x5cc) | out: ThreadHandle=0x2b5d920*=0x248) returned 0x0 [0216.101] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0216.109] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5de70 | out: Context=0x2b5de70*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0xe4, [73]=0x5a, [74]=0x42, [75]=0xea, [76]=0xfc, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0xc96200, SegEs=0x0, SegDs=0x75f2c8, Edi=0x0, Esi=0x75f340, Ebx=0x0, Edx=0xc952c0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x75e218, SegCs=0x0, EFlags=0x75ef30, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x46, [5]=0x2, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xff, [13]=0xff, [14]=0xff, [15]=0xff, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0xf0, [29]=0x96, [30]=0xd6, [31]=0xe7, [32]=0xfc, [33]=0x7f, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x4, [45]=0x12, [46]=0xff, [47]=0xe6, [48]=0xfc, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0216.156] NtCreateSection (in: SectionHandle=0x2b5d900, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5d8a0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5d900*=0x240) returned 0x0 [0216.159] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0x118, BaseAddress=0x2b5d908*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5d8a8*=0x9f796, InheritDisposition=0x7ffc00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5d908*=0x2a70000, SectionOffset=0x0, ViewSize=0x2b5d8a8*=0xa0000) returned 0x0 [0216.164] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0xffffffffffffffff, BaseAddress=0x2b5d8f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5d8a8*=0xa0000, InheritDisposition=0x7ffc00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5d8f8*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5d8a8*=0xa0000) returned 0x0 [0216.193] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x68f0000) returned 0x0 [0216.249] NtClose (Handle=0x240) returned 0x0 [0216.253] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5de70*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0xe4, [73]=0x5a, [74]=0x42, [75]=0xea, [76]=0xfc, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0xc96200, SegEs=0x0, SegDs=0x75f2c8, Edi=0x0, Esi=0x75f340, Ebx=0x0, Edx=0xc952c0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x75e218, SegCs=0x0, EFlags=0x75ef30, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x46, [5]=0x2, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0xff, [13]=0xff, [14]=0xff, [15]=0xff, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0xf0, [29]=0x96, [30]=0xd6, [31]=0xe7, [32]=0xfc, [33]=0x7f, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x15, [45]=0xa5, [46]=0xa8, [47]=0x2, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0216.254] NtQueueApcThread (ThreadHandle=0x248, ApcRoutine=0x2a8a522, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0216.259] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0216.259] NtClose (Handle=0x118) returned 0x0 [0216.259] NtClose (Handle=0x248) returned 0x0 [0216.265] PostThreadMessageW (idThread=0x560, Msg=0x111, wParam=0x0, lParam=0x0) returned 0 [0217.781] PostThreadMessageW (idThread=0x560, Msg=0x8003, wParam=0x2b5e3e3, lParam=0x0) returned 0 [0217.804] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xab0, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0217.804] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0217.804] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0217.911] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0x89a000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0217.911] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0223.073] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xddc) | out: ThreadHandle=0x2b5e770*=0x118) returned 0x0 [0223.193] NtSuspendThread (in: ThreadHandle=0x118, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0223.193] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x28f0000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0223.205] NtGetContextThread (in: ThreadHandle=0x118, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xb3f958, Ebx=0x89a000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xb3f900, Eip=0x7742295c, SegCs=0x23, EFlags=0x206, Esp=0xb3f8e8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0223.205] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x240) returned 0x0 [0223.206] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x175600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x176000) returned 0x0 [0223.220] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x175600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x32c0000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x176000) returned 0x0 [0223.354] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0223.485] NtClose (Handle=0x240) returned 0x0 [0223.491] NtSetContextThread (ThreadHandle=0x118, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xb3f958, Ebx=0x89a000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xb3f900, Eip=0x33a3347, SegCs=0x23, EFlags=0x206, Esp=0xb3f8e8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0223.589] NtResumeThread (in: ThreadHandle=0x118, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0223.589] NtClose (Handle=0x248) returned 0x0 [0223.589] NtClose (Handle=0x118) returned 0x0 [0223.590] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x60, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x118) returned 0x0 [0223.590] NtQueryInformationProcess (in: ProcessHandle=0x118, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0223.590] NtQueryInformationProcess (in: ProcessHandle=0x118, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0223.590] NtReadVirtualMemory (in: ProcessHandle=0x118, BaseAddress=0x957000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0223.590] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0228.663] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xbd8) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0228.664] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0228.664] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x118, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2b20000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0228.671] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xb8fb40, Ebx=0x957000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xb8fae8, Eip=0x7742295c, SegCs=0x23, EFlags=0x212, Esp=0xb8fad0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0228.671] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x240) returned 0x0 [0228.671] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x136600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x137000) returned 0x0 [0228.681] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0x118, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x136600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x2930000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x137000) returned 0x0 [0228.710] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0228.815] NtClose (Handle=0x240) returned 0x0 [0228.816] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xb8fb40, Ebx=0x957000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xb8fae8, Eip=0x29d4347, SegCs=0x23, EFlags=0x212, Esp=0xb8fad0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0228.816] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0228.816] NtClose (Handle=0x118) returned 0x0 [0228.816] NtClose (Handle=0x248) returned 0x0 [0228.819] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xb90, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0228.819] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0228.819] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0228.819] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0x850000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0228.819] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0233.850] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xb68) | out: ThreadHandle=0x2b5e770*=0x118) returned 0x0 [0233.850] NtSuspendThread (in: ThreadHandle=0x118, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0233.850] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2480000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0233.856] NtGetContextThread (in: ThreadHandle=0x118, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xaff7c0, Ebx=0x850000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xaff768, Eip=0x7742295c, SegCs=0x23, EFlags=0x216, Esp=0xaff750, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0233.856] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x240) returned 0x0 [0233.856] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x186600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x187000) returned 0x0 [0233.865] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x186600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0xdb0000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x187000) returned 0x0 [0233.895] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0234.030] NtClose (Handle=0x240) returned 0x0 [0234.030] NtSetContextThread (ThreadHandle=0x118, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xaff7c0, Ebx=0x850000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xaff768, Eip=0xea4347, SegCs=0x23, EFlags=0x216, Esp=0xaff750, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0234.030] NtResumeThread (in: ThreadHandle=0x118, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0234.030] NtClose (Handle=0x248) returned 0x0 [0234.030] NtClose (Handle=0x118) returned 0x0 [0234.031] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xce0, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x118) returned 0x0 [0234.031] NtQueryInformationProcess (in: ProcessHandle=0x118, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0234.031] NtQueryInformationProcess (in: ProcessHandle=0x118, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0234.031] NtReadVirtualMemory (in: ProcessHandle=0x118, BaseAddress=0x6c5000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0234.032] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0239.070] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xdf0) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0239.070] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0239.070] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x118, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x25c0000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0239.077] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x5ff790, Ebx=0x6c5000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x5ff738, Eip=0x7742295c, SegCs=0x23, EFlags=0x212, Esp=0x5ff720, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0239.085] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x240) returned 0x0 [0239.086] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x137600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x138000) returned 0x0 [0239.095] NtMapViewOfSection (in: SectionHandle=0x240, ProcessHandle=0x118, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x137600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x2f90000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x138000) returned 0x0 [0239.168] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0239.245] NtClose (Handle=0x240) returned 0x0 [0239.245] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x5ff790, Ebx=0x6c5000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x5ff738, Eip=0x3035347, SegCs=0x23, EFlags=0x212, Esp=0x5ff720, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0239.245] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0239.245] NtClose (Handle=0x118) returned 0x0 [0239.245] NtClose (Handle=0x248) returned 0x0 [0239.247] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xdc8, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0239.247] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0239.247] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0239.247] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0xbcc000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0239.247] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0244.257] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xdd4) | out: ThreadHandle=0x2b5e770*=0x14c) returned 0x0 [0244.257] NtSuspendThread (in: ThreadHandle=0x14c, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0244.257] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2200000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0244.264] NtGetContextThread (in: ThreadHandle=0x14c, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xcffc20, Ebx=0xbcc000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xcffbc8, Eip=0x7742295c, SegCs=0x23, EFlags=0x212, Esp=0xcffbb0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0244.264] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0244.264] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0xb5600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0xb6000) returned 0x0 [0244.269] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0xb5600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0xd00000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0xb6000) returned 0x0 [0244.276] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0244.299] NtClose (Handle=0x21c) returned 0x0 [0244.299] NtSetContextThread (ThreadHandle=0x14c, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xcffc20, Ebx=0xbcc000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xcffbc8, Eip=0xd23347, SegCs=0x23, EFlags=0x212, Esp=0xcffbb0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0244.336] NtResumeThread (in: ThreadHandle=0x14c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0244.336] NtClose (Handle=0x248) returned 0x0 [0244.336] NtClose (Handle=0x14c) returned 0x0 [0244.337] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xdb8, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x14c) returned 0x0 [0244.337] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0244.337] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0244.337] NtReadVirtualMemory (in: ProcessHandle=0x14c, BaseAddress=0x28e000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0244.337] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0249.352] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xbb0) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0249.352] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0249.353] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x14c, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2240000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0249.358] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19f988, Ebx=0x28e000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19f930, Eip=0x7742295c, SegCs=0x23, EFlags=0x206, Esp=0x19f918, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0249.359] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0249.359] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x1aa600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x1ab000) returned 0x0 [0249.372] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x14c, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x1aa600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x2060000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x1ab000) returned 0x0 [0249.462] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0249.634] NtClose (Handle=0x21c) returned 0x0 [0249.634] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19f988, Ebx=0x28e000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19f930, Eip=0x2178347, SegCs=0x23, EFlags=0x206, Esp=0x19f918, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0249.636] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0249.637] NtClose (Handle=0x14c) returned 0x0 [0249.637] NtClose (Handle=0x248) returned 0x0 [0249.638] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x6ec, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0249.638] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0249.638] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0249.638] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0x5a0000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0249.639] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0254.664] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0x888) | out: ThreadHandle=0x2b5e770*=0x14c) returned 0x0 [0254.664] NtSuspendThread (in: ThreadHandle=0x14c, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0254.664] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2360000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0254.671] NtGetContextThread (in: ThreadHandle=0x14c, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x33fc28, Ebx=0x5a0000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x33fbd0, Eip=0x7742295c, SegCs=0x23, EFlags=0x206, Esp=0x33fbb8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0254.671] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0254.671] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x167600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x168000) returned 0x0 [0254.680] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x167600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x7c0000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x168000) returned 0x0 [0254.709] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0254.794] NtClose (Handle=0x21c) returned 0x0 [0254.794] NtSetContextThread (ThreadHandle=0x14c, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x33fc28, Ebx=0x5a0000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x33fbd0, Eip=0x895347, SegCs=0x23, EFlags=0x206, Esp=0x33fbb8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0254.794] NtResumeThread (in: ThreadHandle=0x14c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0254.795] NtClose (Handle=0x248) returned 0x0 [0254.795] NtClose (Handle=0x14c) returned 0x0 [0254.796] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x6d8, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x14c) returned 0x0 [0254.796] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0254.796] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0254.796] NtReadVirtualMemory (in: ProcessHandle=0x14c, BaseAddress=0x422000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0254.796] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0259.807] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xc1c) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0259.807] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0259.807] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x14c, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2370000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0259.812] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x6ff880, Ebx=0x422000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x6ff828, Eip=0x7742295c, SegCs=0x23, EFlags=0x212, Esp=0x6ff810, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0259.813] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0259.813] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x185600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x186000) returned 0x0 [0259.823] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x14c, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x185600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x2d40000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x186000) returned 0x0 [0259.849] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0259.938] NtClose (Handle=0x21c) returned 0x0 [0259.938] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x6ff880, Ebx=0x422000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x6ff828, Eip=0x2e33347, SegCs=0x23, EFlags=0x212, Esp=0x6ff810, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0259.938] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0259.939] NtClose (Handle=0x14c) returned 0x0 [0259.939] NtClose (Handle=0x248) returned 0x0 [0259.940] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xa94, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0259.940] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0259.940] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0259.940] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0x571000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0259.940] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0265.007] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xafc) | out: ThreadHandle=0x2b5e770*=0x14c) returned 0x0 [0265.007] NtSuspendThread (in: ThreadHandle=0x14c, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0265.007] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2210000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0265.012] NtGetContextThread (in: ThreadHandle=0x14c, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x6ff9a8, Ebx=0x571000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x6ff950, Eip=0x7742295c, SegCs=0x23, EFlags=0x202, Esp=0x6ff938, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0265.012] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0265.013] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x118600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x119000) returned 0x0 [0265.019] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x118600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x700000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x119000) returned 0x0 [0265.035] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0265.114] NtClose (Handle=0x21c) returned 0x0 [0265.114] NtSetContextThread (ThreadHandle=0x14c, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x6ff9a8, Ebx=0x571000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x6ff950, Eip=0x786347, SegCs=0x23, EFlags=0x202, Esp=0x6ff938, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0265.114] NtResumeThread (in: ThreadHandle=0x14c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0265.115] NtClose (Handle=0x248) returned 0x0 [0265.115] NtClose (Handle=0x14c) returned 0x0 [0265.116] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xe08, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x14c) returned 0x0 [0265.116] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0265.116] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0265.116] NtReadVirtualMemory (in: ProcessHandle=0x14c, BaseAddress=0x365000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0265.116] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0270.151] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xdf8) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0270.151] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0270.151] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x14c, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x21e0000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0270.156] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x53faa0, Ebx=0x365000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x53fa48, Eip=0x7742295c, SegCs=0x23, EFlags=0x216, Esp=0x53fa30, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0270.157] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0270.157] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0xde600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x2dd0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0xdf000) returned 0x0 [0270.162] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x14c, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0xde600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x640000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0xdf000) returned 0x0 [0270.224] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x2dd0000) returned 0x0 [0270.291] NtClose (Handle=0x21c) returned 0x0 [0270.291] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x53faa0, Ebx=0x365000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x53fa48, Eip=0x68c347, SegCs=0x23, EFlags=0x216, Esp=0x53fa30, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0270.291] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0270.292] NtClose (Handle=0x14c) returned 0x0 [0270.292] NtClose (Handle=0x248) returned 0x0 [0270.293] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xcb8, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0270.293] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0270.293] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0270.293] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0x11c9000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0270.293] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0275.377] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xa08) | out: ThreadHandle=0x2b5e770*=0x14c) returned 0x0 [0275.392] NtSuspendThread (in: ThreadHandle=0x14c, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0275.408] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x3030000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0275.413] NtGetContextThread (in: ThreadHandle=0x14c, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x140fc80, Ebx=0x11c9000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x140fc28, Eip=0x7742295c, SegCs=0x23, EFlags=0x212, Esp=0x140fc10, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0275.456] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0275.456] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x177600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x178000) returned 0x0 [0275.465] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x177600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x3a00000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x178000) returned 0x0 [0275.488] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0275.578] NtClose (Handle=0x21c) returned 0x0 [0275.578] NtSetContextThread (ThreadHandle=0x14c, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x140fc80, Ebx=0x11c9000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x140fc28, Eip=0x3ae5347, SegCs=0x23, EFlags=0x212, Esp=0x140fc10, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0275.578] NtResumeThread (in: ThreadHandle=0x14c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0275.579] NtClose (Handle=0x248) returned 0x0 [0275.579] NtClose (Handle=0x14c) returned 0x0 [0275.583] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xa6c, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x14c) returned 0x0 [0275.583] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0275.583] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0275.584] NtReadVirtualMemory (in: ProcessHandle=0x14c, BaseAddress=0x5f2000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0275.584] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0280.613] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0x1ec) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0280.613] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0280.613] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x14c, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x24a0000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0280.618] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x3ffc4c, Ebx=0x5f2000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x3ffbf4, Eip=0x7742295c, SegCs=0x23, EFlags=0x202, Esp=0x3ffbdc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0280.619] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0280.619] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x19f600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x1a0000) returned 0x0 [0280.628] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x14c, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x19f600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x22a0000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x1a0000) returned 0x0 [0280.655] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0280.726] NtClose (Handle=0x21c) returned 0x0 [0280.726] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x3ffc4c, Ebx=0x5f2000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x3ffbf4, Eip=0x23ad347, SegCs=0x23, EFlags=0x202, Esp=0x3ffbdc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0280.727] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0280.727] NtClose (Handle=0x14c) returned 0x0 [0280.727] NtClose (Handle=0x248) returned 0x0 [0280.728] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x2d4, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0280.728] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0280.728] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0280.728] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0x605000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0280.728] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0285.734] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0x310) | out: ThreadHandle=0x2b5e770*=0x14c) returned 0x0 [0285.735] NtSuspendThread (in: ThreadHandle=0x14c, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0285.735] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x24c0000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0285.746] NtGetContextThread (in: ThreadHandle=0x14c, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x5efcb4, Ebx=0x605000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x5efc5c, Eip=0x7742295c, SegCs=0x23, EFlags=0x206, Esp=0x5efc44, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0285.747] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0285.747] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x199600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x19a000) returned 0x0 [0285.756] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x199600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x2e90000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x19a000) returned 0x0 [0285.830] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0285.866] NtClose (Handle=0x21c) returned 0x0 [0285.866] NtSetContextThread (ThreadHandle=0x14c, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x5efcb4, Ebx=0x605000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x5efc5c, Eip=0x2f97347, SegCs=0x23, EFlags=0x206, Esp=0x5efc44, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0285.907] NtResumeThread (in: ThreadHandle=0x14c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0285.907] NtClose (Handle=0x248) returned 0x0 [0285.907] NtClose (Handle=0x14c) returned 0x0 [0285.908] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x3b8, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x14c) returned 0x0 [0285.908] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0285.908] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0285.908] NtReadVirtualMemory (in: ProcessHandle=0x14c, BaseAddress=0x5b8000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0285.908] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0290.954] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0x3cc) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0290.954] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0290.955] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x14c, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x22a0000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0290.960] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x39fb18, Ebx=0x5b8000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x39fac0, Eip=0x7742295c, SegCs=0x23, EFlags=0x202, Esp=0x39faa8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0290.960] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0290.960] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x182600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x183000) returned 0x0 [0290.968] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x14c, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x182600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x7a0000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x183000) returned 0x0 [0290.994] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0291.070] NtClose (Handle=0x21c) returned 0x0 [0291.070] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x39fb18, Ebx=0x5b8000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x39fac0, Eip=0x890347, SegCs=0x23, EFlags=0x202, Esp=0x39faa8, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0291.070] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0291.070] NtClose (Handle=0x14c) returned 0x0 [0291.070] NtClose (Handle=0x248) returned 0x0 [0291.072] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xdec, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0291.072] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0291.072] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0291.072] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0xf65000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0291.072] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0296.174] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0x55c) | out: ThreadHandle=0x2b5e770*=0x14c) returned 0x0 [0296.175] NtSuspendThread (in: ThreadHandle=0x14c, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0296.175] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2d90000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0296.180] NtGetContextThread (in: ThreadHandle=0x14c, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x10ff774, Ebx=0xf65000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x10ff71c, Eip=0x7742295c, SegCs=0x23, EFlags=0x202, Esp=0x10ff704, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0296.181] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0296.182] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x151600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x152000) returned 0x0 [0296.977] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x151600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x3760000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x152000) returned 0x0 [0297.009] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0297.280] NtClose (Handle=0x21c) returned 0x0 [0297.281] NtSetContextThread (ThreadHandle=0x14c, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x10ff774, Ebx=0xf65000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x10ff71c, Eip=0x381f347, SegCs=0x23, EFlags=0x202, Esp=0x10ff704, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0297.282] NtResumeThread (in: ThreadHandle=0x14c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0297.282] NtClose (Handle=0x248) returned 0x0 [0297.282] NtClose (Handle=0x14c) returned 0x0 [0297.285] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x6a4, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x14c) returned 0x0 [0297.286] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0297.286] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0297.286] NtReadVirtualMemory (in: ProcessHandle=0x14c, BaseAddress=0x9d0000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0297.286] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0302.376] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0x6c4) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0302.394] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0302.408] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x14c, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2860000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0302.414] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xaffd08, Ebx=0x9d0000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xaffcb0, Eip=0x7742295c, SegCs=0x23, EFlags=0x202, Esp=0xaffc98, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0302.580] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0302.595] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x12e600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x5e00000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x12f000) returned 0x0 [0302.603] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x14c, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x12e600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0xce0000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x12f000) returned 0x0 [0302.624] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x5e00000) returned 0x0 [0302.691] NtClose (Handle=0x21c) returned 0x0 [0302.752] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0xaffd08, Ebx=0x9d0000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0xaffcb0, Eip=0xd7c347, SegCs=0x23, EFlags=0x202, Esp=0xaffc98, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0302.753] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0302.753] NtClose (Handle=0x14c) returned 0x0 [0302.753] NtClose (Handle=0x248) returned 0x0 [0302.755] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x7b8, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0302.755] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0302.755] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0302.755] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0x751000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0302.755] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0307.809] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0x908) | out: ThreadHandle=0x2b5e770*=0x14c) returned 0x0 [0307.870] NtSuspendThread (in: ThreadHandle=0x14c, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0307.885] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x25f0000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0307.891] NtGetContextThread (in: ThreadHandle=0x14c, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x95f8d0, Ebx=0x751000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x95f878, Eip=0x7742295c, SegCs=0x23, EFlags=0x216, Esp=0x95f860, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0307.893] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0307.894] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x17c600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x17d000) returned 0x0 [0307.949] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x17c600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x2fc0000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x17d000) returned 0x0 [0307.977] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0308.069] NtClose (Handle=0x21c) returned 0x0 [0308.069] NtSetContextThread (ThreadHandle=0x14c, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x95f8d0, Ebx=0x751000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x95f878, Eip=0x30aa347, SegCs=0x23, EFlags=0x216, Esp=0x95f860, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0308.070] NtResumeThread (in: ThreadHandle=0x14c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0308.070] NtClose (Handle=0x248) returned 0x0 [0308.070] NtClose (Handle=0x14c) returned 0x0 [0308.073] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0x84, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x14c) returned 0x0 [0308.074] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0308.074] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0308.074] NtReadVirtualMemory (in: ProcessHandle=0x14c, BaseAddress=0xe48000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0308.074] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0313.197] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xf0) | out: ThreadHandle=0x2b5e770*=0x248) returned 0x0 [0313.231] NtSuspendThread (in: ThreadHandle=0x248, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0313.247] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x14c, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x2e10000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0313.347] NtGetContextThread (in: ThreadHandle=0x248, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x10ffefc, Ebx=0xe48000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x10ffea4, Eip=0x7742295c, SegCs=0x23, EFlags=0x202, Esp=0x10ffe8c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0313.348] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0313.349] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x185600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x68f0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0x186000) returned 0x0 [0313.358] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x14c, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x185600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0x37e0000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0x186000) returned 0x0 [0313.386] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x68f0000) returned 0x0 [0313.469] NtClose (Handle=0x21c) returned 0x0 [0313.469] NtSetContextThread (ThreadHandle=0x248, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x10ffefc, Ebx=0xe48000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x10ffea4, Eip=0x38d3347, SegCs=0x23, EFlags=0x202, Esp=0x10ffe8c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0313.515] NtResumeThread (in: ThreadHandle=0x248, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0313.515] NtClose (Handle=0x14c) returned 0x0 [0313.515] NtClose (Handle=0x248) returned 0x0 [0313.517] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xedc, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x248) returned 0x0 [0313.518] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0313.518] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0313.518] NtReadVirtualMemory (in: ProcessHandle=0x248, BaseAddress=0x725000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0313.518] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) returned 0x0 [0318.535] NtOpenThread (in: ThreadHandle=0x2b5e770, DesiredAccess=0x1a, ObjectAttributes=0x2b5e3bc, ClientId=0x2b5e3d4*(UniqueProcess=0x0, UniqueThread=0xeec) | out: ThreadHandle=0x2b5e770*=0x14c) returned 0x0 [0318.536] NtSuspendThread (in: ThreadHandle=0x14c, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0318.536] NtMapViewOfSection (in: SectionHandle=0x128, ProcessHandle=0x248, BaseAddress=0x2b5e410*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x2b5e410*=0x25f0000, SectionOffset=0x0, ViewSize=0x2b5e40c*=0x9c4000) returned 0x0 [0318.542] NtGetContextThread (in: ThreadHandle=0x14c, Context=0x2b5e438 | out: Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x59fe0c, Ebx=0x725000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x59fdb4, Eip=0x7742295c, SegCs=0x23, EFlags=0x206, Esp=0x59fd9c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0318.545] NtCreateSection (in: SectionHandle=0x2b5e3f8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2b5e3b8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2b5e3f8*=0x21c) returned 0x0 [0318.545] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0xffffffff, BaseAddress=0x2b5e400*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0xee600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e400*=0x2dd0000, SectionOffset=0x0, ViewSize=0x2b5e3b8*=0xef000) returned 0x0 [0318.552] NtMapViewOfSection (in: SectionHandle=0x21c, ProcessHandle=0x248, BaseAddress=0x2b5e3fc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0xee600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2b5e3fc*=0xa60000, SectionOffset=0x0, ViewSize=0x2b5e3f4*=0xef000) returned 0x0 [0318.566] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x2dd0000) returned 0x0 [0318.637] NtClose (Handle=0x21c) returned 0x0 [0318.637] NtSetContextThread (ThreadHandle=0x14c, Context=0x2b5e438*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x59fe0c, Ebx=0x725000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x59fdb4, Eip=0xabc347, SegCs=0x23, EFlags=0x206, Esp=0x59fd9c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0318.638] NtResumeThread (in: ThreadHandle=0x14c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0318.638] NtClose (Handle=0x248) returned 0x0 [0318.638] NtClose (Handle=0x14c) returned 0x0 [0318.640] NtOpenProcess (in: ProcessHandle=0x2b5e77c, DesiredAccess=0x438, ObjectAttributes=0x2b5e744*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x2b5e75c*(UniqueProcess=0xed4, UniqueThread=0x0) | out: ProcessHandle=0x2b5e77c*=0x14c) returned 0x0 [0318.640] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x1a, ProcessInformation=0x2b5e76c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b5e76c, ReturnLength=0x0) returned 0x0 [0318.640] NtQueryInformationProcess (in: ProcessHandle=0x14c, ProcessInformationClass=0x0, ProcessInformation=0x2b5e3f0, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x2b5e3f0, ReturnLength=0x0) returned 0x0 [0318.640] NtReadVirtualMemory (in: ProcessHandle=0x14c, BaseAddress=0x6fb000, Buffer=0x2b5e704, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x2b5e704*, NumberOfBytesRead=0x0) returned 0x0 [0318.640] NtDelayExecution (Alertable=0, Interval=0x2b5e3d8*=-50000000) Thread: id = 196 os_tid = 0x101c Thread: id = 197 os_tid = 0x4f4 [0182.415] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x334f95c*=0x0, ZeroBits=0x0, RegionSize=0x334f960*=0x2804c, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x334f95c*=0x2fd0000, RegionSize=0x334f960*=0x29000) returned 0x0 [0182.418] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="wininet.dll", BaseAddress=0x334f948 | out: BaseAddress=0x334f948*=0x74010000) returned 0x0 Thread: id = 199 os_tid = 0x1268 Thread: id = 213 os_tid = 0x4f8 Thread: id = 222 os_tid = 0x1344 Thread: id = 224 os_tid = 0x1364 Process: id = "9" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2d81b000" os_pid = "0x1300" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xf5c" cmd_line = "/c copy \"C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data\" \"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1\" /V" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 200 os_tid = 0x1388 [0206.417] GetModuleHandleA (lpModuleName=0x0) returned 0x150000 [0206.418] __set_app_type (_Type=0x1) [0206.418] __p__fmode () returned 0x776f3c14 [0206.418] __p__commode () returned 0x776f49ec [0206.418] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x166fd0) returned 0x0 [0206.418] __getmainargs (in: _Argc=0x17d1a4, _Argv=0x17d1a8, _Env=0x17d1ac, _DoWildCard=0, _StartInfo=0x17d1b8 | out: _Argc=0x17d1a4, _Argv=0x17d1a8, _Env=0x17d1ac) returned 0 [0206.418] _onexit (_Func=0x168030) returned 0x168030 [0206.418] _onexit (_Func=0x168040) returned 0x168040 [0206.419] _onexit (_Func=0x168050) returned 0x168050 [0206.419] _onexit (_Func=0x168060) returned 0x168060 [0206.419] _onexit (_Func=0x168070) returned 0x168070 [0206.421] _onexit (_Func=0x168080) returned 0x168080 [0206.421] GetCurrentThreadId () returned 0x1388 [0206.421] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x1388) returned 0xbc [0206.421] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x772d0000 [0206.422] GetProcAddress (hModule=0x772d0000, lpProcName="SetThreadUILanguage") returned 0x772e4f70 [0206.422] SetThreadUILanguage (LangId=0x0) returned 0x2c10409 [0206.526] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0206.526] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2b9f780 | out: phkResult=0x2b9f780*=0x0) returned 0x2 [0206.526] VirtualQuery (in: lpAddress=0x2b9f78b, lpBuffer=0x2b9f738, dwLength=0x1c | out: lpBuffer=0x2b9f738*(BaseAddress=0x2b9f000, AllocationBase=0x2aa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0206.526] VirtualQuery (in: lpAddress=0x2aa0000, lpBuffer=0x2b9f738, dwLength=0x1c | out: lpBuffer=0x2b9f738*(BaseAddress=0x2aa0000, AllocationBase=0x2aa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0206.526] VirtualQuery (in: lpAddress=0x2aa1000, lpBuffer=0x2b9f738, dwLength=0x1c | out: lpBuffer=0x2b9f738*(BaseAddress=0x2aa1000, AllocationBase=0x2aa0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0206.526] VirtualQuery (in: lpAddress=0x2aa3000, lpBuffer=0x2b9f738, dwLength=0x1c | out: lpBuffer=0x2b9f738*(BaseAddress=0x2aa3000, AllocationBase=0x2aa0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0206.527] VirtualQuery (in: lpAddress=0x2ba0000, lpBuffer=0x2b9f738, dwLength=0x1c | out: lpBuffer=0x2b9f738*(BaseAddress=0x2ba0000, AllocationBase=0x2ba0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0206.527] GetConsoleOutputCP () returned 0x1b5 [0206.743] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x183850 | out: lpCPInfo=0x183850) returned 1 [0206.743] SetConsoleCtrlHandler (HandlerRoutine=0x177260, Add=1) returned 1 [0206.744] _get_osfhandle (_FileHandle=1) returned 0x90 [0206.744] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x18388c | out: lpMode=0x18388c) returned 1 [0206.837] _get_osfhandle (_FileHandle=0) returned 0x8c [0206.837] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0x183888 | out: lpMode=0x183888) returned 1 [0206.950] _get_osfhandle (_FileHandle=1) returned 0x90 [0206.951] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x0) returned 1 [0207.040] _get_osfhandle (_FileHandle=1) returned 0x90 [0207.040] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x183890 | out: lpMode=0x183890) returned 1 [0207.133] _get_osfhandle (_FileHandle=1) returned 0x90 [0207.133] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0207.232] _get_osfhandle (_FileHandle=0) returned 0x8c [0207.232] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0x183894 | out: lpMode=0x183894) returned 1 [0207.321] _get_osfhandle (_FileHandle=0) returned 0x8c [0207.321] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1e7) returned 1 [0207.415] GetEnvironmentStringsW () returned 0x2ea4e40* [0207.415] GetProcessHeap () returned 0x2ea0000 [0207.415] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0xbb6) returned 0x2ea5a00 [0207.415] FreeEnvironmentStringsA (penv="=") returned 1 [0207.415] GetProcessHeap () returned 0x2ea0000 [0207.415] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x4) returned 0x2ea4920 [0207.415] GetEnvironmentStringsW () returned 0x2ea4e40* [0207.415] GetProcessHeap () returned 0x2ea0000 [0207.415] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0xbb6) returned 0x2ea65c0 [0207.416] FreeEnvironmentStringsA (penv="=") returned 1 [0207.416] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2b9e6dc | out: phkResult=0x2b9e6dc*=0xcc) returned 0x0 [0207.416] RegQueryValueExW (in: hKey=0xcc, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x0, lpData=0x2b9e6e8*=0xc5, lpcbData=0x2b9e6e0*=0x1000) returned 0x2 [0207.416] RegQueryValueExW (in: hKey=0xcc, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x4, lpData=0x2b9e6e8*=0x1, lpcbData=0x2b9e6e0*=0x4) returned 0x0 [0207.416] RegQueryValueExW (in: hKey=0xcc, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x0, lpData=0x2b9e6e8*=0x1, lpcbData=0x2b9e6e0*=0x1000) returned 0x2 [0207.416] RegQueryValueExW (in: hKey=0xcc, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x4, lpData=0x2b9e6e8*=0x0, lpcbData=0x2b9e6e0*=0x4) returned 0x0 [0207.416] RegQueryValueExW (in: hKey=0xcc, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x4, lpData=0x2b9e6e8*=0x40, lpcbData=0x2b9e6e0*=0x4) returned 0x0 [0207.416] RegQueryValueExW (in: hKey=0xcc, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x4, lpData=0x2b9e6e8*=0x40, lpcbData=0x2b9e6e0*=0x4) returned 0x0 [0207.416] RegQueryValueExW (in: hKey=0xcc, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x0, lpData=0x2b9e6e8*=0x40, lpcbData=0x2b9e6e0*=0x1000) returned 0x2 [0207.417] RegCloseKey (hKey=0xcc) returned 0x0 [0207.417] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2b9e6dc | out: phkResult=0x2b9e6dc*=0xcc) returned 0x0 [0207.417] RegQueryValueExW (in: hKey=0xcc, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x0, lpData=0x2b9e6e8*=0x40, lpcbData=0x2b9e6e0*=0x1000) returned 0x2 [0207.417] RegQueryValueExW (in: hKey=0xcc, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x4, lpData=0x2b9e6e8*=0x1, lpcbData=0x2b9e6e0*=0x4) returned 0x0 [0207.417] RegQueryValueExW (in: hKey=0xcc, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x0, lpData=0x2b9e6e8*=0x1, lpcbData=0x2b9e6e0*=0x1000) returned 0x2 [0207.417] RegQueryValueExW (in: hKey=0xcc, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x4, lpData=0x2b9e6e8*=0x0, lpcbData=0x2b9e6e0*=0x4) returned 0x0 [0207.417] RegQueryValueExW (in: hKey=0xcc, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x4, lpData=0x2b9e6e8*=0x9, lpcbData=0x2b9e6e0*=0x4) returned 0x0 [0207.417] RegQueryValueExW (in: hKey=0xcc, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x4, lpData=0x2b9e6e8*=0x9, lpcbData=0x2b9e6e0*=0x4) returned 0x0 [0207.417] RegQueryValueExW (in: hKey=0xcc, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2b9e6e4, lpData=0x2b9e6e8, lpcbData=0x2b9e6e0*=0x1000 | out: lpType=0x2b9e6e4*=0x0, lpData=0x2b9e6e8*=0x9, lpcbData=0x2b9e6e0*=0x1000) returned 0x2 [0207.417] RegCloseKey (hKey=0xcc) returned 0x0 [0207.417] time (in: timer=0x0 | out: timer=0x0) returned 0x5f6956d7 [0207.417] srand (_Seed=0x5f6956d7) [0207.417] GetCommandLineW () returned="/c copy \"C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data\" \"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1\" /V" [0207.418] malloc (_Size=0x4000) returned 0x2e72370 [0207.418] GetCommandLineW () returned="/c copy \"C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data\" \"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1\" /V" [0207.418] malloc (_Size=0xffce) returned 0x31a0048 [0207.419] ??_V@YAXPAX@Z () returned 0x2b9f6c0 [0207.419] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x31a0048 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0207.420] malloc (_Size=0xffce) returned 0x31b0020 [0207.421] ??_V@YAXPAX@Z () returned 0x2b9f494 [0207.421] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x31b0020, nSize=0x7fe7 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0207.422] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x17f840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps;") returned 0xbc [0207.422] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x17f840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0207.422] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x17f840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0207.422] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0207.422] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0207.422] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0207.422] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0207.422] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0207.422] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0207.422] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0207.422] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0207.422] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0207.422] GetProcessHeap () returned 0x2ea0000 [0207.422] RtlFreeHeap (HeapHandle=0x2ea0000, Flags=0x0, BaseAddress=0x2ea5a00) returned 1 [0207.422] GetEnvironmentStringsW () returned 0x2ea4e40* [0207.422] GetProcessHeap () returned 0x2ea0000 [0207.422] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0xbce) returned 0x2ea7d58 [0207.423] FreeEnvironmentStringsA (penv="=") returned 1 [0207.423] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x17f840, nSize=0x2000 | out: lpBuffer="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1b [0207.423] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x17f840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0207.423] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0207.423] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0207.423] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0207.423] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0207.423] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0207.423] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0207.423] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0207.423] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0207.423] malloc (_Size=0xffce) returned 0x31bfff8 [0207.423] ??_V@YAXPAX@Z () returned 0x2b9f22c [0207.424] GetProcessHeap () returned 0x2ea0000 [0207.424] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x30) returned 0x2ea8930 [0207.424] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x31bfff8 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0207.424] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\system32", nBufferLength=0x7fe7, lpBuffer=0x31bfff8, lpFilePart=0x2b9f278 | out: lpBuffer="C:\\WINDOWS\\system32", lpFilePart=0x2b9f278*="system32") returned 0x13 [0207.424] GetFileAttributesW (lpFileName="C:\\WINDOWS\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0207.425] FindFirstFileW (in: lpFileName="C:\\WINDOWS", lpFindFileData=0x2b9eff8 | out: lpFindFileData=0x2b9eff8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xc838b81d, ftLastAccessTime.dwHighDateTime=0x1d41dc3, ftLastWriteTime.dwLowDateTime=0xc838b81d, ftLastWriteTime.dwHighDateTime=0x1d41dc3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x2ea8968 [0207.425] FindClose (in: hFindFile=0x2ea8968 | out: hFindFile=0x2ea8968) returned 1 [0207.425] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x2b9eff8 | out: lpFindFileData=0x2b9eff8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0xc0b701ad, ftLastAccessTime.dwHighDateTime=0x1d5d815, ftLastWriteTime.dwLowDateTime=0xc0b701ad, ftLastWriteTime.dwHighDateTime=0x1d5d815, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x2ea8968 [0207.425] FindClose (in: hFindFile=0x2ea8968 | out: hFindFile=0x2ea8968) returned 1 [0207.425] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0207.425] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0207.426] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0207.426] GetProcessHeap () returned 0x2ea0000 [0207.426] RtlFreeHeap (HeapHandle=0x2ea0000, Flags=0x0, BaseAddress=0x2ea7d58) returned 1 [0207.426] GetEnvironmentStringsW () returned 0x2ea7180* [0207.426] GetProcessHeap () returned 0x2ea0000 [0207.426] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0xbfe) returned 0x2ea8968 [0207.426] FreeEnvironmentStringsA (penv="=") returned 1 [0207.426] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x31a0048 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0207.426] GetProcessHeap () returned 0x2ea0000 [0207.426] RtlFreeHeap (HeapHandle=0x2ea0000, Flags=0x0, BaseAddress=0x2ea8930) returned 1 [0207.426] ??_V@YAXPAX@Z () returned 0x1 [0207.426] ??_V@YAXPAX@Z () returned 0x1 [0207.426] GetProcessHeap () returned 0x2ea0000 [0207.426] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x400e) returned 0x2ea9570 [0207.427] GetProcessHeap () returned 0x2ea0000 [0207.427] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x104) returned 0x2ea5a48 [0207.427] GetProcessHeap () returned 0x2ea0000 [0207.427] RtlFreeHeap (HeapHandle=0x2ea0000, Flags=0x0, BaseAddress=0x2ea9570) returned 1 [0207.427] GetConsoleOutputCP () returned 0x1b5 [0207.508] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x183850 | out: lpCPInfo=0x183850) returned 1 [0207.508] GetUserDefaultLCID () returned 0x409 [0207.509] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x17f82c, cchData=8 | out: lpLCData=":") returned 2 [0207.509] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2b9f5e8, cchData=128 | out: lpLCData="0") returned 2 [0207.509] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2b9f5e8, cchData=128 | out: lpLCData="0") returned 2 [0207.509] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2b9f5e8, cchData=128 | out: lpLCData="1") returned 2 [0207.509] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x17f81c, cchData=8 | out: lpLCData="/") returned 2 [0207.509] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x17f7b8, cchData=32 | out: lpLCData="Mon") returned 4 [0207.509] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x17f778, cchData=32 | out: lpLCData="Tue") returned 4 [0207.510] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x17f738, cchData=32 | out: lpLCData="Wed") returned 4 [0207.510] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x17f6f8, cchData=32 | out: lpLCData="Thu") returned 4 [0207.510] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x17f6b8, cchData=32 | out: lpLCData="Fri") returned 4 [0207.510] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x17f678, cchData=32 | out: lpLCData="Sat") returned 4 [0207.510] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x17f638, cchData=32 | out: lpLCData="Sun") returned 4 [0207.510] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x17f80c, cchData=8 | out: lpLCData=".") returned 2 [0207.510] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x17f7f8, cchData=8 | out: lpLCData=",") returned 2 [0207.510] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0207.513] GetProcessHeap () returned 0x2ea0000 [0207.513] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x0, Size=0x20c) returned 0x2ea5ba0 [0207.513] GetConsoleTitleW (in: lpConsoleTitle=0x2ea5ba0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\cmd.exe") returned 0x1c [0207.587] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x772d0000 [0207.587] GetProcAddress (hModule=0x772d0000, lpProcName="CopyFileExW") returned 0x772e4330 [0207.587] GetProcAddress (hModule=0x772d0000, lpProcName="IsDebuggerPresent") returned 0x772e5930 [0207.587] GetProcAddress (hModule=0x772d0000, lpProcName="SetConsoleInputExeNameW") returned 0x74d009d0 [0207.587] ??_V@YAXPAX@Z () returned 0x1 [0207.588] GetProcessHeap () returned 0x2ea0000 [0207.588] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x400a) returned 0x2ea9570 [0207.588] GetProcessHeap () returned 0x2ea0000 [0207.588] RtlFreeHeap (HeapHandle=0x2ea0000, Flags=0x0, BaseAddress=0x2ea9570) returned 1 [0207.588] _wcsicmp (_String1="copy", _String2=")") returned 58 [0207.588] _wcsicmp (_String1="FOR", _String2="copy") returned 3 [0207.589] _wcsicmp (_String1="FOR/?", _String2="copy") returned 3 [0207.589] _wcsicmp (_String1="IF", _String2="copy") returned 6 [0207.589] _wcsicmp (_String1="IF/?", _String2="copy") returned 6 [0207.589] _wcsicmp (_String1="REM", _String2="copy") returned 15 [0207.589] _wcsicmp (_String1="REM/?", _String2="copy") returned 15 [0207.589] GetProcessHeap () returned 0x2ea0000 [0207.589] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x58) returned 0x2ea5db8 [0207.589] GetProcessHeap () returned 0x2ea0000 [0207.589] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x12) returned 0x2ea5e18 [0207.591] GetProcessHeap () returned 0x2ea0000 [0207.591] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0xf8) returned 0x2ea5e38 [0207.592] GetConsoleTitleW (in: lpConsoleTitle=0x2b9f4e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\cmd.exe") returned 0x1c [0207.727] malloc (_Size=0xffce) returned 0x31b26f8 [0207.728] ??_V@YAXPAX@Z () returned 0x2b9f26c [0207.729] malloc (_Size=0xffce) returned 0x31c26d0 [0207.729] ??_V@YAXPAX@Z () returned 0x2b9f024 [0207.730] _wcsicmp (_String1="copy", _String2="DIR") returned -1 [0207.730] _wcsicmp (_String1="copy", _String2="ERASE") returned -2 [0207.730] _wcsicmp (_String1="copy", _String2="DEL") returned -1 [0207.730] _wcsicmp (_String1="copy", _String2="TYPE") returned -17 [0207.730] _wcsicmp (_String1="copy", _String2="COPY") returned 0 [0207.730] ??_V@YAXPAX@Z () returned 0x1 [0207.730] GetProcessHeap () returned 0x2ea0000 [0207.730] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x1e8) returned 0x2ea5f38 [0207.731] GetProcessHeap () returned 0x2ea0000 [0207.731] RtlReAllocateHeap (Heap=0x2ea0000, Flags=0x0, Ptr=0x2ea5f38, Size=0xfa) returned 0x2ea5f38 [0207.731] GetProcessHeap () returned 0x2ea0000 [0207.731] RtlSizeHeap (HeapHandle=0x2ea0000, Flags=0x0, MemoryPointer=0x2ea5f38) returned 0xfa [0207.731] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0207.731] GetProcessHeap () returned 0x2ea0000 [0207.731] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x102) returned 0x2ea6040 [0207.732] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x31a0048 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0207.732] GetProcessHeap () returned 0x2ea0000 [0207.732] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x2c) returned 0x2ea6150 [0207.732] GetProcessHeap () returned 0x2ea0000 [0207.732] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x2c) returned 0x2ea6188 [0207.732] GetProcessHeap () returned 0x2ea0000 [0207.732] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x18) returned 0x2ea61c0 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0207.732] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0207.733] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0207.733] GetProcessHeap () returned 0x2ea0000 [0207.733] RtlFreeHeap (HeapHandle=0x2ea0000, Flags=0x0, BaseAddress=0x2ea61c0) returned 1 [0207.734] GetProcessHeap () returned 0x2ea0000 [0207.734] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x18) returned 0x2ea61c0 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="FPS_BRO", _MaxCount=0x7) returned -3 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.734] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0207.735] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0207.735] GetProcessHeap () returned 0x2ea0000 [0207.735] RtlFreeHeap (HeapHandle=0x2ea0000, Flags=0x0, BaseAddress=0x2ea61c0) returned 1 [0207.735] GetProcessHeap () returned 0x2ea0000 [0207.735] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x1e8) returned 0x2ea61c0 [0207.736] GetProcessHeap () returned 0x2ea0000 [0207.736] RtlReAllocateHeap (Heap=0x2ea0000, Flags=0x0, Ptr=0x2ea61c0, Size=0xfa) returned 0x2ea61c0 [0207.736] GetProcessHeap () returned 0x2ea0000 [0207.736] RtlSizeHeap (HeapHandle=0x2ea0000, Flags=0x0, MemoryPointer=0x2ea61c0) returned 0xfa [0207.736] GetProcessHeap () returned 0x2ea0000 [0207.736] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x2c) returned 0x2ea62c8 [0207.736] GetProcessHeap () returned 0x2ea0000 [0207.736] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x258) returned 0x2ea6300 [0207.736] _wcsicmp (_String1="Login Data", _String2=".") returned 62 [0207.736] _wcsicmp (_String1="Login Data", _String2="..") returned 62 [0207.736] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\login data")) returned 0x20 [0207.737] GetProcessHeap () returned 0x2ea0000 [0207.737] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x2c) returned 0x2ea6560 [0207.737] GetProcessHeap () returned 0x2ea0000 [0207.737] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x258) returned 0x2ea0ae0 [0207.737] _wcsicmp (_String1="DB1", _String2=".") returned 54 [0207.737] _wcsicmp (_String1="DB1", _String2="..") returned 54 [0207.737] _wcsnicmp (_String1="/V", _String2="/Y", _MaxCount=0x2) returned -3 [0207.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x27, ProcessInformation=0x2b9f26c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x2b9f26c, ReturnLength=0x0) returned 0x0 [0207.752] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x27, ProcessInformation=0x2b9f270, ProcessInformationLength=0x4) returned 0x0 [0207.752] malloc (_Size=0xffce) returned 0x31c26d0 [0207.752] ??_V@YAXPAX@Z () returned 0x2b9e93c [0207.752] malloc (_Size=0xffce) returned 0x31d26a8 [0207.753] ??_V@YAXPAX@Z () returned 0x2b9e93c [0207.753] malloc (_Size=0xffce) returned 0x31e2680 [0207.754] ??_V@YAXPAX@Z () returned 0x2b9e93c [0207.754] malloc (_Size=0x1ff9c) returned 0x31f2658 [0207.755] ??_V@YAXPAX@Z () returned 0x2b9e93c [0207.756] VirtualAlloc (lpAddress=0x0, dwSize=0xfe00, flAllocationType=0x1000, flProtect=0x4) returned 0x2a30000 [0207.756] VirtualAlloc (lpAddress=0x0, dwSize=0xfe00, flAllocationType=0x1000, flProtect=0x4) returned 0x2bd0000 [0207.756] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", fInfoLevelId=0x1, lpFindFileData=0x2ea6308, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ea6308) returned 0x2ea0d40 [0207.757] GetProcessHeap () returned 0x2ea0000 [0207.757] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x0, Size=0x14) returned 0x2ea6598 [0207.757] malloc (_Size=0xffce) returned 0x3212600 [0207.757] ??_V@YAXPAX@Z () returned 0x2b9e6d4 [0207.758] malloc (_Size=0xffce) returned 0x32225d8 [0207.759] ??_V@YAXPAX@Z () returned 0x2b9e48c [0207.759] ??_V@YAXPAX@Z () returned 0x1 [0207.760] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", nBufferLength=0x7fe7, lpBuffer=0x3212600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", lpFilePart=0x0) returned 0x26 [0207.760] ??_V@YAXPAX@Z () returned 0x1 [0207.761] _wcsicmp (_String1="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", _String2="con") returned -53 [0207.761] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2b9e94c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xdc [0207.762] _open_osfhandle (_OSFileHandle=0xdc, _Flags=8) returned 3 [0207.762] _get_osfhandle (_FileHandle=3) returned 0xdc [0207.762] GetFileType (hFile=0xdc) returned 0x1 [0207.762] SetErrorMode (uMode=0x0) returned 0x8003 [0207.762] SetErrorMode (uMode=0x1) returned 0x0 [0207.762] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0xffce, lpBuffer=0x31f2658, lpFilePart=0x2b9e95c | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x2b9e95c*="Login Data") returned 0x48 [0207.762] SetErrorMode (uMode=0x8003) returned 0x1 [0207.762] _get_osfhandle (_FileHandle=3) returned 0xdc [0207.762] ReadFile (in: hFile=0xdc, lpBuffer=0x2a30000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x2b9e984, lpOverlapped=0x0 | out: lpBuffer=0x2a30000*, lpNumberOfBytesRead=0x2b9e984*=0x200, lpOverlapped=0x0) returned 1 [0207.796] malloc (_Size=0x1ff9c) returned 0x3212600 [0207.797] ??_V@YAXPAX@Z () returned 0x2b9e6fc [0207.798] SetErrorMode (uMode=0x0) returned 0x8003 [0207.798] SetErrorMode (uMode=0x1) returned 0x0 [0207.798] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", nBufferLength=0xffce, lpBuffer=0x3212600, lpFilePart=0x2b9e71c | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", lpFilePart=0x2b9e71c*="DB1") returned 0x26 [0207.798] SetErrorMode (uMode=0x8003) returned 0x1 [0207.798] _wcsicmp (_String1="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", _String2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1") returned -13 [0207.798] ??_V@YAXPAX@Z () returned 0x1 [0207.799] GetProcessHeap () returned 0x2ea0000 [0207.799] RtlAllocateHeap (HeapHandle=0x2ea0000, Flags=0x8, Size=0x258) returned 0x2ea0d80 [0207.799] _wcsicmp (_String1="DB1", _String2=".") returned 54 [0207.799] _wcsicmp (_String1="DB1", _String2="..") returned 54 [0207.800] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\db1")) returned 0xffffffff [0207.800] GetLastError () returned 0x2 [0207.800] malloc (_Size=0xffce) returned 0x3212600 [0207.801] ??_V@YAXPAX@Z () returned 0x2b9e6d4 [0207.801] malloc (_Size=0xffce) returned 0x32225d8 [0207.801] ??_V@YAXPAX@Z () returned 0x2b9e48c [0207.802] ??_V@YAXPAX@Z () returned 0x1 [0207.802] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", nBufferLength=0x7fe7, lpBuffer=0x3212600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", lpFilePart=0x0) returned 0x26 [0207.803] ??_V@YAXPAX@Z () returned 0x1 [0207.804] malloc (_Size=0x1ff9c) returned 0x3212600 [0207.804] ??_V@YAXPAX@Z () returned 0x2b9e6fc [0207.806] SetErrorMode (uMode=0x0) returned 0x8003 [0207.806] SetErrorMode (uMode=0x1) returned 0x0 [0207.806] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", nBufferLength=0xffce, lpBuffer=0x3212600, lpFilePart=0x2b9e71c | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", lpFilePart=0x2b9e71c*="DB1") returned 0x26 [0207.806] SetErrorMode (uMode=0x8003) returned 0x1 [0207.806] _wcsicmp (_String1="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", _String2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1") returned -13 [0207.806] ??_V@YAXPAX@Z () returned 0x1 [0207.807] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\db1")) returned 0xffffffff [0207.807] CopyFileExW (lpExistingFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\login data"), lpNewFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\db1"), lpProgressRoutine=0x0, lpData=0x0, pbCancel=0x17d54c, dwCopyFlags=0x0) returned 1 [0207.870] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\db1")) returned 0x20 [0207.870] SetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", dwFileAttributes=0x20) returned 1 [0207.870] _wcsicmp (_String1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", _String2="con") returned -53 [0207.870] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\db1"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x2b9e94c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xe0 [0207.870] _open_osfhandle (_OSFileHandle=0xe0, _Flags=8) returned 4 [0207.870] _get_osfhandle (_FileHandle=4) returned 0xe0 [0207.870] GetFileType (hFile=0xe0) returned 0x1 [0207.871] _get_osfhandle (_FileHandle=4) returned 0xe0 [0207.871] FlushFileBuffers (hFile=0xe0) returned 1 [0207.873] _close (_FileHandle=4) returned 0 [0207.873] _wcsicmp (_String1="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1", _String2="con") returned -53 [0207.873] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\DB1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\db1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2b9e94c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xe0 [0207.873] _open_osfhandle (_OSFileHandle=0xe0, _Flags=8) returned 4 [0207.873] _get_osfhandle (_FileHandle=4) returned 0xe0 [0207.873] GetFileType (hFile=0xe0) returned 0x1 [0207.873] _get_osfhandle (_FileHandle=3) returned 0xdc [0207.873] SetFilePointer (in: hFile=0xdc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0207.874] _get_osfhandle (_FileHandle=4) returned 0xe0 [0207.874] SetFilePointer (in: hFile=0xe0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0207.874] _get_osfhandle (_FileHandle=3) returned 0xdc [0207.874] GetFileSize (in: hFile=0xdc, lpFileSizeHigh=0x2b9e9d0 | out: lpFileSizeHigh=0x2b9e9d0*=0x0) returned 0x4800 [0207.874] _get_osfhandle (_FileHandle=4) returned 0xe0 [0207.874] GetFileSize (in: hFile=0xe0, lpFileSizeHigh=0x2b9e9d4 | out: lpFileSizeHigh=0x2b9e9d4*=0x0) returned 0x4800 [0207.874] _get_osfhandle (_FileHandle=3) returned 0xdc [0207.874] ReadFile (in: hFile=0xdc, lpBuffer=0x2a30000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x2b9e984, lpOverlapped=0x0 | out: lpBuffer=0x2a30000*, lpNumberOfBytesRead=0x2b9e984*=0x4800, lpOverlapped=0x0) returned 1 [0207.875] _get_osfhandle (_FileHandle=4) returned 0xe0 [0207.875] ReadFile (in: hFile=0xe0, lpBuffer=0x2bd0000, nNumberOfBytesToRead=0x4800, lpNumberOfBytesRead=0x2b9e9d8, lpOverlapped=0x0 | out: lpBuffer=0x2bd0000*, lpNumberOfBytesRead=0x2b9e9d8*=0x4800, lpOverlapped=0x0) returned 1 [0207.875] _close (_FileHandle=4) returned 0 [0207.876] _close (_FileHandle=3) returned 0 [0207.876] FindNextFileW (in: hFindFile=0x2ea0d40, lpFindFileData=0x2ea6308 | out: lpFindFileData=0x2ea6308*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52319328, ftCreationTime.dwHighDateTime=0x1d327ca, ftLastAccessTime.dwLowDateTime=0x52319328, ftLastAccessTime.dwHighDateTime=0x1d327ca, ftLastWriteTime.dwLowDateTime=0xe75cff11, ftLastWriteTime.dwHighDateTime=0x1d327cb, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Login Data", cAlternateFileName="")) returned 0 [0207.877] GetLastError () returned 0x12 [0207.877] FindClose (in: hFindFile=0x2ea0d40 | out: hFindFile=0x2ea0d40) returned 1 [0207.877] ??_V@YAXPAX@Z () returned 0x1 [0207.878] ??_V@YAXPAX@Z () returned 0x1 [0207.879] ??_V@YAXPAX@Z () returned 0x1 [0207.882] ??_V@YAXPAX@Z () returned 0x1 [0207.883] _vsnwprintf (in: _Buffer=0x193d10, _BufferCount=0x103, _Format="%9d", _ArgList=0x2b9f254 | out: _Buffer=" 1") returned 9 [0207.884] _get_osfhandle (_FileHandle=1) returned 0x90 [0207.884] GetFileType (hFile=0x90) returned 0x2 [0207.884] GetStdHandle (nStdHandle=0xfffffff5) returned 0x90 [0207.884] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x2b9f1b0 | out: lpMode=0x2b9f1b0) returned 1 [0207.996] _get_osfhandle (_FileHandle=1) returned 0x90 [0207.996] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x90, lpConsoleScreenBufferInfo=0x2b9f200 | out: lpConsoleScreenBufferInfo=0x2b9f200) returned 1 [0208.087] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2336, dwLanguageId=0x0, lpBuffer=0x18b990, nSize=0x2000, Arguments=0x0 | out: lpBuffer="%1 file(s) copied.\r\n") returned 0x14 [0208.162] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2336, dwLanguageId=0x0, lpBuffer=0x18b990, nSize=0x2000, Arguments=0x2b9f230 | out: lpBuffer=" 1 file(s) copied.\r\n") returned 0x1b [0208.162] WriteConsoleW (in: hConsoleOutput=0x90, lpBuffer=0x18b990*, nNumberOfCharsToWrite=0x1b, lpNumberOfCharsWritten=0x2b9f1e4, lpReserved=0x0 | out: lpBuffer=0x18b990*, lpNumberOfCharsWritten=0x2b9f1e4*=0x1b) returned 1 [0208.228] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x27, ProcessInformation=0x2b9f26c, ProcessInformationLength=0x4) returned 0x0 [0208.228] ??_V@YAXPAX@Z () returned 0x1 [0208.231] _get_osfhandle (_FileHandle=1) returned 0x90 [0208.231] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0208.321] _get_osfhandle (_FileHandle=1) returned 0x90 [0208.321] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x183890 | out: lpMode=0x183890) returned 1 [0208.416] _get_osfhandle (_FileHandle=0) returned 0x8c [0208.416] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0x183894 | out: lpMode=0x183894) returned 1 [0208.509] SetConsoleInputExeNameW () returned 0x1 [0208.509] GetConsoleOutputCP () returned 0x1b5 [0208.712] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x183850 | out: lpCPInfo=0x183850) returned 1 [0208.712] SetThreadUILanguage (LangId=0x0) returned 0x2c10409 [0208.806] exit (_Code=0) [0208.806] ??_V@YAXPAX@Z () returned 0x1 Thread: id = 204 os_tid = 0x13c8 Process: id = "10" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2d8a5000" os_pid = "0x13cc" os_integrity_level = "0x2000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x1300" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 201 os_tid = 0x1240 Thread: id = 202 os_tid = 0x11b4 Thread: id = 203 os_tid = 0x13e8 Process: id = "11" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x22928000" os_pid = "0x120c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x2a4" cmd_line = "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:000c80f7" [0xc000000f] Thread: id = 211 os_tid = 0x4b0 Thread: id = 212 os_tid = 0x390 Thread: id = 215 os_tid = 0x1380 Thread: id = 216 os_tid = 0xa20 Thread: id = 217 os_tid = 0x1204 Thread: id = 218 os_tid = 0x1160 Thread: id = 219 os_tid = 0xd14 Thread: id = 220 os_tid = 0x1034 Thread: id = 221 os_tid = 0xd1c Thread: id = 223 os_tid = 0x135c Process: id = "12" image_name = "3dftp.exe" filename = "c:\\program files (x86)\\windows sidebar\\3dftp.exe" page_root = "0x63398000" os_pid = "0xab0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\3dftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 225 os_tid = 0xddc Process: id = "13" image_name = "absolutetelnet.exe" filename = "c:\\program files (x86)\\mozilla maintenance service\\absolutetelnet.exe" page_root = "0x6b082000" os_pid = "0x60" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\absolutetelnet.exe\" " cur_dir = "C:\\Program Files (x86)\\Mozilla Maintenance Service\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 227 os_tid = 0xbd8 Process: id = "14" image_name = "alftp.exe" filename = "c:\\program files\\windows mail\\alftp.exe" page_root = "0x50aab000" os_pid = "0xb90" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\Windows Mail\\alftp.exe\" " cur_dir = "C:\\Program Files\\Windows Mail\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 228 os_tid = 0xb68 Process: id = "15" image_name = "barca.exe" filename = "c:\\program files\\windowspowershell\\barca.exe" page_root = "0x66c64000" os_pid = "0xce0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\WindowsPowerShell\\barca.exe\" " cur_dir = "C:\\Program Files\\WindowsPowerShell\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 231 os_tid = 0xdf0 Process: id = "16" image_name = "bitkinex.exe" filename = "c:\\program files\\windows photo viewer\\bitkinex.exe" page_root = "0x6addf000" os_pid = "0xdc8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\Windows Photo Viewer\\bitkinex.exe\" " cur_dir = "C:\\Program Files\\Windows Photo Viewer\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 232 os_tid = 0xdd4 Process: id = "17" image_name = "coreftp.exe" filename = "c:\\program files (x86)\\windows sidebar\\coreftp.exe" page_root = "0x3e9f2000" os_pid = "0xdb8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\coreftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 234 os_tid = 0xbb0 Process: id = "18" image_name = "far.exe" filename = "c:\\program files (x86)\\reference assemblies\\far.exe" page_root = "0x4d786000" os_pid = "0x6ec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Reference Assemblies\\far.exe\" " cur_dir = "C:\\Program Files (x86)\\Reference Assemblies\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 235 os_tid = 0x888 Process: id = "19" image_name = "filezilla.exe" filename = "c:\\program files\\common files\\filezilla.exe" page_root = "0x67991000" os_pid = "0x6d8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\Common Files\\filezilla.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 236 os_tid = 0xc1c Process: id = "20" image_name = "flashfxp.exe" filename = "c:\\program files\\reference assemblies\\flashfxp.exe" page_root = "0x687bf000" os_pid = "0xa94" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\Reference Assemblies\\flashfxp.exe\" " cur_dir = "C:\\Program Files\\Reference Assemblies\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 237 os_tid = 0xafc Process: id = "21" image_name = "fling.exe" filename = "c:\\program files (x86)\\windowspowershell\\fling.exe" page_root = "0x696c4000" os_pid = "0xe08" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\fling.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 238 os_tid = 0xdf8 Process: id = "22" image_name = "gmailnotifierpro.exe" filename = "c:\\program files (x86)\\windows defender\\gmailnotifierpro.exe" page_root = "0x5ea7b000" os_pid = "0xcb8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Windows Defender\\gmailnotifierpro.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Defender\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 239 os_tid = 0xa08 Process: id = "23" image_name = "icq.exe" filename = "c:\\program files\\windowspowershell\\icq.exe" page_root = "0x6c68c000" os_pid = "0xa6c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\WindowsPowerShell\\icq.exe\" " cur_dir = "C:\\Program Files\\WindowsPowerShell\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 240 os_tid = 0x1ec Process: id = "24" image_name = "leechftp.exe" filename = "c:\\program files (x86)\\internet explorer\\leechftp.exe" page_root = "0x6342e000" os_pid = "0x2d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\leechftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 241 os_tid = 0x310 Process: id = "25" image_name = "ncftp.exe" filename = "c:\\program files\\windows defender advanced threat protection\\ncftp.exe" page_root = "0x6d036000" os_pid = "0x3b8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\ncftp.exe\" " cur_dir = "C:\\Program Files\\Windows Defender Advanced Threat Protection\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 242 os_tid = 0x3cc Process: id = "26" image_name = "notepad.exe" filename = "c:\\program files (x86)\\microsoft.net\\notepad.exe" page_root = "0x6ab0d000" os_pid = "0xdec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Microsoft.NET\\notepad.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft.NET\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 243 os_tid = 0x55c Process: id = "27" image_name = "operamail.exe" filename = "c:\\program files (x86)\\mozilla maintenance service\\operamail.exe" page_root = "0x62776000" os_pid = "0x6a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\operamail.exe\" " cur_dir = "C:\\Program Files (x86)\\Mozilla Maintenance Service\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 244 os_tid = 0x6c4 Process: id = "28" image_name = "outlook.exe" filename = "c:\\program files (x86)\\windows sidebar\\outlook.exe" page_root = "0x68fb9000" os_pid = "0x7b8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\outlook.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 245 os_tid = 0x908 Process: id = "29" image_name = "pidgin.exe" filename = "c:\\program files\\windowspowershell\\pidgin.exe" page_root = "0x68562000" os_pid = "0x84" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\WindowsPowerShell\\pidgin.exe\" " cur_dir = "C:\\Program Files\\WindowsPowerShell\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 246 os_tid = 0xf0 Process: id = "30" image_name = "scriptftp.exe" filename = "c:\\program files (x86)\\windowspowershell\\scriptftp.exe" page_root = "0x7c05d000" os_pid = "0xedc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\scriptftp.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 247 os_tid = 0xeec