# Flog Txt Version 1
# Analyzer Version: 2023.1.0
# Analyzer Build Date: Jan 31 2023 05:27:17
# Log Creation Date: 16.03.2023 23:52:19.443
Process:
id = "1"
image_name = "221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
page_root = "0x4d2cd000"
os_pid = "0xd2c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x76c"
cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe\" "
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f188" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 118
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 119
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 120
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 121
start_va = 0x90000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 122
start_va = 0x190000
end_va = 0x193fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 123
start_va = 0x1a0000
end_va = 0x1a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 124
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 125
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 126
start_va = 0xda0000
end_va = 0xe63fff
monitored = 1
entry_point = 0xe5cd7e
region_type = mapped_file
name = "221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe")
Region:
id = 127
start_va = 0xe70000
end_va = 0xe71fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 128
start_va = 0x770a0000
end_va = 0x7721afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 129
start_va = 0x7edc0000
end_va = 0x7ede2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007edc0000"
filename = ""
Region:
id = 130
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 131
start_va = 0x7fff0000
end_va = 0x7ff871dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 132
start_va = 0x7ff871e00000
end_va = 0x7ff871fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 133
start_va = 0x7ff871fc1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ff871fc1000"
filename = ""
Region:
id = 272
start_va = 0x400000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 273
start_va = 0x53800000
end_va = 0x5384ffff
monitored = 0
entry_point = 0x53818180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 274
start_va = 0x53850000
end_va = 0x538c9fff
monitored = 0
entry_point = 0x53863290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 275
start_va = 0x75a70000
end_va = 0x75b4ffff
monitored = 0
entry_point = 0x75a83980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 276
start_va = 0x537f0000
end_va = 0x537f7fff
monitored = 0
entry_point = 0x537f17c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 277
start_va = 0xe80000
end_va = 0x103ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e80000"
filename = ""
Region:
id = 278
start_va = 0x6f940000
end_va = 0x6f998fff
monitored = 1
entry_point = 0x6f950780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 279
start_va = 0x75a70000
end_va = 0x75b4ffff
monitored = 0
entry_point = 0x75a83980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 280
start_va = 0x75250000
end_va = 0x753cdfff
monitored = 0
entry_point = 0x75301b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 281
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 282
start_va = 0x7ecc0000
end_va = 0x7edbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ecc0000"
filename = ""
Region:
id = 283
start_va = 0x400000
end_va = 0x4bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 284
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 285
start_va = 0xe70000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 286
start_va = 0xef0000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 287
start_va = 0xf40000
end_va = 0x103ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 288
start_va = 0x73d20000
end_va = 0x73db1fff
monitored = 0
entry_point = 0x73d60380
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 289
start_va = 0x7e910000
end_va = 0x7ecb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb")
Region:
id = 290
start_va = 0xe70000
end_va = 0xe73fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 291
start_va = 0x75820000
end_va = 0x7589afff
monitored = 0
entry_point = 0x7583e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 292
start_va = 0x75cf0000
end_va = 0x75dadfff
monitored = 0
entry_point = 0x75d25630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 293
start_va = 0x1c0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 294
start_va = 0x530000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 295
start_va = 0x75520000
end_va = 0x75563fff
monitored = 0
entry_point = 0x75539d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 296
start_va = 0x76650000
end_va = 0x766fcfff
monitored = 0
entry_point = 0x76664f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 297
start_va = 0x73dd0000
end_va = 0x73dedfff
monitored = 0
entry_point = 0x73ddb640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 298
start_va = 0x73dc0000
end_va = 0x73dc9fff
monitored = 0
entry_point = 0x73dc2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 299
start_va = 0x767a0000
end_va = 0x767f7fff
monitored = 0
entry_point = 0x767e25c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 300
start_va = 0x1040000
end_va = 0x11affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001040000"
filename = ""
Region:
id = 301
start_va = 0x6f670000
end_va = 0x6f6ecfff
monitored = 1
entry_point = 0x6f680db0
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 302
start_va = 0x75bb0000
end_va = 0x75bf4fff
monitored = 0
entry_point = 0x75bcde90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 303
start_va = 0x758a0000
end_va = 0x75a5cfff
monitored = 0
entry_point = 0x75982a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 304
start_va = 0x75db0000
end_va = 0x75efefff
monitored = 0
entry_point = 0x75e66820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 305
start_va = 0x753d0000
end_va = 0x75516fff
monitored = 0
entry_point = 0x753e1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 306
start_va = 0x630000
end_va = 0x7b7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000630000"
filename = ""
Region:
id = 307
start_va = 0xe80000
end_va = 0xea9fff
monitored = 0
entry_point = 0xe85680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 308
start_va = 0x757f0000
end_va = 0x7581afff
monitored = 0
entry_point = 0x757f5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 309
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 310
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 311
start_va = 0x7c0000
end_va = 0x940fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007c0000"
filename = ""
Region:
id = 312
start_va = 0x11b0000
end_va = 0x25affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000011b0000"
filename = ""
Region:
id = 313
start_va = 0x1040000
end_va = 0x10fffff
monitored = 1
entry_point = 0x10fcd7e
region_type = mapped_file
name = "221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe")
Region:
id = 314
start_va = 0x11a0000
end_va = 0x11affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011a0000"
filename = ""
Region:
id = 315
start_va = 0x75a60000
end_va = 0x75a6bfff
monitored = 0
entry_point = 0x75a63930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 316
start_va = 0x6f930000
end_va = 0x6f937fff
monitored = 0
entry_point = 0x6f9317b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 317
start_va = 0x6ef80000
end_va = 0x6f660fff
monitored = 1
entry_point = 0x6efacd70
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 318
start_va = 0x6ee80000
end_va = 0x6ef74fff
monitored = 0
entry_point = 0x6eed4160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 319
start_va = 0xe80000
end_va = 0xe80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e80000"
filename = ""
Region:
id = 320
start_va = 0xe90000
end_va = 0xe9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e90000"
filename = ""
Region:
id = 321
start_va = 0xea0000
end_va = 0xeaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ea0000"
filename = ""
Region:
id = 322
start_va = 0xeb0000
end_va = 0xebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000eb0000"
filename = ""
Region:
id = 323
start_va = 0xec0000
end_va = 0xecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ec0000"
filename = ""
Region:
id = 324
start_va = 0xed0000
end_va = 0xedffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ed0000"
filename = ""
Region:
id = 325
start_va = 0xee0000
end_va = 0xeeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 326
start_va = 0xf00000
end_va = 0xf00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 327
start_va = 0xf10000
end_va = 0xf10fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 328
start_va = 0x1040000
end_va = 0x115ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001040000"
filename = ""
Region:
id = 329
start_va = 0x25b0000
end_va = 0x278ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 330
start_va = 0x4d0000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 331
start_va = 0x950000
end_va = 0xa4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 332
start_va = 0xf20000
end_va = 0xf2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 333
start_va = 0x2790000
end_va = 0x478ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 334
start_va = 0x1040000
end_va = 0x10dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001040000"
filename = ""
Region:
id = 335
start_va = 0x1150000
end_va = 0x115ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001150000"
filename = ""
Region:
id = 336
start_va = 0xa50000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 337
start_va = 0xa90000
end_va = 0xb8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a90000"
filename = ""
Region:
id = 338
start_va = 0x4790000
end_va = 0x4ac6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 339
start_va = 0x6dbc0000
end_va = 0x6ee71fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")
Region:
id = 340
start_va = 0x76fb0000
end_va = 0x7709afff
monitored = 0
entry_point = 0x76fed650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 341
start_va = 0x25b0000
end_va = 0x2640fff
monitored = 0
entry_point = 0x25e8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 342
start_va = 0x2780000
end_va = 0x278ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 343
start_va = 0x73ca0000
end_va = 0x73d14fff
monitored = 0
entry_point = 0x73cd9a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 344
start_va = 0x4ad0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 345
start_va = 0xf20000
end_va = 0xf2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 346
start_va = 0x6db40000
end_va = 0x6dbbffff
monitored = 1
entry_point = 0x6db41180
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 347
start_va = 0x76700000
end_va = 0x76791fff
monitored = 0
entry_point = 0x76738cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 348
start_va = 0xf30000
end_va = 0xf3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f30000"
filename = ""
Region:
id = 349
start_va = 0x6d170000
end_va = 0x6db3bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")
Region:
id = 350
start_va = 0x6cfe0000
end_va = 0x6d16efff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")
Region:
id = 351
start_va = 0x6c370000
end_va = 0x6cfd6fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")
Region:
id = 352
start_va = 0x10e0000
end_va = 0x10e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000010e0000"
filename = ""
Region:
id = 353
start_va = 0x510000
end_va = 0x511fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 354
start_va = 0x10e0000
end_va = 0x10effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010e0000"
filename = ""
Region:
id = 355
start_va = 0x10f0000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010f0000"
filename = ""
Region:
id = 356
start_va = 0x25b0000
end_va = 0x263efff
monitored = 0
entry_point = 0x25bdd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 357
start_va = 0x6c2d0000
end_va = 0x6c361fff
monitored = 0
entry_point = 0x6c2ddd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 358
start_va = 0x10f0000
end_va = 0x110ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010f0000"
filename = ""
Region:
id = 359
start_va = 0x10f0000
end_va = 0x10f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000010f0000"
filename = ""
Region:
id = 360
start_va = 0x1100000
end_va = 0x110ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 361
start_va = 0x25b0000
end_va = 0x266bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000025b0000"
filename = ""
Region:
id = 362
start_va = 0x10f0000
end_va = 0x10f3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000010f0000"
filename = ""
Region:
id = 363
start_va = 0x1110000
end_va = 0x1113fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001110000"
filename = ""
Region:
id = 364
start_va = 0x4cc0000
end_va = 0x4ecafff
monitored = 0
entry_point = 0x4d6b0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 365
start_va = 0x72c00000
end_va = 0x72e0efff
monitored = 0
entry_point = 0x72cab0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 366
start_va = 0x1120000
end_va = 0x1120fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 367
start_va = 0xb90000
end_va = 0xb91fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b90000"
filename = ""
Region:
id = 368
start_va = 0x2670000
end_va = 0x26cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 369
start_va = 0x73c80000
end_va = 0x73c9cfff
monitored = 0
entry_point = 0x73c83b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 370
start_va = 0x1120000
end_va = 0x112ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 371
start_va = 0x1130000
end_va = 0x113ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001130000"
filename = ""
Region:
id = 372
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 373
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 374
start_va = 0x1160000
end_va = 0x116ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001160000"
filename = ""
Region:
id = 375
start_va = 0x1170000
end_va = 0x117ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001170000"
filename = ""
Region:
id = 376
start_va = 0x1180000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 377
start_va = 0x1190000
end_va = 0x119ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 378
start_va = 0x2670000
end_va = 0x267ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 379
start_va = 0x26c0000
end_va = 0x26cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 380
start_va = 0x2680000
end_va = 0x268ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 381
start_va = 0x2690000
end_va = 0x269ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 382
start_va = 0x26a0000
end_va = 0x26affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 383
start_va = 0x26b0000
end_va = 0x26bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 384
start_va = 0x26d0000
end_va = 0x26dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 385
start_va = 0x26e0000
end_va = 0x26effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 386
start_va = 0x26f0000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 387
start_va = 0x2700000
end_va = 0x271ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 388
start_va = 0x2720000
end_va = 0x272ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 389
start_va = 0x2730000
end_va = 0x273ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 390
start_va = 0x2740000
end_va = 0x274ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 391
start_va = 0x2750000
end_va = 0x275ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 392
start_va = 0x2760000
end_va = 0x276ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 393
start_va = 0x2770000
end_va = 0x277ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 394
start_va = 0x4ad0000
end_va = 0x4adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 395
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 396
start_va = 0x4ae0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 397
start_va = 0x4af0000
end_va = 0x4afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004af0000"
filename = ""
Region:
id = 398
start_va = 0x4b00000
end_va = 0x4b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b00000"
filename = ""
Region:
id = 399
start_va = 0x4b10000
end_va = 0x4b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b10000"
filename = ""
Region:
id = 400
start_va = 0x4b20000
end_va = 0x4b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b20000"
filename = ""
Region:
id = 401
start_va = 0x6c160000
end_va = 0x6c2cafff
monitored = 0
entry_point = 0x6c1ce360
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll")
Region:
id = 402
start_va = 0x4ad0000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 403
start_va = 0xba0000
end_va = 0xbdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 404
start_va = 0xbe0000
end_va = 0xcdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000be0000"
filename = ""
Region:
id = 405
start_va = 0x76e80000
end_va = 0x76f9efff
monitored = 0
entry_point = 0x76ec5980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 406
start_va = 0x70a40000
end_va = 0x70c30fff
monitored = 0
entry_point = 0x70b23cd0
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll")
Region:
id = 407
start_va = 0x2670000
end_va = 0x26b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 408
start_va = 0x1120000
end_va = 0x1123fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 409
start_va = 0x4cc0000
end_va = 0x5cbffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 410
start_va = 0x1130000
end_va = 0x1133fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001130000"
filename = ""
Region:
id = 411
start_va = 0x4ad0000
end_va = 0x4bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ad0000"
filename = ""
Region:
id = 412
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 413
start_va = 0x5cc0000
end_va = 0x5dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cc0000"
filename = ""
Region:
id = 414
start_va = 0x5dc0000
end_va = 0x62b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005dc0000"
filename = ""
Region:
id = 415
start_va = 0x62c0000
end_va = 0x637cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 416
start_va = 0x6380000
end_va = 0x677ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006380000"
filename = ""
Region:
id = 417
start_va = 0x6780000
end_va = 0x77bffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 418
start_va = 0x26d0000
end_va = 0x2731fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 419
start_va = 0x1160000
end_va = 0x1177fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001160000"
filename = ""
Region:
id = 420
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 421
start_va = 0x1180000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 422
start_va = 0xce0000
end_va = 0xd1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ce0000"
filename = ""
Region:
id = 423
start_va = 0x77c0000
end_va = 0x78bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000077c0000"
filename = ""
Region:
id = 424
start_va = 0xd20000
end_va = 0xd5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d20000"
filename = ""
Region:
id = 425
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 426
start_va = 0x78c0000
end_va = 0x79bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000078c0000"
filename = ""
Region:
id = 427
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 428
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 429
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 430
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 431
start_va = 0x1140000
end_va = 0x114ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001140000"
filename = ""
Region:
id = 432
start_va = 0x1180000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 433
start_va = 0x1140000
end_va = 0x1145fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001140000"
filename = ""
Region:
id = 434
start_va = 0x1180000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 435
start_va = 0x1180000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 436
start_va = 0x1190000
end_va = 0x119ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 437
start_va = 0x2740000
end_va = 0x274ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 438
start_va = 0x4bd0000
end_va = 0x4c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bd0000"
filename = ""
Region:
id = 439
start_va = 0x79c0000
end_va = 0x7a4dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000079c0000"
filename = ""
Region:
id = 440
start_va = 0x6bfe0000
end_va = 0x6c152fff
monitored = 0
entry_point = 0x6c08d220
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 441
start_va = 0x7a50000
end_va = 0x7aeafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a50000"
filename = ""
Region:
id = 442
start_va = 0x2750000
end_va = 0x277ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 443
start_va = 0x2750000
end_va = 0x275ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002750000"
filename = ""
Region:
id = 444
start_va = 0x2760000
end_va = 0x276ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002760000"
filename = ""
Region:
id = 445
start_va = 0x2770000
end_va = 0x277ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002770000"
filename = ""
Region:
id = 446
start_va = 0x4c50000
end_va = 0x4c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c50000"
filename = ""
Region:
id = 447
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 448
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 449
start_va = 0x4c90000
end_va = 0x4c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c90000"
filename = ""
Region:
id = 450
start_va = 0x7af0000
end_va = 0x7b89fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007af0000"
filename = ""
Region:
id = 451
start_va = 0x4c50000
end_va = 0x4c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c50000"
filename = ""
Region:
id = 452
start_va = 0x7c30000
end_va = 0x7ccbfff
monitored = 1
entry_point = 0x7cbe9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 453
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 454
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 455
start_va = 0x4ca0000
end_va = 0x4caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 456
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 457
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 458
start_va = 0x7b90000
end_va = 0x7b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b90000"
filename = ""
Region:
id = 459
start_va = 0x7ba0000
end_va = 0x7baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ba0000"
filename = ""
Region:
id = 460
start_va = 0x7bb0000
end_va = 0x7bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bb0000"
filename = ""
Region:
id = 461
start_va = 0x7bc0000
end_va = 0x7bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bc0000"
filename = ""
Region:
id = 462
start_va = 0x7bd0000
end_va = 0x7bdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bd0000"
filename = ""
Region:
id = 463
start_va = 0x7be0000
end_va = 0x7beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007be0000"
filename = ""
Region:
id = 464
start_va = 0x7bf0000
end_va = 0x7bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bf0000"
filename = ""
Region:
id = 465
start_va = 0x7c00000
end_va = 0x7c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c00000"
filename = ""
Region:
id = 466
start_va = 0x7c10000
end_va = 0x7c1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c10000"
filename = ""
Region:
id = 467
start_va = 0x7c20000
end_va = 0x7c2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c20000"
filename = ""
Region:
id = 468
start_va = 0x7cd0000
end_va = 0x7cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cd0000"
filename = ""
Region:
id = 469
start_va = 0x7ce0000
end_va = 0x7ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ce0000"
filename = ""
Region:
id = 470
start_va = 0x7cf0000
end_va = 0x7cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cf0000"
filename = ""
Region:
id = 471
start_va = 0x7d00000
end_va = 0x7d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d00000"
filename = ""
Region:
id = 472
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 473
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 474
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 475
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 476
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 477
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 478
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 479
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 480
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 481
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 482
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 483
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 484
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 485
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 486
start_va = 0x7b90000
end_va = 0x7b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b90000"
filename = ""
Region:
id = 487
start_va = 0xd60000
end_va = 0xd9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d60000"
filename = ""
Region:
id = 488
start_va = 0x7cd0000
end_va = 0x7dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cd0000"
filename = ""
Region:
id = 489
start_va = 0x4c60000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 490
start_va = 0x73df0000
end_va = 0x751eefff
monitored = 0
entry_point = 0x73fab990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 491
start_va = 0x757b0000
end_va = 0x757e6fff
monitored = 0
entry_point = 0x757b3b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 492
start_va = 0x76980000
end_va = 0x76e78fff
monitored = 0
entry_point = 0x76b87610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 493
start_va = 0x75570000
end_va = 0x755fcfff
monitored = 0
entry_point = 0x755b9b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 494
start_va = 0x76070000
end_va = 0x760b3fff
monitored = 0
entry_point = 0x76077410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 495
start_va = 0x75f00000
end_va = 0x75f0efff
monitored = 0
entry_point = 0x75f02e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 496
start_va = 0x7dd0000
end_va = 0x7ecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007dd0000"
filename = ""
Region:
id = 497
start_va = 0x4c60000
end_va = 0x4c60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004c60000"
filename = ""
Region:
id = 498
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 499
start_va = 0x6bfb0000
end_va = 0x6bfd7fff
monitored = 0
entry_point = 0x6bfb7820
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 500
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 501
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 502
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 503
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 504
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 505
start_va = 0x6bf30000
end_va = 0x6bfa0fff
monitored = 0
entry_point = 0x6bf869e0
region_type = mapped_file
name = "efswrt.dll"
filename = "\\Windows\\SysWOW64\\efswrt.dll" (normalized: "c:\\windows\\syswow64\\efswrt.dll")
Region:
id = 506
start_va = 0x6fcd0000
end_va = 0x6fd97fff
monitored = 0
entry_point = 0x6fd3ae90
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll")
Region:
id = 507
start_va = 0x6bee0000
end_va = 0x6bf28fff
monitored = 0
entry_point = 0x6bee6450
region_type = mapped_file
name = "edputil.dll"
filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll")
Region:
id = 508
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 509
start_va = 0x4c70000
end_va = 0x4c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c70000"
filename = ""
Region:
id = 510
start_va = 0x7b90000
end_va = 0x7bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b90000"
filename = ""
Region:
id = 511
start_va = 0x7ed0000
end_va = 0x7fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ed0000"
filename = ""
Region:
id = 512
start_va = 0x6fb30000
end_va = 0x6fc7afff
monitored = 0
entry_point = 0x6fb91660
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 513
start_va = 0x7bd0000
end_va = 0x7c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bd0000"
filename = ""
Region:
id = 514
start_va = 0x7fd0000
end_va = 0x80cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007fd0000"
filename = ""
Region:
id = 515
start_va = 0x4c70000
end_va = 0x4c70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004c70000"
filename = ""
Region:
id = 516
start_va = 0x75620000
end_va = 0x756a3fff
monitored = 0
entry_point = 0x75646220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 517
start_va = 0x6f6f0000
end_va = 0x6f90bfff
monitored = 0
entry_point = 0x6f8bbc40
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll")
Region:
id = 518
start_va = 0x7c10000
end_va = 0x7c10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007c10000"
filename = ""
Region:
id = 519
start_va = 0x80d0000
end_va = 0x810ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000080d0000"
filename = ""
Region:
id = 520
start_va = 0x8110000
end_va = 0x820ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008110000"
filename = ""
Region:
id = 521
start_va = 0x7c20000
end_va = 0x7c23fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 522
start_va = 0x8210000
end_va = 0x822afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db")
Region:
id = 523
start_va = 0x8230000
end_va = 0x8230fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008230000"
filename = ""
Region:
id = 524
start_va = 0x7c20000
end_va = 0x7c23fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 525
start_va = 0x8240000
end_va = 0x8284fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 526
start_va = 0x8290000
end_va = 0x8293fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 527
start_va = 0x82a0000
end_va = 0x832dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 528
start_va = 0x8330000
end_va = 0x8340fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui")
Region:
id = 529
start_va = 0x8350000
end_va = 0x838ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008350000"
filename = ""
Region:
id = 530
start_va = 0x8390000
end_va = 0x848ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008390000"
filename = ""
Region:
id = 531
start_va = 0x71650000
end_va = 0x717cdfff
monitored = 0
entry_point = 0x716cc630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 532
start_va = 0x739b0000
end_va = 0x73c7afff
monitored = 0
entry_point = 0x73bec4c0
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 533
start_va = 0x8490000
end_va = 0x8490fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008490000"
filename = ""
Region:
id = 1187
start_va = 0x7b90000
end_va = 0x7b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b90000"
filename = ""
Region:
id = 1188
start_va = 0x7ba0000
end_va = 0x7baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ba0000"
filename = ""
Region:
id = 1190
start_va = 0x7bb0000
end_va = 0x7bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bb0000"
filename = ""
Region:
id = 1192
start_va = 0x7b90000
end_va = 0x7b93fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007b90000"
filename = ""
Region:
id = 1194
start_va = 0x7ba0000
end_va = 0x7baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ba0000"
filename = ""
Region:
id = 1195
start_va = 0x7bc0000
end_va = 0x7bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bc0000"
filename = ""
Region:
id = 1196
start_va = 0x7ed0000
end_va = 0x7edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ed0000"
filename = ""
Region:
id = 1197
start_va = 0x7ee0000
end_va = 0x7eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ee0000"
filename = ""
Region:
id = 1198
start_va = 0x7ef0000
end_va = 0x7efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ef0000"
filename = ""
Region:
id = 1199
start_va = 0x7f00000
end_va = 0x7f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f00000"
filename = ""
Region:
id = 1200
start_va = 0x7f10000
end_va = 0x7f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f10000"
filename = ""
Region:
id = 1201
start_va = 0x7f20000
end_va = 0x7f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f20000"
filename = ""
Region:
id = 1202
start_va = 0x7f30000
end_va = 0x7f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f30000"
filename = ""
Region:
id = 1203
start_va = 0x7f40000
end_va = 0x7f4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f40000"
filename = ""
Region:
id = 1204
start_va = 0x7f50000
end_va = 0x7f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f50000"
filename = ""
Region:
id = 1205
start_va = 0x7f60000
end_va = 0x7f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f60000"
filename = ""
Region:
id = 1206
start_va = 0x7f70000
end_va = 0x7f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f70000"
filename = ""
Region:
id = 1208
start_va = 0x7f80000
end_va = 0x7f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f80000"
filename = ""
Region:
id = 1209
start_va = 0x7f90000
end_va = 0x7f9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f90000"
filename = ""
Region:
id = 1210
start_va = 0x7fa0000
end_va = 0x7faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007fa0000"
filename = ""
Region:
id = 1211
start_va = 0x7fb0000
end_va = 0x7fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007fb0000"
filename = ""
Region:
id = 1212
start_va = 0x7ed0000
end_va = 0x7ef4fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007ed0000"
filename = ""
Region:
id = 1213
start_va = 0x7ba0000
end_va = 0x7baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ba0000"
filename = ""
Region:
id = 1214
start_va = 0x7ba0000
end_va = 0x7baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ba0000"
filename = ""
Region:
id = 1215
start_va = 0x7bc0000
end_va = 0x7bcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007bc0000"
filename = ""
Region:
id = 1216
start_va = 0x7f00000
end_va = 0x7f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f00000"
filename = ""
Region:
id = 1217
start_va = 0x7f10000
end_va = 0x7f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f10000"
filename = ""
Region:
id = 1218
start_va = 0x7f20000
end_va = 0x7f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f20000"
filename = ""
Region:
id = 1219
start_va = 0x7f30000
end_va = 0x7f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f30000"
filename = ""
Region:
id = 1273
start_va = 0x7f00000
end_va = 0x7f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f00000"
filename = ""
Region:
id = 1274
start_va = 0x84a0000
end_va = 0x859ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000084a0000"
filename = ""
Region:
id = 1276
start_va = 0x7f40000
end_va = 0x7f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f40000"
filename = ""
Region:
id = 1277
start_va = 0x85a0000
end_va = 0x869ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085a0000"
filename = ""
Thread:
id = 1
os_tid = 0xd28
[0124.112] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0124.236] RoInitialize () returned 0x1
[0124.236] RoUninitialize () returned 0x0
[0126.231] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x18dcd8 | out: phkResult=0x18dcd8*=0x0) returned 0x2
[0126.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x18ed54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0126.260] IsAppThemed () returned 0x1
[0126.264] CoTaskMemAlloc (cb=0xf0) returned 0xfa3fa0
[0126.264] CreateActCtxA (pActCtx=0x18f298) returned 0xfa4194
[0126.389] CoTaskMemFree (pv=0xfa3fa0)
[0126.413] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1db
[0126.413] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1dc
[0126.533] GetSystemMetrics (nIndex=75) returned 1
[0126.542] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0126.640] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6c2d0000
[0126.777] AdjustWindowRectEx (in: lpRect=0x18f27c, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x18f27c) returned 1
[0126.779] GetCurrentProcess () returned 0xffffffff
[0126.779] GetCurrentThread () returned 0xfffffffe
[0126.779] GetCurrentProcess () returned 0xffffffff
[0126.779] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x18f194, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x18f194*=0x270) returned 1
[0126.782] GetCurrentThreadId () returned 0xd28
[0126.840] GetCurrentActCtx (in: lphActCtx=0x18f0f4 | out: lphActCtx=0x18f0f4*=0x0) returned 1
[0126.841] ActivateActCtx (in: hActCtx=0xfa4194, lpCookie=0x18f104 | out: hActCtx=0xfa4194, lpCookie=0x18f104) returned 1
[0126.841] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0126.862] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x72c00000
[0126.883] GetModuleHandleW (lpModuleName="user32.dll") returned 0x753d0000
[0126.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x18efb8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWWl/÷t#(úønðô\x18", lpUsedDefaultChar=0x0) returned 14
[0126.883] GetProcAddress (hModule=0x753d0000, lpProcName="DefWindowProcW") returned 0x73d507e0
[0126.884] GetStockObject (i=5) returned 0x1900015
[0126.889] GetModuleHandleW (lpModuleName=0x0) returned 0xda0000
[0126.894] CoTaskMemAlloc (cb=0x5c) returned 0xf9f220
[0126.894] RegisterClassW (lpWndClass=0x18efa8) returned 0xc1d7
[0126.895] CoTaskMemFree (pv=0xf9f220)
[0126.895] GetModuleHandleW (lpModuleName=0x0) returned 0xda0000
[0126.896] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xda0000, lpParam=0x0) returned 0xc003e
[0126.898] SetWindowLongW (hWnd=0xc003e, nIndex=-4, dwNewLong=1943341024) returned 40633790
[0126.901] GetWindowLongW (hWnd=0xc003e, nIndex=-4) returned 1943341024
[0126.903] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e80c | out: phkResult=0x18e80c*=0x28c) returned 0x0
[0126.904] RegQueryValueExW (in: hKey=0x28c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x18e82c, lpData=0x0, lpcbData=0x18e828*=0x0 | out: lpType=0x18e82c*=0x0, lpData=0x0, lpcbData=0x18e828*=0x0) returned 0x2
[0126.904] RegQueryValueExW (in: hKey=0x28c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x18e82c, lpData=0x0, lpcbData=0x18e828*=0x0 | out: lpType=0x18e82c*=0x0, lpData=0x0, lpcbData=0x18e828*=0x0) returned 0x2
[0126.904] RegCloseKey (hKey=0x28c) returned 0x0
[0126.907] SetWindowLongW (hWnd=0xc003e, nIndex=-4, dwNewLong=40633830) returned 1943341024
[0126.907] GetWindowLongW (hWnd=0xc003e, nIndex=-4) returned 40633830
[0126.907] GetWindowLongW (hWnd=0xc003e, nIndex=-16) returned 113311744
[0126.909] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc150
[0126.909] CallWindowProcW (lpPrevWndFunc=0x73d507e0, hWnd=0xc003e, Msg=0x24, wParam=0x0, lParam=0x18eb24) returned 0x0
[0126.910] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1d5
[0126.910] CallWindowProcW (lpPrevWndFunc=0x73d507e0, hWnd=0xc003e, Msg=0x81, wParam=0x0, lParam=0x18eb18) returned 0x1
[0126.912] CallWindowProcW (lpPrevWndFunc=0x73d507e0, hWnd=0xc003e, Msg=0x83, wParam=0x0, lParam=0x18eb04) returned 0x0
[0126.924] CallWindowProcW (lpPrevWndFunc=0x73d507e0, hWnd=0xc003e, Msg=0x1, wParam=0x0, lParam=0x18eb18) returned 0x0
[0126.924] GetClientRect (in: hWnd=0xc003e, lpRect=0x18e844 | out: lpRect=0x18e844) returned 1
[0126.924] GetWindowRect (in: hWnd=0xc003e, lpRect=0x18e844 | out: lpRect=0x18e844) returned 1
[0126.927] GetParent (hWnd=0xc003e) returned 0x0
[0126.927] DeactivateActCtx (dwFlags=0x0, ulCookie=0x14610001) returned 1
[0127.531] EtwEventRegister (in: ProviderId=0x279aad4, EnableCallback=0x26c060e, CallbackContext=0x0, RegHandle=0x279aab0 | out: RegHandle=0x279aab0) returned 0x0
[0127.535] EtwEventSetInformation (RegHandle=0xf8a640, InformationClass=0x28, EventInformation=0x2, InformationLength=0x279aa44) returned 0x0
[0127.544] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.544] AdjustWindowRectEx (in: lpRect=0x18dff4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff4) returned 1
[0127.545] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.545] AdjustWindowRectEx (in: lpRect=0x18dff4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff4) returned 1
[0127.553] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.554] AdjustWindowRectEx (in: lpRect=0x18dfd0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dfd0) returned 1
[0127.557] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.558] AdjustWindowRectEx (in: lpRect=0x18dff0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff0) returned 1
[0127.558] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.558] AdjustWindowRectEx (in: lpRect=0x18dfdc, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dfdc) returned 1
[0127.558] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.558] AdjustWindowRectEx (in: lpRect=0x18dfdc, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dfdc) returned 1
[0127.559] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.559] AdjustWindowRectEx (in: lpRect=0x18dfdc, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dfdc) returned 1
[0127.560] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.561] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0127.564] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0127.564] AdjustWindowRectEx (in: lpRect=0x18dfdc, dwStyle=0x560100cc, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfdc) returned 1
[0127.569] GetSystemDefaultLCID () returned 0x409
[0127.569] GetStockObject (i=17) returned 0x10a0047
[0127.572] GetObjectW (in: h=0x10a0047, c=92, pv=0x18de90 | out: pv=0x18de90) returned 92
[0127.573] GetDC (hWnd=0x0) returned 0x1f0106b9
[0127.601] GdiplusStartup (in: token=0xec5f58, input=0x18d448, output=0x18d498 | out: token=0xec5f58, output=0x18d498) returned 0x0
[0127.633] CoTaskMemAlloc (cb=0x5c) returned 0xf9f080
[0127.916] GdipCreateFontFromLogfontW (hdc=0x1f0106b9, logfont=0xf9f080, font=0x18df58) returned 0x0
[0129.255] CoTaskMemFree (pv=0xf9f080)
[0129.257] CoTaskMemAlloc (cb=0x5c) returned 0xf9eee0
[0129.257] CoTaskMemFree (pv=0xf9eee0)
[0129.257] CoTaskMemAlloc (cb=0x5c) returned 0xf9f358
[0129.258] CoTaskMemFree (pv=0xf9f358)
[0129.258] GdipGetFontUnit (font=0x4c81f08, unit=0x18df24) returned 0x0
[0129.258] GdipGetFontSize (font=0x4c81f08, size=0x18df28) returned 0x0
[0129.258] GdipGetFontStyle (font=0x4c81f08, style=0x18df20) returned 0x0
[0129.258] GdipGetFamily (font=0x4c81f08, family=0x18df1c) returned 0x0
[0129.262] GdipGetFontSize (font=0x4c81f08, size=0x279c374) returned 0x0
[0129.262] ReleaseDC (hWnd=0x0, hDC=0x1f0106b9) returned 1
[0129.262] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.263] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18df40) returned 0x0
[0129.281] GdipGetDpiY (graphics=0x5ccf268, dpi=0x279c47c) returned 0x0
[0129.281] GdipGetFontHeight (font=0x4c81f08, graphics=0x5ccf268, height=0x18df38) returned 0x0
[0129.281] GdipGetEmHeight (family=0x5cc4330, style=0, EmHeight=0x18df40) returned 0x0
[0129.281] GdipGetLineSpacing (family=0x5cc4330, style=0, LineSpacing=0x18df40) returned 0x0
[0129.282] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.297] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.298] GdipCreateFont (fontFamily=0x5cc4330, emSize=0x41040000, style=0, unit=0x3, font=0x279c43c) returned 0x0
[0129.298] GdipGetFontSize (font=0x4c8efc0, size=0x279c440) returned 0x0
[0129.298] GdipDeleteFont (font=0x4c81f08) returned 0x0
[0129.299] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.299] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18df2c) returned 0x0
[0129.300] CoTaskMemAlloc (cb=0x5c) returned 0xf9f220
[0129.319] GdipGetLogFontW (font=0x4c8efc0, graphics=0x5ccf268, logfontW=0xf9f220) returned 0x0
[0129.349] CoTaskMemFree (pv=0xf9f220)
[0129.349] CoTaskMemAlloc (cb=0x5c) returned 0xf9eda8
[0129.349] CoTaskMemFree (pv=0xf9eda8)
[0129.349] CoTaskMemAlloc (cb=0x5c) returned 0xf9f150
[0129.350] CoTaskMemFree (pv=0xf9f150)
[0129.350] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.350] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.350] CoTaskMemAlloc (cb=0x5c) returned 0xf9ec70
[0129.350] CreateFontIndirectW (lplf=0xf9ec70) returned 0x4b0a0932
[0129.350] CoTaskMemFree (pv=0xf9ec70)
[0129.361] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.361] AdjustWindowRectEx (in: lpRect=0x18dff0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff0) returned 1
[0129.362] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.362] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18de34) returned 0x0
[0129.362] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18de2c) returned 0x0
[0129.362] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.362] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.383] GdipGetFamilyName (in: family=0x5cc4330, name=0x18dd40, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0129.385] CreateCompatibleDC (hdc=0x0) returned 0x69010807
[0129.386] GetCurrentObject (hdc=0x69010807, type=0x1) returned 0x1b00017
[0129.386] GetCurrentObject (hdc=0x69010807, type=0x2) returned 0x1900010
[0129.386] GetCurrentObject (hdc=0x69010807, type=0x7) returned 0x185000f
[0129.386] GetCurrentObject (hdc=0x69010807, type=0x6) returned 0x18a0048
[0129.387] SaveDC (hdc=0x69010807) returned 1
[0129.387] GetDeviceCaps (hdc=0x69010807, index=90) returned 96
[0129.388] CoTaskMemAlloc (cb=0x5c) returned 0xf9f288
[0129.388] CreateFontIndirectW (lplf=0xf9f288) returned 0x1a0a092f
[0129.389] CoTaskMemFree (pv=0xf9f288)
[0129.389] GetObjectW (in: h=0x1a0a092f, c=92, pv=0x18dd04 | out: pv=0x18dd04) returned 92
[0129.389] GetCurrentObject (hdc=0x69010807, type=0x6) returned 0x18a0048
[0129.389] GetObjectW (in: h=0x18a0048, c=92, pv=0x18dc64 | out: pv=0x18dc64) returned 92
[0129.390] SelectObject (hdc=0x69010807, h=0x1a0a092f) returned 0x18a0048
[0129.390] GetMapMode (hdc=0x69010807) returned 1
[0129.390] GetTextMetricsW (in: hdc=0x69010807, lptm=0x18dd2c | out: lptm=0x18dd2c) returned 1
[0129.391] DrawTextExW (in: hdc=0x69010807, lpchText="j^", cchText=2, lprc=0x18de38, format=0x420, lpdtp=0x279cf7c | out: lpchText="j^", lprc=0x18de38) returned 13
[0129.459] GetSystemMetrics (nIndex=5) returned 1
[0129.459] GetSystemMetrics (nIndex=6) returned 1
[0129.460] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.460] DrawTextExW (in: hdc=0x69010807, lpchText="j^", cchText=2, lprc=0x18de30, format=0x420, lpdtp=0x279d098 | out: lpchText="j^", lprc=0x18de30) returned 13
[0129.461] GetSystemMetrics (nIndex=5) returned 1
[0129.461] GetSystemMetrics (nIndex=6) returned 1
[0129.461] AdjustWindowRectEx (in: lpRect=0x18dff4, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dff4) returned 1
[0129.461] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.461] AdjustWindowRectEx (in: lpRect=0x18dfd0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dfd0) returned 1
[0129.461] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.461] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.505] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.505] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.505] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.505] AdjustWindowRectEx (in: lpRect=0x18dff4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff4) returned 1
[0129.506] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.506] AdjustWindowRectEx (in: lpRect=0x18dff8, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dff8) returned 1
[0129.508] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.508] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.508] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.508] AdjustWindowRectEx (in: lpRect=0x18dff8, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dff8) returned 1
[0129.508] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.508] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.508] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.508] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.509] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.509] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.510] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.510] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.510] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.510] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.510] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.510] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.510] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.510] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.511] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.511] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.511] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.511] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.511] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.511] AdjustWindowRectEx (in: lpRect=0x18dff0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff0) returned 1
[0129.511] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.512] AdjustWindowRectEx (in: lpRect=0x18dff4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff4) returned 1
[0129.512] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.512] AdjustWindowRectEx (in: lpRect=0x18dff8, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dff8) returned 1
[0129.512] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.512] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.512] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.512] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.513] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.513] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.513] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.513] AdjustWindowRectEx (in: lpRect=0x18dff8, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dff8) returned 1
[0129.513] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.513] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.513] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.514] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.514] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.514] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.514] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.514] AdjustWindowRectEx (in: lpRect=0x18dff8, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dff8) returned 1
[0129.514] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.514] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.514] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.515] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.515] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.515] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.515] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.515] AdjustWindowRectEx (in: lpRect=0x18dff0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff0) returned 1
[0129.515] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.515] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.516] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.516] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.516] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.516] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.516] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.516] AdjustWindowRectEx (in: lpRect=0x18dff0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff0) returned 1
[0129.516] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.516] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.517] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.517] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.517] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.517] GetSystemMetrics (nIndex=5) returned 1
[0129.517] GetSystemMetrics (nIndex=6) returned 1
[0129.518] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.518] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.519] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.519] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.519] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.519] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.519] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.519] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.519] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.524] GetSystemMetrics (nIndex=5) returned 1
[0129.524] GetSystemMetrics (nIndex=6) returned 1
[0129.524] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.526] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.526] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.526] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.527] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.527] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.527] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.527] GetSystemMetrics (nIndex=5) returned 1
[0129.527] GetSystemMetrics (nIndex=6) returned 1
[0129.527] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.527] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.528] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.528] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.528] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.528] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.528] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.528] GetSystemMetrics (nIndex=5) returned 1
[0129.528] GetSystemMetrics (nIndex=6) returned 1
[0129.529] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.529] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.529] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.529] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.529] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.530] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.530] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.530] GetSystemMetrics (nIndex=5) returned 1
[0129.530] GetSystemMetrics (nIndex=6) returned 1
[0129.530] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.530] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.530] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.531] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.531] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.531] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.531] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.531] GetSystemMetrics (nIndex=5) returned 1
[0129.531] GetSystemMetrics (nIndex=6) returned 1
[0129.532] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.532] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.532] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.532] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.532] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.532] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.532] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.533] GetSystemMetrics (nIndex=5) returned 1
[0129.533] GetSystemMetrics (nIndex=6) returned 1
[0129.533] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.533] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.533] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.533] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.534] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.534] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.534] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.534] GetSystemMetrics (nIndex=5) returned 1
[0129.534] GetSystemMetrics (nIndex=6) returned 1
[0129.534] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.534] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.534] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.534] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.535] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.535] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.535] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.535] GetSystemMetrics (nIndex=5) returned 1
[0129.535] GetSystemMetrics (nIndex=6) returned 1
[0129.535] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.536] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.536] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.536] AdjustWindowRectEx (in: lpRect=0x18dff0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff0) returned 1
[0129.536] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.536] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.537] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.537] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.537] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.537] GetSystemMetrics (nIndex=5) returned 1
[0129.537] GetSystemMetrics (nIndex=6) returned 1
[0129.537] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.537] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0129.537] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.538] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18de34) returned 0x0
[0129.538] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18de2c) returned 0x0
[0129.538] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.538] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.538] DrawTextExW (in: hdc=0x69010807, lpchText="j^", cchText=2, lprc=0x18de38, format=0x420, lpdtp=0x27a1cf4 | out: lpchText="j^", lprc=0x18de38) returned 13
[0129.539] GetSystemMetrics (nIndex=5) returned 1
[0129.539] GetSystemMetrics (nIndex=6) returned 1
[0129.539] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.539] DrawTextExW (in: hdc=0x69010807, lpchText="j^", cchText=2, lprc=0x18de30, format=0x420, lpdtp=0x27a1d74 | out: lpchText="j^", lprc=0x18de30) returned 13
[0129.539] GetSystemMetrics (nIndex=5) returned 1
[0129.539] GetSystemMetrics (nIndex=6) returned 1
[0129.539] AdjustWindowRectEx (in: lpRect=0x18dff4, dwStyle=0x56210242, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dff4) returned 1
[0129.571] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config", nBufferLength=0x105, lpBuffer=0x18d898, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config", lpFilePart=0x0) returned 0x69
[0129.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18dd48) returned 1
[0129.572] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x18ddc4 | out: lpFileInformation=0x18ddc4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0129.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18dd44) returned 1
[0129.982] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.982] AdjustWindowRectEx (in: lpRect=0x18dff4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff4) returned 1
[0129.982] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.983] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.983] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.983] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.983] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.983] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.983] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.983] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.984] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.984] AdjustWindowRectEx (in: lpRect=0x18dff0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff0) returned 1
[0129.984] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.984] AdjustWindowRectEx (in: lpRect=0x18dff8, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x18dff8) returned 1
[0129.984] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.985] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.985] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.985] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.985] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.985] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dfec) returned 1
[0129.985] GetDC (hWnd=0x0) returned 0xffffffffd001053c
[0129.986] GdipCreateFromHDC (hdc=0xd001053c, graphics=0x18dec4) returned 0x0
[0129.986] GdipGetFontHeight (font=0x4c8efc0, graphics=0x5ccf268, height=0x18debc) returned 0x0
[0129.986] GdipDeleteGraphics (graphics=0x5ccf268) returned 0x0
[0129.986] ReleaseDC (hWnd=0x0, hDC=0xd001053c) returned 1
[0129.986] GetSystemMetrics (nIndex=5) returned 1
[0129.986] GetSystemMetrics (nIndex=6) returned 1
[0129.987] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0129.987] AdjustWindowRectEx (in: lpRect=0x18dfec, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x18dfec) returned 1
[0130.010] RegisterClipboardFormatW (lpszFormat="WindowsForms12_TabBaseReLayout") returned 0xc1d4
[0130.011] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6c2d0000
[0130.011] AdjustWindowRectEx (in: lpRect=0x18dff0, dwStyle=0x56010800, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18dff0) returned 1
[0130.807] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18000, lpName=0x0) returned 0x2c8
[0130.808] memcpy (in: _Dst=0x1160000, _Src=0x37994d0, _Size=0x18000 | out: _Dst=0x1160000) returned 0x1160000
[0130.809] CloseHandle (hObject=0x2c8) returned 1
[0171.743] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5200, lpName=0x0) returned 0x214
[0171.744] memcpy (in: _Dst=0x1140000, _Src=0x2806fd0, _Size=0x5200 | out: _Dst=0x1140000) returned 0x1140000
[0171.744] CloseHandle (hObject=0x214) returned 1
[0171.961] CoTaskMemAlloc (cb=0x20c) returned 0xf7ea80
[0171.961] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xf7ea80 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25
[0171.962] CoTaskMemFree (pv=0xf7ea80)
[0171.963] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x18c564, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16
[0171.965] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x18c578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0172.332] GdipLoadImageFromStream (stream=0x2740030, image=0x18cfc0) returned 0x0
[0172.425] GdipImageForceValidation (image=0x5ccf268) returned 0x0
[0172.448] GdipGetImageType (image=0x5ccf268, type=0x18cfbc) returned 0x0
[0172.450] GdipGetImageRawFormat (image=0x5ccf268, format=0x18cf30*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0172.511] GdipGetImageWidth (image=0x5ccf268, width=0x18d580) returned 0x0
[0172.535] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.535] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.535] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=0, color=0x18d534) returned 0x0
[0172.576] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.576] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.576] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=1, color=0x18d534) returned 0x0
[0172.576] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.576] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.576] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=2, color=0x18d534) returned 0x0
[0172.576] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.577] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.577] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=3, color=0x18d534) returned 0x0
[0172.577] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.577] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.577] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=4, color=0x18d534) returned 0x0
[0172.577] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.577] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.577] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=5, color=0x18d534) returned 0x0
[0172.577] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.577] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.577] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=6, color=0x18d534) returned 0x0
[0172.577] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.577] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.577] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=7, color=0x18d534) returned 0x0
[0172.577] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.577] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.577] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=8, color=0x18d534) returned 0x0
[0172.577] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.578] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.578] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=9, color=0x18d534) returned 0x0
[0172.578] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.578] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.578] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=10, color=0x18d534) returned 0x0
[0172.578] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.578] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.578] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=11, color=0x18d534) returned 0x0
[0172.578] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.578] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.578] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=12, color=0x18d534) returned 0x0
[0172.578] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.578] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.578] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=13, color=0x18d534) returned 0x0
[0172.578] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.578] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.578] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=14, color=0x18d534) returned 0x0
[0172.578] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.579] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.579] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=15, color=0x18d534) returned 0x0
[0172.579] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.579] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.579] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=16, color=0x18d534) returned 0x0
[0172.579] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.579] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.579] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=17, color=0x18d534) returned 0x0
[0172.579] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.579] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.579] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=18, color=0x18d534) returned 0x0
[0172.579] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.579] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.579] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=19, color=0x18d534) returned 0x0
[0172.579] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.580] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.580] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=20, color=0x18d534) returned 0x0
[0172.580] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.580] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.580] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=21, color=0x18d534) returned 0x0
[0172.580] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.580] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.580] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=22, color=0x18d534) returned 0x0
[0172.580] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.580] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.580] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=23, color=0x18d534) returned 0x0
[0172.580] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.580] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.580] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=24, color=0x18d534) returned 0x0
[0172.580] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.580] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.581] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=25, color=0x18d534) returned 0x0
[0172.581] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.581] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.581] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=26, color=0x18d534) returned 0x0
[0172.581] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.581] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.581] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=27, color=0x18d534) returned 0x0
[0172.581] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.581] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.581] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=28, color=0x18d534) returned 0x0
[0172.581] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.581] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.581] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=29, color=0x18d534) returned 0x0
[0172.581] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.582] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.582] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=30, color=0x18d534) returned 0x0
[0172.582] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.582] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.582] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=31, color=0x18d534) returned 0x0
[0172.582] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.582] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.582] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=32, color=0x18d534) returned 0x0
[0172.582] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.582] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.582] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=33, color=0x18d534) returned 0x0
[0172.582] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.582] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.582] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=34, color=0x18d534) returned 0x0
[0172.582] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.582] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.582] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=35, color=0x18d534) returned 0x0
[0172.582] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.583] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.583] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=36, color=0x18d534) returned 0x0
[0172.583] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.583] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.583] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=37, color=0x18d534) returned 0x0
[0172.583] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.583] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.583] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=38, color=0x18d534) returned 0x0
[0172.583] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.583] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.583] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=39, color=0x18d534) returned 0x0
[0172.583] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.583] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.583] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=40, color=0x18d534) returned 0x0
[0172.583] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.583] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.583] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=41, color=0x18d534) returned 0x0
[0172.584] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.584] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.584] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=42, color=0x18d534) returned 0x0
[0172.584] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.584] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.584] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=43, color=0x18d534) returned 0x0
[0172.584] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.584] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.584] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=44, color=0x18d534) returned 0x0
[0172.584] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.584] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.584] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=45, color=0x18d534) returned 0x0
[0172.584] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.584] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.584] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=46, color=0x18d534) returned 0x0
[0172.584] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.584] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.585] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=47, color=0x18d534) returned 0x0
[0172.585] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.585] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.585] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=48, color=0x18d534) returned 0x0
[0172.585] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.585] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.585] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=49, color=0x18d534) returned 0x0
[0172.585] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.585] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.585] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=50, color=0x18d534) returned 0x0
[0172.585] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.585] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.585] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=51, color=0x18d534) returned 0x0
[0172.585] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.585] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.585] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=52, color=0x18d534) returned 0x0
[0172.585] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.585] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.586] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=53, color=0x18d534) returned 0x0
[0172.586] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.586] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.586] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=54, color=0x18d534) returned 0x0
[0172.586] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.586] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.586] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=55, color=0x18d534) returned 0x0
[0172.586] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.586] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.586] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=56, color=0x18d534) returned 0x0
[0172.586] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.586] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.586] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=57, color=0x18d534) returned 0x0
[0172.586] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.586] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.586] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=58, color=0x18d534) returned 0x0
[0172.586] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.586] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.587] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=59, color=0x18d534) returned 0x0
[0172.587] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.587] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.587] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=60, color=0x18d534) returned 0x0
[0172.587] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.587] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.587] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=61, color=0x18d534) returned 0x0
[0172.587] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.587] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.587] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=62, color=0x18d534) returned 0x0
[0172.587] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.587] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.587] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=63, color=0x18d534) returned 0x0
[0172.587] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.587] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.587] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=64, color=0x18d534) returned 0x0
[0172.587] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.587] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.588] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=65, color=0x18d534) returned 0x0
[0172.588] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.588] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.588] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=66, color=0x18d534) returned 0x0
[0172.588] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.588] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.588] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=67, color=0x18d534) returned 0x0
[0172.588] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.588] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.588] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=68, color=0x18d534) returned 0x0
[0172.588] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.588] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.588] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=69, color=0x18d534) returned 0x0
[0172.588] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.588] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.588] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=70, color=0x18d534) returned 0x0
[0172.589] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.589] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.589] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=71, color=0x18d534) returned 0x0
[0172.589] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.589] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.589] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=72, color=0x18d534) returned 0x0
[0172.589] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.589] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.589] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=73, color=0x18d534) returned 0x0
[0172.589] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.589] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.589] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=74, color=0x18d534) returned 0x0
[0172.589] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.589] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.589] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=75, color=0x18d534) returned 0x0
[0172.589] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.590] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.590] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=76, color=0x18d534) returned 0x0
[0172.590] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.590] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.590] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=77, color=0x18d534) returned 0x0
[0172.590] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.590] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.590] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=78, color=0x18d534) returned 0x0
[0172.590] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.590] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.590] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=79, color=0x18d534) returned 0x0
[0172.590] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.590] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.590] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=80, color=0x18d534) returned 0x0
[0172.590] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.590] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.590] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=81, color=0x18d534) returned 0x0
[0172.591] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.591] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.591] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=82, color=0x18d534) returned 0x0
[0172.591] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.591] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.591] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=83, color=0x18d534) returned 0x0
[0172.591] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.591] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.591] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=84, color=0x18d534) returned 0x0
[0172.591] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.591] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.591] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=85, color=0x18d534) returned 0x0
[0172.591] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.591] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.591] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=86, color=0x18d534) returned 0x0
[0172.592] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.592] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.592] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=87, color=0x18d534) returned 0x0
[0172.592] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.592] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.592] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=88, color=0x18d534) returned 0x0
[0172.592] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.592] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.592] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=89, color=0x18d534) returned 0x0
[0172.592] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.592] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.592] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=90, color=0x18d534) returned 0x0
[0172.592] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.592] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.592] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=91, color=0x18d534) returned 0x0
[0172.592] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.592] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.592] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=92, color=0x18d534) returned 0x0
[0172.592] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.592] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.592] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=93, color=0x18d534) returned 0x0
[0172.593] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.593] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.593] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=94, color=0x18d534) returned 0x0
[0172.593] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.593] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.593] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=95, color=0x18d534) returned 0x0
[0172.593] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.593] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.593] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=96, color=0x18d534) returned 0x0
[0172.593] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.593] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.593] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=97, color=0x18d534) returned 0x0
[0172.593] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.593] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.593] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=98, color=0x18d534) returned 0x0
[0172.593] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.593] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.593] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=99, color=0x18d534) returned 0x0
[0172.593] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.593] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.593] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=100, color=0x18d534) returned 0x0
[0172.594] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.594] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.594] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=101, color=0x18d534) returned 0x0
[0172.594] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.594] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.594] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=102, color=0x18d534) returned 0x0
[0172.594] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.594] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.594] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=103, color=0x18d534) returned 0x0
[0172.594] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.594] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.594] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=104, color=0x18d534) returned 0x0
[0172.594] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.594] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.594] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=105, color=0x18d534) returned 0x0
[0172.594] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.594] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.594] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=106, color=0x18d534) returned 0x0
[0172.594] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.594] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.595] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=107, color=0x18d534) returned 0x0
[0172.595] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.595] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.595] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=108, color=0x18d534) returned 0x0
[0172.595] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.595] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.595] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=109, color=0x18d534) returned 0x0
[0172.595] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.595] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.595] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=110, color=0x18d534) returned 0x0
[0172.595] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.595] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.595] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=111, color=0x18d534) returned 0x0
[0172.595] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.595] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.595] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=112, color=0x18d534) returned 0x0
[0172.595] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.595] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.595] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=113, color=0x18d534) returned 0x0
[0172.595] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.595] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.595] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=114, color=0x18d534) returned 0x0
[0172.596] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.596] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.596] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=115, color=0x18d534) returned 0x0
[0172.596] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.596] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.596] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=116, color=0x18d534) returned 0x0
[0172.596] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.596] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.596] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=117, color=0x18d534) returned 0x0
[0172.596] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.596] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.596] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=118, color=0x18d534) returned 0x0
[0172.596] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.596] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.596] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=119, color=0x18d534) returned 0x0
[0172.596] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.596] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.596] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=120, color=0x18d534) returned 0x0
[0172.596] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.596] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.596] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=121, color=0x18d534) returned 0x0
[0172.596] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.597] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.597] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=122, color=0x18d534) returned 0x0
[0172.597] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.597] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.597] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=123, color=0x18d534) returned 0x0
[0172.597] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.597] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.597] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=124, color=0x18d534) returned 0x0
[0172.597] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.597] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.597] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=125, color=0x18d534) returned 0x0
[0172.597] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.597] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.597] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=126, color=0x18d534) returned 0x0
[0172.597] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.597] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.597] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=127, color=0x18d534) returned 0x0
[0172.597] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.597] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.597] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=128, color=0x18d534) returned 0x0
[0172.597] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.597] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.598] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=129, color=0x18d534) returned 0x0
[0172.598] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.598] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.598] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=130, color=0x18d534) returned 0x0
[0172.598] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.598] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.598] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=131, color=0x18d534) returned 0x0
[0172.598] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.598] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.598] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=132, color=0x18d534) returned 0x0
[0172.598] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.598] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.598] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=133, color=0x18d534) returned 0x0
[0172.598] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.598] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.598] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=134, color=0x18d534) returned 0x0
[0172.598] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.598] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.598] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=135, color=0x18d534) returned 0x0
[0172.598] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.598] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.598] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=136, color=0x18d534) returned 0x0
[0172.599] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.599] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.599] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=137, color=0x18d534) returned 0x0
[0172.599] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.599] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.599] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=138, color=0x18d534) returned 0x0
[0172.599] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.599] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.599] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=139, color=0x18d534) returned 0x0
[0172.599] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.599] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.599] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=140, color=0x18d534) returned 0x0
[0172.599] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.599] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.599] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=141, color=0x18d534) returned 0x0
[0172.599] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.599] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.599] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=142, color=0x18d534) returned 0x0
[0172.599] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.599] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.600] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=143, color=0x18d534) returned 0x0
[0172.600] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.600] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.600] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=144, color=0x18d534) returned 0x0
[0172.600] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.600] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.600] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=145, color=0x18d534) returned 0x0
[0172.600] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.600] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.600] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=146, color=0x18d534) returned 0x0
[0172.600] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.600] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.600] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=147, color=0x18d534) returned 0x0
[0172.600] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.600] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.600] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=148, color=0x18d534) returned 0x0
[0172.600] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.600] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.600] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=149, color=0x18d534) returned 0x0
[0172.600] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.600] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.601] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=150, color=0x18d534) returned 0x0
[0172.601] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.601] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.601] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=151, color=0x18d534) returned 0x0
[0172.601] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.601] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.601] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=152, color=0x18d534) returned 0x0
[0172.601] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.601] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.601] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=153, color=0x18d534) returned 0x0
[0172.602] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.602] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.602] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=154, color=0x18d534) returned 0x0
[0172.602] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.602] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.602] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=155, color=0x18d534) returned 0x0
[0172.602] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.602] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.602] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=156, color=0x18d534) returned 0x0
[0172.602] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.602] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.602] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=157, color=0x18d534) returned 0x0
[0172.602] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.602] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.602] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=158, color=0x18d534) returned 0x0
[0172.603] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.603] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.603] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=159, color=0x18d534) returned 0x0
[0172.603] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.603] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.603] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=160, color=0x18d534) returned 0x0
[0172.603] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.603] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.603] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=161, color=0x18d534) returned 0x0
[0172.603] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.603] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.603] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=162, color=0x18d534) returned 0x0
[0172.603] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.603] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.603] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=163, color=0x18d534) returned 0x0
[0172.603] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.603] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.604] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=164, color=0x18d534) returned 0x0
[0172.604] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.604] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.604] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=165, color=0x18d534) returned 0x0
[0172.604] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.604] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.604] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=166, color=0x18d534) returned 0x0
[0172.604] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.604] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.604] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=167, color=0x18d534) returned 0x0
[0172.604] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.604] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.604] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=168, color=0x18d534) returned 0x0
[0172.604] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.604] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.604] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=169, color=0x18d534) returned 0x0
[0172.604] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.604] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.605] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=170, color=0x18d534) returned 0x0
[0172.605] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.605] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.605] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=171, color=0x18d534) returned 0x0
[0172.605] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.605] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.605] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=172, color=0x18d534) returned 0x0
[0172.605] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.605] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.605] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=173, color=0x18d534) returned 0x0
[0172.605] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.605] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.605] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=174, color=0x18d534) returned 0x0
[0172.605] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.605] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.605] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=175, color=0x18d534) returned 0x0
[0172.605] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.605] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.605] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=176, color=0x18d534) returned 0x0
[0172.606] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.606] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.606] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=177, color=0x18d534) returned 0x0
[0172.606] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.606] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.606] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=178, color=0x18d534) returned 0x0
[0172.606] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.606] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.606] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=179, color=0x18d534) returned 0x0
[0172.606] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.606] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.606] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=180, color=0x18d534) returned 0x0
[0172.612] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.612] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.612] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=181, color=0x18d534) returned 0x0
[0172.612] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.612] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.612] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=182, color=0x18d534) returned 0x0
[0172.612] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.612] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.612] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=183, color=0x18d534) returned 0x0
[0172.612] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.612] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.612] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=184, color=0x18d534) returned 0x0
[0172.613] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.613] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.613] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=185, color=0x18d534) returned 0x0
[0172.613] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.613] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.613] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=186, color=0x18d534) returned 0x0
[0172.613] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.613] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.613] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=187, color=0x18d534) returned 0x0
[0172.613] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.613] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.613] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=188, color=0x18d534) returned 0x0
[0172.613] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.613] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.613] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=189, color=0x18d534) returned 0x0
[0172.613] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.613] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.613] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=190, color=0x18d534) returned 0x0
[0172.613] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.613] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.613] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=191, color=0x18d534) returned 0x0
[0172.613] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.614] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.614] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=192, color=0x18d534) returned 0x0
[0172.614] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.614] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.614] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=193, color=0x18d534) returned 0x0
[0172.614] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.614] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.614] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=194, color=0x18d534) returned 0x0
[0172.614] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.614] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.614] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=195, color=0x18d534) returned 0x0
[0172.614] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.614] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.614] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=196, color=0x18d534) returned 0x0
[0172.614] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.614] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.614] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=197, color=0x18d534) returned 0x0
[0172.614] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.614] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.614] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=198, color=0x18d534) returned 0x0
[0172.614] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.615] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.615] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=199, color=0x18d534) returned 0x0
[0172.615] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.615] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.615] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=200, color=0x18d534) returned 0x0
[0172.615] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.615] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.615] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=201, color=0x18d534) returned 0x0
[0172.615] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.615] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.615] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=202, color=0x18d534) returned 0x0
[0172.615] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.615] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.615] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=203, color=0x18d534) returned 0x0
[0172.615] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.615] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.615] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=204, color=0x18d534) returned 0x0
[0172.615] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.615] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.615] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=205, color=0x18d534) returned 0x0
[0172.615] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.616] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.616] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=206, color=0x18d534) returned 0x0
[0172.616] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.616] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.616] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=207, color=0x18d534) returned 0x0
[0172.616] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.616] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.616] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=208, color=0x18d534) returned 0x0
[0172.616] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.616] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.616] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=209, color=0x18d534) returned 0x0
[0172.616] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.616] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.616] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=210, color=0x18d534) returned 0x0
[0172.616] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.616] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.616] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=211, color=0x18d534) returned 0x0
[0172.616] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.616] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.616] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=212, color=0x18d534) returned 0x0
[0172.616] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.617] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.617] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=213, color=0x18d534) returned 0x0
[0172.617] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.617] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.617] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=214, color=0x18d534) returned 0x0
[0172.617] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.617] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.617] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=215, color=0x18d534) returned 0x0
[0172.617] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.617] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.617] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=216, color=0x18d534) returned 0x0
[0172.617] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.617] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.617] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=217, color=0x18d534) returned 0x0
[0172.617] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.617] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.617] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=218, color=0x18d534) returned 0x0
[0172.617] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.617] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.617] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=219, color=0x18d534) returned 0x0
[0172.617] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.617] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.618] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=220, color=0x18d534) returned 0x0
[0172.618] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.618] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.618] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=221, color=0x18d534) returned 0x0
[0172.618] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.618] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.618] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=222, color=0x18d534) returned 0x0
[0172.618] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.618] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.618] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=223, color=0x18d534) returned 0x0
[0172.618] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.618] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.618] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=224, color=0x18d534) returned 0x0
[0172.618] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.618] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.618] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=225, color=0x18d534) returned 0x0
[0172.618] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.618] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.618] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=226, color=0x18d534) returned 0x0
[0172.618] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.618] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.619] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=227, color=0x18d534) returned 0x0
[0172.619] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.619] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.619] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=228, color=0x18d534) returned 0x0
[0172.619] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.619] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.619] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=229, color=0x18d534) returned 0x0
[0172.619] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.619] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.619] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=230, color=0x18d534) returned 0x0
[0172.619] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.619] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.619] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=231, color=0x18d534) returned 0x0
[0172.619] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.619] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.619] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=232, color=0x18d534) returned 0x0
[0172.619] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.619] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.619] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=233, color=0x18d534) returned 0x0
[0172.619] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.619] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.619] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=234, color=0x18d534) returned 0x0
[0172.620] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.620] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.620] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=235, color=0x18d534) returned 0x0
[0172.620] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.620] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.620] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=236, color=0x18d534) returned 0x0
[0172.620] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.620] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.620] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=237, color=0x18d534) returned 0x0
[0172.620] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.620] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.620] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=238, color=0x18d534) returned 0x0
[0172.620] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.620] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.620] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=239, color=0x18d534) returned 0x0
[0172.620] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.620] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.620] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=240, color=0x18d534) returned 0x0
[0172.620] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.620] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.620] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=241, color=0x18d534) returned 0x0
[0172.621] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.621] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.621] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=242, color=0x18d534) returned 0x0
[0172.621] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.621] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.621] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=243, color=0x18d534) returned 0x0
[0172.621] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.621] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.621] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=244, color=0x18d534) returned 0x0
[0172.621] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.621] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.621] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=245, color=0x18d534) returned 0x0
[0172.621] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.621] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.621] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=246, color=0x18d534) returned 0x0
[0172.621] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.621] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.621] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=247, color=0x18d534) returned 0x0
[0172.621] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.621] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.621] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=248, color=0x18d534) returned 0x0
[0172.621] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.622] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.622] GdipBitmapGetPixel (bitmap=0x5ccf268, x=0, y=249, color=0x18d534) returned 0x0
[0172.765] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.765] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.766] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=101, color=0x18d534) returned 0x0
[0172.766] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.766] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.767] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=102, color=0x18d534) returned 0x0
[0172.767] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.767] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.767] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=103, color=0x18d534) returned 0x0
[0172.767] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.767] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.767] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=104, color=0x18d534) returned 0x0
[0172.767] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.767] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.767] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=105, color=0x18d534) returned 0x0
[0172.767] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.767] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.767] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=106, color=0x18d534) returned 0x0
[0172.767] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.768] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.768] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=107, color=0x18d534) returned 0x0
[0172.768] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.768] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.768] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=108, color=0x18d534) returned 0x0
[0172.768] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.768] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.768] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=109, color=0x18d534) returned 0x0
[0172.768] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.768] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.768] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=110, color=0x18d534) returned 0x0
[0172.768] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.768] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.768] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=111, color=0x18d534) returned 0x0
[0172.769] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.769] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.769] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=112, color=0x18d534) returned 0x0
[0172.769] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.769] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.769] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=113, color=0x18d534) returned 0x0
[0172.769] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.769] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.769] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=114, color=0x18d534) returned 0x0
[0172.769] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.769] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.769] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=115, color=0x18d534) returned 0x0
[0172.769] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.769] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.769] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=116, color=0x18d534) returned 0x0
[0172.769] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.769] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.769] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=117, color=0x18d534) returned 0x0
[0172.770] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.770] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.770] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=118, color=0x18d534) returned 0x0
[0172.770] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.770] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.770] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=119, color=0x18d534) returned 0x0
[0172.770] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.770] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.770] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=120, color=0x18d534) returned 0x0
[0172.770] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.770] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.770] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=121, color=0x18d534) returned 0x0
[0172.770] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.770] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.770] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=122, color=0x18d534) returned 0x0
[0172.770] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.770] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.771] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=123, color=0x18d534) returned 0x0
[0172.771] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.771] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.771] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=124, color=0x18d534) returned 0x0
[0172.771] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.771] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.771] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=125, color=0x18d534) returned 0x0
[0172.771] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.771] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.771] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=126, color=0x18d534) returned 0x0
[0172.771] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.771] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.771] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=127, color=0x18d534) returned 0x0
[0172.771] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.771] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.771] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=128, color=0x18d534) returned 0x0
[0172.772] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.772] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.772] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=129, color=0x18d534) returned 0x0
[0172.772] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.772] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.772] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=130, color=0x18d534) returned 0x0
[0172.772] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.772] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.772] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=131, color=0x18d534) returned 0x0
[0172.772] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.772] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.772] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=132, color=0x18d534) returned 0x0
[0172.772] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.772] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.772] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=133, color=0x18d534) returned 0x0
[0172.773] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.773] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.773] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=134, color=0x18d534) returned 0x0
[0172.773] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.773] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.773] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=135, color=0x18d534) returned 0x0
[0172.773] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.773] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.773] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=136, color=0x18d534) returned 0x0
[0172.773] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.773] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.773] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=137, color=0x18d534) returned 0x0
[0172.773] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.773] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.773] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=138, color=0x18d534) returned 0x0
[0172.773] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.773] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.773] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=139, color=0x18d534) returned 0x0
[0172.773] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.774] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.774] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=140, color=0x18d534) returned 0x0
[0172.774] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.774] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.774] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=141, color=0x18d534) returned 0x0
[0172.774] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.774] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.774] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=142, color=0x18d534) returned 0x0
[0172.774] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.774] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.774] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=143, color=0x18d534) returned 0x0
[0172.774] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.774] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.774] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=144, color=0x18d534) returned 0x0
[0172.774] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.774] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.774] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=145, color=0x18d534) returned 0x0
[0172.774] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.775] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.775] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=146, color=0x18d534) returned 0x0
[0172.775] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.775] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.775] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=147, color=0x18d534) returned 0x0
[0172.775] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.775] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.775] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=148, color=0x18d534) returned 0x0
[0172.775] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.775] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.775] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=149, color=0x18d534) returned 0x0
[0172.775] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.775] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.775] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=150, color=0x18d534) returned 0x0
[0172.775] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.775] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.775] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=151, color=0x18d534) returned 0x0
[0172.776] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.776] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.776] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=152, color=0x18d534) returned 0x0
[0172.776] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.776] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.776] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=153, color=0x18d534) returned 0x0
[0172.776] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.776] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.776] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=154, color=0x18d534) returned 0x0
[0172.776] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.776] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.776] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=155, color=0x18d534) returned 0x0
[0172.776] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.776] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.776] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=156, color=0x18d534) returned 0x0
[0172.776] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.776] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.776] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=157, color=0x18d534) returned 0x0
[0172.777] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.777] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.777] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=158, color=0x18d534) returned 0x0
[0172.777] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.777] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.777] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=159, color=0x18d534) returned 0x0
[0172.777] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.777] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.777] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=160, color=0x18d534) returned 0x0
[0172.777] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.777] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.777] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=161, color=0x18d534) returned 0x0
[0172.777] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.777] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.777] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=162, color=0x18d534) returned 0x0
[0172.777] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.777] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.777] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=163, color=0x18d534) returned 0x0
[0172.777] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.778] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.778] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=164, color=0x18d534) returned 0x0
[0172.778] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.778] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.778] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=165, color=0x18d534) returned 0x0
[0172.778] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.778] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.778] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=166, color=0x18d534) returned 0x0
[0172.778] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.778] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.778] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=167, color=0x18d534) returned 0x0
[0172.778] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.779] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.779] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=168, color=0x18d534) returned 0x0
[0172.779] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.779] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.779] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=169, color=0x18d534) returned 0x0
[0172.779] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.779] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.779] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=170, color=0x18d534) returned 0x0
[0172.779] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.779] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.779] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=171, color=0x18d534) returned 0x0
[0172.779] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.779] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.779] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=172, color=0x18d534) returned 0x0
[0172.779] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.779] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.779] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=173, color=0x18d534) returned 0x0
[0172.779] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.780] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.780] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=174, color=0x18d534) returned 0x0
[0172.780] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.780] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.780] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=175, color=0x18d534) returned 0x0
[0172.780] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.780] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.780] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=176, color=0x18d534) returned 0x0
[0172.780] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.780] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.780] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=177, color=0x18d534) returned 0x0
[0172.780] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.780] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.780] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=178, color=0x18d534) returned 0x0
[0172.780] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.780] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.780] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=179, color=0x18d534) returned 0x0
[0172.780] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.781] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.781] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=180, color=0x18d534) returned 0x0
[0172.781] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.781] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.781] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=181, color=0x18d534) returned 0x0
[0172.781] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.781] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.781] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=182, color=0x18d534) returned 0x0
[0172.781] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.781] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.781] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=183, color=0x18d534) returned 0x0
[0172.781] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.781] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.781] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=184, color=0x18d534) returned 0x0
[0172.781] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.781] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.781] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=185, color=0x18d534) returned 0x0
[0172.781] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.781] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.782] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=186, color=0x18d534) returned 0x0
[0172.782] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.782] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.782] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=187, color=0x18d534) returned 0x0
[0172.782] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.782] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.782] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=188, color=0x18d534) returned 0x0
[0172.782] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.782] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.782] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=189, color=0x18d534) returned 0x0
[0172.782] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.782] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.782] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=190, color=0x18d534) returned 0x0
[0172.782] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.782] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.782] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=191, color=0x18d534) returned 0x0
[0172.782] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.782] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.782] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=192, color=0x18d534) returned 0x0
[0172.782] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.782] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.782] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=193, color=0x18d534) returned 0x0
[0172.783] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.783] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.783] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=194, color=0x18d534) returned 0x0
[0172.783] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.783] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.783] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=195, color=0x18d534) returned 0x0
[0172.783] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.783] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.783] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=196, color=0x18d534) returned 0x0
[0172.783] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.783] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.783] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=197, color=0x18d534) returned 0x0
[0172.783] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.783] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.783] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=198, color=0x18d534) returned 0x0
[0172.783] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.783] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.783] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=199, color=0x18d534) returned 0x0
[0172.783] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.783] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.783] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=200, color=0x18d534) returned 0x0
[0172.784] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.784] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.784] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=201, color=0x18d534) returned 0x0
[0172.784] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.784] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.784] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=202, color=0x18d534) returned 0x0
[0172.784] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.784] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.784] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=203, color=0x18d534) returned 0x0
[0172.784] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.784] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.784] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=204, color=0x18d534) returned 0x0
[0172.784] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.784] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.784] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=205, color=0x18d534) returned 0x0
[0172.784] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.784] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.784] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=206, color=0x18d534) returned 0x0
[0172.784] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.784] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.784] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=207, color=0x18d534) returned 0x0
[0172.784] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.784] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.785] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=208, color=0x18d534) returned 0x0
[0172.785] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.785] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.785] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=209, color=0x18d534) returned 0x0
[0172.785] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.785] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.785] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=210, color=0x18d534) returned 0x0
[0172.785] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.785] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.785] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=211, color=0x18d534) returned 0x0
[0172.785] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.785] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.785] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=212, color=0x18d534) returned 0x0
[0172.785] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.785] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.785] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=213, color=0x18d534) returned 0x0
[0172.785] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.785] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.785] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=214, color=0x18d534) returned 0x0
[0172.785] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.785] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.785] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=215, color=0x18d534) returned 0x0
[0172.786] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.786] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.786] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=216, color=0x18d534) returned 0x0
[0172.786] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.786] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.786] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=217, color=0x18d534) returned 0x0
[0172.786] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.786] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.786] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=218, color=0x18d534) returned 0x0
[0172.786] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.786] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.786] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=219, color=0x18d534) returned 0x0
[0172.786] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.786] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.786] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=220, color=0x18d534) returned 0x0
[0172.786] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.786] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.786] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=221, color=0x18d534) returned 0x0
[0172.786] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.786] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.786] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=222, color=0x18d534) returned 0x0
[0172.787] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.787] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.787] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=223, color=0x18d534) returned 0x0
[0172.787] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.787] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.787] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=224, color=0x18d534) returned 0x0
[0172.787] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.787] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.787] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=225, color=0x18d534) returned 0x0
[0172.787] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.787] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.787] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=226, color=0x18d534) returned 0x0
[0172.787] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.787] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.787] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=227, color=0x18d534) returned 0x0
[0172.787] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.787] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.787] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=228, color=0x18d534) returned 0x0
[0172.787] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.787] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.787] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=229, color=0x18d534) returned 0x0
[0172.787] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.788] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.788] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=230, color=0x18d534) returned 0x0
[0172.788] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.788] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.788] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=231, color=0x18d534) returned 0x0
[0172.788] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.788] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.788] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=232, color=0x18d534) returned 0x0
[0172.788] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.788] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.788] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=233, color=0x18d534) returned 0x0
[0172.788] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.788] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.788] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=234, color=0x18d534) returned 0x0
[0172.788] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.788] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.788] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=235, color=0x18d534) returned 0x0
[0172.788] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.788] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.788] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=236, color=0x18d534) returned 0x0
[0172.788] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.789] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.789] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=237, color=0x18d534) returned 0x0
[0172.789] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.789] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.789] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=238, color=0x18d534) returned 0x0
[0172.789] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.789] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.789] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=239, color=0x18d534) returned 0x0
[0172.789] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.789] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.789] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=240, color=0x18d534) returned 0x0
[0172.789] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.789] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.789] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=241, color=0x18d534) returned 0x0
[0172.789] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.789] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.789] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=242, color=0x18d534) returned 0x0
[0172.789] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.789] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.789] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=243, color=0x18d534) returned 0x0
[0172.789] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.789] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.789] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=244, color=0x18d534) returned 0x0
[0172.790] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.790] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.790] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=245, color=0x18d534) returned 0x0
[0172.790] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.790] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.790] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=246, color=0x18d534) returned 0x0
[0172.790] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.790] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.790] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=247, color=0x18d534) returned 0x0
[0172.790] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.790] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.790] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=248, color=0x18d534) returned 0x0
[0172.790] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.790] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.790] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=249, color=0x18d534) returned 0x0
[0172.790] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.790] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.790] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=250, color=0x18d534) returned 0x0
[0172.790] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.790] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.790] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=251, color=0x18d534) returned 0x0
[0172.791] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.791] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.791] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=252, color=0x18d534) returned 0x0
[0172.791] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.791] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.791] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=253, color=0x18d534) returned 0x0
[0172.791] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.791] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.791] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=254, color=0x18d534) returned 0x0
[0172.791] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.791] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.791] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=255, color=0x18d534) returned 0x0
[0172.791] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.791] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.791] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=256, color=0x18d534) returned 0x0
[0172.791] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.791] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.791] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=257, color=0x18d534) returned 0x0
[0172.791] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.792] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.792] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=258, color=0x18d534) returned 0x0
[0172.792] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.792] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.792] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=259, color=0x18d534) returned 0x0
[0172.792] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.792] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.792] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=260, color=0x18d534) returned 0x0
[0172.792] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.792] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.792] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=261, color=0x18d534) returned 0x0
[0172.792] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.792] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.792] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=262, color=0x18d534) returned 0x0
[0172.792] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.792] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.792] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=263, color=0x18d534) returned 0x0
[0172.792] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.792] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.792] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=264, color=0x18d534) returned 0x0
[0172.792] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.792] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.793] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=265, color=0x18d534) returned 0x0
[0172.793] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.793] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.793] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=266, color=0x18d534) returned 0x0
[0172.793] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.793] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.793] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=267, color=0x18d534) returned 0x0
[0172.793] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.793] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.793] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=268, color=0x18d534) returned 0x0
[0172.793] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.793] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.793] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=269, color=0x18d534) returned 0x0
[0172.793] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.793] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.793] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=270, color=0x18d534) returned 0x0
[0172.793] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.793] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.793] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=271, color=0x18d534) returned 0x0
[0172.793] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.794] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.794] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=272, color=0x18d534) returned 0x0
[0172.794] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.823] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.823] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=273, color=0x18d534) returned 0x0
[0172.823] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.823] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.823] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=274, color=0x18d534) returned 0x0
[0172.823] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.823] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.824] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=275, color=0x18d534) returned 0x0
[0172.824] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.824] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.824] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=276, color=0x18d534) returned 0x0
[0172.824] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.824] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.824] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=277, color=0x18d534) returned 0x0
[0172.824] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.824] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.824] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=278, color=0x18d534) returned 0x0
[0172.824] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.824] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.824] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=279, color=0x18d534) returned 0x0
[0172.824] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.824] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.824] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=280, color=0x18d534) returned 0x0
[0172.824] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.824] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.825] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=281, color=0x18d534) returned 0x0
[0172.825] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.825] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.825] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=282, color=0x18d534) returned 0x0
[0172.825] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.825] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.825] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=283, color=0x18d534) returned 0x0
[0172.825] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.825] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.825] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=284, color=0x18d534) returned 0x0
[0172.825] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.825] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.825] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=285, color=0x18d534) returned 0x0
[0172.826] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.826] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.826] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=286, color=0x18d534) returned 0x0
[0172.826] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.826] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.826] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=287, color=0x18d534) returned 0x0
[0172.826] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.826] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.826] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=288, color=0x18d534) returned 0x0
[0172.826] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.826] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.826] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=289, color=0x18d534) returned 0x0
[0172.826] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.826] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.826] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=290, color=0x18d534) returned 0x0
[0172.826] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.826] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.826] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=291, color=0x18d534) returned 0x0
[0172.827] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.827] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.827] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=292, color=0x18d534) returned 0x0
[0172.827] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.827] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.827] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=293, color=0x18d534) returned 0x0
[0172.827] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.827] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.827] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=294, color=0x18d534) returned 0x0
[0172.827] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.827] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.827] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=295, color=0x18d534) returned 0x0
[0172.827] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.827] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.827] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=296, color=0x18d534) returned 0x0
[0172.827] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.827] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.828] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=297, color=0x18d534) returned 0x0
[0172.828] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.828] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.828] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=298, color=0x18d534) returned 0x0
[0172.828] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.828] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.828] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=299, color=0x18d534) returned 0x0
[0172.828] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.828] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.828] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=300, color=0x18d534) returned 0x0
[0172.828] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.828] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.828] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=301, color=0x18d534) returned 0x0
[0172.828] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.828] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.828] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=302, color=0x18d534) returned 0x0
[0172.828] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.828] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.829] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=303, color=0x18d534) returned 0x0
[0172.829] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.829] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.829] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=304, color=0x18d534) returned 0x0
[0172.829] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.829] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.829] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=305, color=0x18d534) returned 0x0
[0172.829] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.829] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.829] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=306, color=0x18d534) returned 0x0
[0172.829] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.829] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.829] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=307, color=0x18d534) returned 0x0
[0172.829] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.829] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.829] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=308, color=0x18d534) returned 0x0
[0172.829] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.829] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.830] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=309, color=0x18d534) returned 0x0
[0172.830] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.830] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.830] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=310, color=0x18d534) returned 0x0
[0172.830] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.830] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.830] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=311, color=0x18d534) returned 0x0
[0172.830] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.830] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.830] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=312, color=0x18d534) returned 0x0
[0172.830] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.830] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.830] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=313, color=0x18d534) returned 0x0
[0172.830] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.830] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.830] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=314, color=0x18d534) returned 0x0
[0172.830] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.831] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.831] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=315, color=0x18d534) returned 0x0
[0172.831] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.831] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.831] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=316, color=0x18d534) returned 0x0
[0172.831] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.831] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.831] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=317, color=0x18d534) returned 0x0
[0172.831] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.831] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.831] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=318, color=0x18d534) returned 0x0
[0172.831] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.831] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.831] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=319, color=0x18d534) returned 0x0
[0172.831] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.831] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.831] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=320, color=0x18d534) returned 0x0
[0172.832] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.832] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.832] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=321, color=0x18d534) returned 0x0
[0172.832] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.832] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.832] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=322, color=0x18d534) returned 0x0
[0172.832] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.832] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.832] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=323, color=0x18d534) returned 0x0
[0172.832] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.832] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.832] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=324, color=0x18d534) returned 0x0
[0172.832] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.832] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.832] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=325, color=0x18d534) returned 0x0
[0172.832] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.832] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.832] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=326, color=0x18d534) returned 0x0
[0172.833] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.833] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.833] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=327, color=0x18d534) returned 0x0
[0172.833] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.833] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.833] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=328, color=0x18d534) returned 0x0
[0172.833] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.833] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.833] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=329, color=0x18d534) returned 0x0
[0172.833] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.833] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.833] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=330, color=0x18d534) returned 0x0
[0172.833] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.833] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.833] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=331, color=0x18d534) returned 0x0
[0172.833] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.833] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.834] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=332, color=0x18d534) returned 0x0
[0172.834] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.834] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.834] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=333, color=0x18d534) returned 0x0
[0172.834] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.834] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.834] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=334, color=0x18d534) returned 0x0
[0172.834] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.834] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.834] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=335, color=0x18d534) returned 0x0
[0172.834] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.834] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.834] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=336, color=0x18d534) returned 0x0
[0172.834] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.834] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.834] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=337, color=0x18d534) returned 0x0
[0172.834] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.834] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.835] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=338, color=0x18d534) returned 0x0
[0172.835] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.835] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.835] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=339, color=0x18d534) returned 0x0
[0172.835] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.835] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.835] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=340, color=0x18d534) returned 0x0
[0172.835] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.835] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.835] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=341, color=0x18d534) returned 0x0
[0172.835] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.835] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.835] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=342, color=0x18d534) returned 0x0
[0172.835] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.835] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.835] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=343, color=0x18d534) returned 0x0
[0172.835] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.835] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.836] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=344, color=0x18d534) returned 0x0
[0172.836] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.836] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.836] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=345, color=0x18d534) returned 0x0
[0172.836] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.836] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.836] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=346, color=0x18d534) returned 0x0
[0172.836] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.836] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.836] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=347, color=0x18d534) returned 0x0
[0172.836] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.836] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.836] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=348, color=0x18d534) returned 0x0
[0172.836] GdipGetImageWidth (image=0x5ccf268, width=0x18d524) returned 0x0
[0172.836] GdipGetImageHeight (image=0x5ccf268, height=0x18d524) returned 0x0
[0172.836] GdipBitmapGetPixel (bitmap=0x5ccf268, x=232, y=349, color=0x18d534) returned 0x0
[0172.982] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x99a00, lpName=0x0) returned 0x2d0
[0172.983] memcpy (in: _Dst=0x7af0000, _Src=0x3a8e190, _Size=0x99a00 | out: _Dst=0x7af0000) returned 0x7af0000
[0172.989] CloseHandle (hObject=0x2d0) returned 1
[0174.022] CoTaskMemAlloc (cb=0xd) returned 0xfb0ee0
[0174.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e29d4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.022] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.023] CoTaskMemFree (pv=0xfb0ee0)
[0174.034] CoTaskMemAlloc (cb=0x11) returned 0xf84cd8
[0174.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x27e2a0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12
[0174.034] GetProcAddress (hModule=0x75a70000, lpProcName="ResumeThread") returned 0x75a8a800
[0174.034] CoTaskMemFree (pv=0xf84cd8)
[0174.046] CoTaskMemAlloc (cb=0xd) returned 0xfb0ee0
[0174.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e2ac8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.046] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.046] CoTaskMemFree (pv=0xfb0ee0)
[0174.046] CoTaskMemAlloc (cb=0x1a) returned 0xfbf940
[0174.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x27e2b00, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0174.047] GetProcAddress (hModule=0x75a70000, lpProcName="Wow64SetThreadContext") returned 0x75ab3e60
[0174.047] CoTaskMemFree (pv=0xfbf940)
[0174.058] CoTaskMemAlloc (cb=0xd) returned 0xfb0f88
[0174.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e2bcc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.058] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.059] CoTaskMemFree (pv=0xfb0f88)
[0174.059] CoTaskMemAlloc (cb=0x15) returned 0xf84cd8
[0174.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x27e2c04, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0174.059] GetProcAddress (hModule=0x75a70000, lpProcName="SetThreadContext") returned 0x75ab2490
[0174.059] CoTaskMemFree (pv=0xf84cd8)
[0174.064] CoTaskMemAlloc (cb=0xd) returned 0xfb1030
[0174.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e2ccc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.064] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.064] CoTaskMemFree (pv=0xfb1030)
[0174.064] CoTaskMemAlloc (cb=0x1a) returned 0xfbf940
[0174.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x27e2d04, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0174.065] GetProcAddress (hModule=0x75a70000, lpProcName="Wow64GetThreadContext") returned 0x75ab3e30
[0174.065] CoTaskMemFree (pv=0xfbf940)
[0174.068] CoTaskMemAlloc (cb=0xd) returned 0xfb10a8
[0174.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e2dd0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.068] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.069] CoTaskMemFree (pv=0xfb10a8)
[0174.069] CoTaskMemAlloc (cb=0x15) returned 0xf84eb8
[0174.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x27e2e08, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0174.069] GetProcAddress (hModule=0x75a70000, lpProcName="GetThreadContext") returned 0x75a8ec60
[0174.069] CoTaskMemFree (pv=0xf84eb8)
[0174.072] CoTaskMemAlloc (cb=0xd) returned 0xfb0ee0
[0174.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e2ec4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.072] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.073] CoTaskMemFree (pv=0xfb0ee0)
[0174.073] CoTaskMemAlloc (cb=0x13) returned 0xf84d78
[0174.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x27e2efc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14
[0174.073] GetProcAddress (hModule=0x75a70000, lpProcName="VirtualAllocEx") returned 0x75ab2730
[0174.073] CoTaskMemFree (pv=0xf84d78)
[0174.082] CoTaskMemAlloc (cb=0xd) returned 0xfb0ee0
[0174.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e2fb8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.082] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.082] CoTaskMemFree (pv=0xfb0ee0)
[0174.083] CoTaskMemAlloc (cb=0x17) returned 0xf84cd8
[0174.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x27e2ff0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18
[0174.083] GetProcAddress (hModule=0x75a70000, lpProcName="WriteProcessMemory") returned 0x75ab2850
[0174.083] CoTaskMemFree (pv=0xf84cd8)
[0174.098] CoTaskMemAlloc (cb=0xd) returned 0xfb0ee0
[0174.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e30b4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.098] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.098] CoTaskMemFree (pv=0xfb0ee0)
[0174.098] CoTaskMemAlloc (cb=0x16) returned 0xf84e18
[0174.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x27e30ec, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17
[0174.099] GetProcAddress (hModule=0x75a70000, lpProcName="ReadProcessMemory") returned 0x75ab1c80
[0174.099] CoTaskMemFree (pv=0xf84e18)
[0174.110] CoTaskMemAlloc (cb=0xa) returned 0xfb10a8
[0174.110] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x27e31ac, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5
[0174.110] LoadLibraryA (lpLibFileName="ntdll") returned 0x770a0000
[0174.111] CoTaskMemFree (pv=0xfb10a8)
[0174.111] CoTaskMemAlloc (cb=0x19) returned 0xfbf940
[0174.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x27e31d8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20
[0174.111] GetProcAddress (hModule=0x770a0000, lpProcName="ZwUnmapViewOfSection") returned 0x77116f40
[0174.111] CoTaskMemFree (pv=0xfbf940)
[0174.122] CoTaskMemAlloc (cb=0xd) returned 0xfb10a8
[0174.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x27e32a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.122] LoadLibraryA (lpLibFileName="kernel32") returned 0x75a70000
[0174.123] CoTaskMemFree (pv=0xfb10a8)
[0174.123] CoTaskMemAlloc (cb=0x13) returned 0xf84cd8
[0174.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x27e32d8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14
[0174.123] GetProcAddress (hModule=0x75a70000, lpProcName="CreateProcessA") returned 0x75ab0750
[0174.123] CoTaskMemFree (pv=0xf84cd8)
[0174.203] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", nBufferLength=0x105, lpBuffer=0x18cab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", lpFilePart=0x0) returned 0x62
[0174.222] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="lgYctlHZz") returned 0x0
[0174.255] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="lgYctlHZz") returned 0x2d4
[0175.854] CoTaskMemAlloc (cb=0x20c) returned 0xfad4d8
[0175.854] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xfad4d8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0
[0175.863] CoTaskMemFree (pv=0xfad4d8)
[0175.863] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18ca98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25
[0175.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", nBufferLength=0x105, lpBuffer=0x18cb2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", lpFilePart=0x0) returned 0x31
[0175.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18cfd4) returned 1
[0175.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ifngrzh.exe"), fInfoLevelId=0x0, lpFileInformation=0x18d050 | out: lpFileInformation=0x18d050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0175.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18cfd0) returned 1
[0175.888] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", nBufferLength=0x105, lpBuffer=0x18cab0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", lpFilePart=0x0) returned 0x31
[0175.897] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", nBufferLength=0x105, lpBuffer=0x18cab4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", lpFilePart=0x0) returned 0x31
[0175.901] SetNamedSecurityInfoW () returned 0x2
[0175.970] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", nBufferLength=0x105, lpBuffer=0x18cae4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", lpFilePart=0x0) returned 0x62
[0175.970] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", nBufferLength=0x105, lpBuffer=0x18cae4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", lpFilePart=0x0) returned 0x31
[0175.970] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ifngrzh.exe"), bFailIfExists=1) returned 1
[0176.103] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", nBufferLength=0x105, lpBuffer=0x18ca98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", lpFilePart=0x0) returned 0x31
[0176.103] GetUserNameW (in: lpBuffer=0x18cd88, pcbBuffer=0x18d000 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x18d000) returned 1
[0176.111] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", dwFileAttributes=0x2007) returned 1
[0176.117] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.124] CoTaskMemAlloc (cb=0x8) returned 0xf7eb00
[0176.124] CoTaskMemAlloc (cb=0x1a) returned 0xfc5ae0
[0176.125] LsaLookupNames2 (in: PolicyHandle=0xf84ed8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.128] CoTaskMemFree (pv=0xfc5ae0)
[0176.128] CoTaskMemFree (pv=0xf7eb00)
[0176.136] LsaClose (ObjectHandle=0xf84ed8) returned 0x0
[0176.136] LsaFreeMemory (Buffer=0xf9ec70) returned 0x0
[0176.136] LsaFreeMemory (Buffer=0xf7dbe8) returned 0x0
[0176.136] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.137] CoTaskMemAlloc (cb=0x8) returned 0xf7ebf0
[0176.137] CoTaskMemAlloc (cb=0x1a) returned 0xfc5928
[0176.137] LsaLookupNames2 (in: PolicyHandle=0xf84cf8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.138] CoTaskMemFree (pv=0xfc5928)
[0176.138] CoTaskMemFree (pv=0xf7ebf0)
[0176.138] LsaClose (ObjectHandle=0xf84cf8) returned 0x0
[0176.138] LsaFreeMemory (Buffer=0xf9f3c0) returned 0x0
[0176.138] LsaFreeMemory (Buffer=0xf7dcf0) returned 0x0
[0176.152] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.154] CoTaskMemAlloc (cb=0x8) returned 0xf7ec50
[0176.154] CoTaskMemAlloc (cb=0x1a) returned 0xfc5a90
[0176.154] LsaLookupNames2 (in: PolicyHandle=0xf84cf8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.155] CoTaskMemFree (pv=0xfc5a90)
[0176.155] CoTaskMemFree (pv=0xf7ec50)
[0176.155] LsaClose (ObjectHandle=0xf84cf8) returned 0x0
[0176.156] LsaFreeMemory (Buffer=0xf9f220) returned 0x0
[0176.156] LsaFreeMemory (Buffer=0xf7d878) returned 0x0
[0176.156] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.156] CoTaskMemAlloc (cb=0x8) returned 0xf7eba0
[0176.156] CoTaskMemAlloc (cb=0x1a) returned 0xfc5b08
[0176.157] LsaLookupNames2 (in: PolicyHandle=0xf84ed8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.157] CoTaskMemFree (pv=0xfc5b08)
[0176.157] CoTaskMemFree (pv=0xf7eba0)
[0176.158] LsaClose (ObjectHandle=0xf84ed8) returned 0x0
[0176.158] LsaFreeMemory (Buffer=0xf9f2f0) returned 0x0
[0176.158] LsaFreeMemory (Buffer=0xf7da30) returned 0x0
[0176.158] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.158] CoTaskMemAlloc (cb=0x8) returned 0xf7eaf0
[0176.158] CoTaskMemAlloc (cb=0x1a) returned 0xfc5ae0
[0176.159] LsaLookupNames2 (in: PolicyHandle=0xf84cf8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.159] CoTaskMemFree (pv=0xfc5ae0)
[0176.159] CoTaskMemFree (pv=0xf7eaf0)
[0176.160] LsaClose (ObjectHandle=0xf84cf8) returned 0x0
[0176.160] LsaFreeMemory (Buffer=0xf9ed40) returned 0x0
[0176.160] LsaFreeMemory (Buffer=0xf7df00) returned 0x0
[0176.160] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.160] CoTaskMemAlloc (cb=0x8) returned 0xf7eba0
[0176.160] CoTaskMemAlloc (cb=0x1a) returned 0xfc59c8
[0176.160] LsaLookupNames2 (in: PolicyHandle=0xf84ed8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.161] CoTaskMemFree (pv=0xfc59c8)
[0176.161] CoTaskMemFree (pv=0xf7eba0)
[0176.162] LsaClose (ObjectHandle=0xf84ed8) returned 0x0
[0176.162] LsaFreeMemory (Buffer=0xf9ed40) returned 0x0
[0176.162] LsaFreeMemory (Buffer=0xf7dbe8) returned 0x0
[0176.162] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.163] CoTaskMemAlloc (cb=0x8) returned 0xf7ebd0
[0176.163] CoTaskMemAlloc (cb=0x1a) returned 0xfc5a18
[0176.163] LsaLookupNames2 (in: PolicyHandle=0xf84ed8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.164] CoTaskMemFree (pv=0xfc5a18)
[0176.164] CoTaskMemFree (pv=0xf7ebd0)
[0176.164] LsaClose (ObjectHandle=0xf84ed8) returned 0x0
[0176.164] LsaFreeMemory (Buffer=0xf9f2f0) returned 0x0
[0176.164] LsaFreeMemory (Buffer=0xf7dbe8) returned 0x0
[0176.164] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.165] CoTaskMemAlloc (cb=0x8) returned 0xf7eba0
[0176.165] CoTaskMemAlloc (cb=0x1a) returned 0xfc5ae0
[0176.165] LsaLookupNames2 (in: PolicyHandle=0xf84cf8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.166] CoTaskMemFree (pv=0xfc5ae0)
[0176.166] CoTaskMemFree (pv=0xf7eba0)
[0176.166] LsaClose (ObjectHandle=0xf84cf8) returned 0x0
[0176.167] LsaFreeMemory (Buffer=0xf9f220) returned 0x0
[0176.167] LsaFreeMemory (Buffer=0xf7df00) returned 0x0
[0176.167] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce14, DesiredAccess=0x800, PolicyHandle=0x18cdd4 | out: PolicyHandle=0x18cdd4) returned 0x0
[0176.167] CoTaskMemAlloc (cb=0x8) returned 0xf7eaf0
[0176.167] CoTaskMemAlloc (cb=0x1a) returned 0xfc5b08
[0176.167] LsaLookupNames2 (in: PolicyHandle=0xf84ed8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18cde8, Sids=0x18cddc | out: ReferencedDomains=0x18cde8, Sids=0x18cddc) returned 0x0
[0176.168] CoTaskMemFree (pv=0xfc5b08)
[0176.168] CoTaskMemFree (pv=0xf7eaf0)
[0176.168] LsaClose (ObjectHandle=0xf84ed8) returned 0x0
[0176.169] LsaFreeMemory (Buffer=0xf9f3c0) returned 0x0
[0176.169] LsaFreeMemory (Buffer=0xf7dbe8) returned 0x0
[0176.169] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", nBufferLength=0x105, lpBuffer=0x18caac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe", lpFilePart=0x0) returned 0x31
[0176.169] SetNamedSecurityInfoW () returned 0x0
[0176.244] GetCurrentProcess () returned 0xffffffff
[0176.244] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ceec | out: TokenHandle=0x18ceec*=0x3b0) returned 1
[0176.248] GetTokenInformation (in: TokenHandle=0x3b0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ceec | out: TokenInformation=0x0, ReturnLength=0x18ceec) returned 0
[0176.248] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0xf7ec50
[0176.248] GetTokenInformation (in: TokenHandle=0x3b0, TokenInformationClass=0x8, TokenInformation=0xf7ec50, TokenInformationLength=0x4, ReturnLength=0x18ceec | out: TokenInformation=0xf7ec50, ReturnLength=0x18ceec) returned 1
[0176.248] LocalFree (hMem=0xf7ec50) returned 0x0
[0176.249] DuplicateTokenEx (in: hExistingToken=0x3b0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18cef4 | out: phNewToken=0x18cef4*=0x3b4) returned 1
[0176.250] CheckTokenMembership (in: TokenHandle=0x3b4, SidToCheck=0x2810e70*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18cf04 | out: IsMember=0x18cf04) returned 1
[0176.250] CloseHandle (hObject=0x3b4) returned 1
[0176.281] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0xf84cf8
[0176.281] LocalAlloc (uFlags=0x0, uBytes=0xa8) returned 0xfaa140
[0176.284] ShellExecuteExW (in: pExecInfo=0x281123c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x281123c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4f4)) returned 1
[0176.823] LocalFree (hMem=0xf84cf8) returned 0x0
[0176.824] LocalFree (hMem=0xfaa140) returned 0x0
[0176.829] GetCurrentProcess () returned 0xffffffff
[0176.829] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18cf78 | out: TokenHandle=0x18cf78*=0x3c8) returned 1
[0176.829] GetCurrentProcess () returned 0xffffffff
[0176.829] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18cf4c | out: TokenHandle=0x18cf4c*=0x3d0) returned 1
[0176.829] GetTokenInformation (in: TokenHandle=0x3c8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18cf80 | out: TokenInformation=0x0, ReturnLength=0x18cf80) returned 0
[0176.830] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0xfffb38
[0176.830] GetTokenInformation (in: TokenHandle=0x3c8, TokenInformationClass=0x1, TokenInformation=0xfffb38, TokenInformationLength=0x24, ReturnLength=0x18cf80 | out: TokenInformation=0xfffb38, ReturnLength=0x18cf80) returned 1
[0176.831] LocalFree (hMem=0xfffb38) returned 0x0
[0176.831] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ce9c, DesiredAccess=0x800, PolicyHandle=0x18ce5c | out: PolicyHandle=0x18ce5c) returned 0x0
[0176.832] LsaLookupSids (in: PolicyHandle=0xffcf58, Count=0x1, Sids=0x281152c*=0x28114d0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), ReferencedDomains=0x18ce78, Names=0x18ce6c | out: ReferencedDomains=0x18ce78, Names=0x18ce6c) returned 0x0
[0176.833] LsaClose (ObjectHandle=0xffcf58) returned 0x0
[0176.833] LsaFreeMemory (Buffer=0xfe0df0) returned 0x0
[0176.833] LsaFreeMemory (Buffer=0xffa850) returned 0x0
[0176.834] CoTaskMemAlloc (cb=0x20c) returned 0xfe21e0
[0176.834] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xfe21e0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25
[0176.834] CoTaskMemFree (pv=0xfe21e0)
[0176.834] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x18ca74, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16
[0176.835] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x18ca88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0176.836] CoTaskMemAlloc (cb=0x20c) returned 0xfe21e0
[0176.836] GetTempFileNameW (in: lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0xfe21e0 | out: lpTempFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp16b3.tmp")) returned 0x16b3
[0176.837] CoTaskMemFree (pv=0xfe21e0)
[0176.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp", nBufferLength=0x105, lpBuffer=0x18c93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp", lpFilePart=0x0) returned 0x34
[0176.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ce74) returned 1
[0176.840] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp16b3.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3b4
[0176.840] GetFileType (hFile=0x3b4) returned 0x1
[0176.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ce70) returned 1
[0176.840] GetFileType (hFile=0x3b4) returned 0x1
[0176.842] WriteFile (in: hFile=0x3b4, lpBuffer=0x281543c*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x18cf00, lpOverlapped=0x0 | out: lpBuffer=0x281543c*, lpNumberOfBytesWritten=0x18cf00*=0x63b, lpOverlapped=0x0) returned 1
[0176.843] CloseHandle (hObject=0x3b4) returned 1
[0176.849] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0xfee9e0
[0176.849] LocalAlloc (uFlags=0x0, uBytes=0xb4) returned 0xfdd170
[0176.849] ShellExecuteExW (in: pExecInfo=0x28166dc*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\IFNGRZH\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x28166dc*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\IFNGRZH\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4e0)) returned 1
[0177.547] LocalFree (hMem=0xfee9e0) returned 0x0
[0177.547] LocalFree (hMem=0xfdd170) returned 0x0
[0177.557] GetCurrentProcess () returned 0xffffffff
[0177.557] GetCurrentProcess () returned 0xffffffff
[0177.558] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x18cf54, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x18cf54*=0x478) returned 1
[0177.562] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x18cf4c*=0x478, lpdwindex=0x18cd6c | out: lpdwindex=0x18cd6c) returned 0x0
[0182.339] CloseHandle (hObject=0x478) returned 1
[0182.340] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp", nBufferLength=0x105, lpBuffer=0x18ca98, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp", lpFilePart=0x0) returned 0x34
[0182.341] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp16b3.tmp")) returned 1
[0182.795] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3400, lpName=0x0) returned 0x478
[0182.796] memcpy (in: _Dst=0x7b90000, _Src=0x2878660, _Size=0x3400 | out: _Dst=0x7b90000) returned 0x7b90000
[0182.796] CloseHandle (hObject=0x478) returned 1
[0183.185] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x24200, lpName=0x0) returned 0x478
[0183.185] memcpy (in: _Dst=0x7ed0000, _Src=0x38c06d8, _Size=0x24200 | out: _Dst=0x7ed0000) returned 0x7ed0000
[0183.187] CloseHandle (hObject=0x478) returned 1
[0183.372] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", nBufferLength=0x105, lpBuffer=0x18c9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", lpFilePart=0x0) returned 0x62
[0183.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x18c46c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0183.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", cchWideChar=98, lpMultiByteStr=0x18cbd8, cbMultiByte=100, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exeÉ\x04/÷t#(úønÌÔ\x18", lpUsedDefaultChar=0x0) returned 98
[0183.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x18cbd4, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="üÆÉ\x04C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", lpUsedDefaultChar=0x0) returned 0
[0183.464] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18cc98*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18d020 | out: lpCommandLine="", lpProcessInformation=0x18d020*(hProcess=0x414, hThread=0x478, dwProcessId=0x11cc, dwThreadId=0x11ac)) returned 1
[0183.489] CoTaskMemFree (pv=0x0)
[0183.490] GetThreadContext (in: hThread=0x478, lpContext=0x28c1794 | out: lpContext=0x28c1794*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x3c3000, Edx=0x0, Ecx=0x0, Eax=0x66cd7e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0183.542] ReadProcessMemory (in: hProcess=0x414, lpBaseAddress=0x3c3008, lpBuffer=0x18d010, nSize=0x4, lpNumberOfBytesRead=0x18d054 | out: lpBuffer=0x18d010*, lpNumberOfBytesRead=0x18d054*=0x4) returned 1
[0183.542] VirtualAllocEx (hProcess=0x414, lpAddress=0x400000, dwSize=0x26000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0183.543] WriteProcessMemory (in: hProcess=0x414, lpBaseAddress=0x400000, lpBuffer=0x3904918*, nSize=0x200, lpNumberOfBytesWritten=0x18d054 | out: lpBuffer=0x3904918*, lpNumberOfBytesWritten=0x18d054*=0x200) returned 1
[0183.553] WriteProcessMemory (in: hProcess=0x414, lpBaseAddress=0x402000, lpBuffer=0x3924938*, nSize=0x1ea00, lpNumberOfBytesWritten=0x18d054 | out: lpBuffer=0x3924938*, lpNumberOfBytesWritten=0x18d054*=0x1ea00) returned 1
[0190.708] WriteProcessMemory (in: hProcess=0x414, lpBaseAddress=0x422000, lpBuffer=0x295912c*, nSize=0x1200, lpNumberOfBytesWritten=0x18d054 | out: lpBuffer=0x295912c*, lpNumberOfBytesWritten=0x18d054*=0x1200) returned 1
[0190.716] WriteProcessMemory (in: hProcess=0x414, lpBaseAddress=0x424000, lpBuffer=0x295a338*, nSize=0x200, lpNumberOfBytesWritten=0x18d054 | out: lpBuffer=0x295a338*, lpNumberOfBytesWritten=0x18d054*=0x200) returned 1
[0190.723] WriteProcessMemory (in: hProcess=0x414, lpBaseAddress=0x3c3008, lpBuffer=0x295a544*, nSize=0x4, lpNumberOfBytesWritten=0x18d054 | out: lpBuffer=0x295a544*, lpNumberOfBytesWritten=0x18d054*=0x4) returned 1
[0190.732] SetThreadContext (hThread=0x478, lpContext=0x28c1794*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x3c3000, Edx=0x0, Ecx=0x0, Eax=0x4207fe, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0190.733] ResumeThread (hThread=0x478) returned 0x1
[0190.954] CoGetContextToken (in: pToken=0x18d478 | out: pToken=0x18d478) returned 0x0
[0190.954] CObjectContext::QueryInterface () returned 0x0
[0190.954] CObjectContext::GetCurrentThreadType () returned 0x0
[0190.954] Release () returned 0x3
[0190.955] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0xf565e8*=0x14c, lpdwindex=0x18d31c | out: lpdwindex=0x18d31c) returned 0x0
Thread:
id = 2
os_tid = 0xd18
Thread:
id = 3
os_tid = 0xd14
Thread:
id = 4
os_tid = 0xd10
[0124.239] CoGetContextToken (in: pToken=0xb8f624 | out: pToken=0xb8f624) returned 0x800401f0
[0124.239] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0124.239] RoInitialize () returned 0x1
[0124.239] RoUninitialize () returned 0x0
[0190.989] SetWindowLongW (hWnd=0xc003e, nIndex=-4, dwNewLong=1943341024) returned 40633830
[0190.992] SetClassLongW (hWnd=0xc003e, nIndex=-24, dwNewLong=1943341024) returned 0x26c05be
[0190.992] PostMessageW (hWnd=0xc003e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0190.993] GetModuleHandleW (lpModuleName=0x0) returned 0xda0000
[0190.994] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", hInstance=0xda0000) returned 0
[0190.994] EtwEventUnregister (RegHandle=0xf8a640) returned 0x0
[0191.189] CloseHandle (hObject=0x270) returned 1
[0191.202] RestoreDC (hdc=0x69010807, nSavedDC=-1) returned 1
[0191.203] DeleteDC (hdc=0x69010807) returned 1
[0191.204] DeleteObject (ho=0x1a0a092f) returned 1
[0191.205] GdipDisposeImage (image=0x5ccf268) returned 0x0
[0191.215] DeleteObject (ho=0x4b0a0932) returned 1
[0191.215] GdipDeleteFont (font=0x4c8efc0) returned 0x0
[0191.219] CloseHandle (hObject=0x2d4) returned 1
[0191.219] CloseHandle (hObject=0x3c8) returned 1
[0191.220] CloseHandle (hObject=0x4f4) returned 1
[0191.220] CloseHandle (hObject=0x3b0) returned 1
[0191.225] CloseHandle (hObject=0x4e0) returned 1
[0191.227] CloseHandle (hObject=0x3d0) returned 1
[0191.227] RegCloseKey (hKey=0x80000004) returned 0x0
Thread:
id = 5
os_tid = 0xcf4
Thread:
id = 6
os_tid = 0x108c
Thread:
id = 7
os_tid = 0x1088
Thread:
id = 8
os_tid = 0x10d4
[0174.277] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0174.277] RoInitialize () returned 0x1
[0174.277] RoUninitialize () returned 0x0
[0175.752] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x7dced1c | out: lpLuid=0x7dced1c*(LowPart=0x14, HighPart=0)) returned 1
[0175.757] GetCurrentProcess () returned 0xffffffff
[0175.757] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x7dced18 | out: TokenHandle=0x7dced18*=0x300) returned 1
[0175.758] AdjustTokenPrivileges (in: TokenHandle=0x300, DisableAllPrivileges=0, NewState=0x27e5568*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0175.758] CloseHandle (hObject=0x300) returned 1
[0175.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3838fa8, Length=0x20000, ResultLength=0x7dcf400 | out: SystemInformation=0x3838fa8, ResultLength=0x7dcf400*=0x149a8) returned 0x0
[0179.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3838fa8, Length=0x20000, ResultLength=0x7dcf400 | out: SystemInformation=0x3838fa8, ResultLength=0x7dcf400*=0x151d8) returned 0x0
[0181.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3838fa8, Length=0x20000, ResultLength=0x7dcf400 | out: SystemInformation=0x3838fa8, ResultLength=0x7dcf400*=0x15318) returned 0x0
[0183.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3838fa8, Length=0x20000, ResultLength=0x7dcf400 | out: SystemInformation=0x3838fa8, ResultLength=0x7dcf400*=0x15150) returned 0x0
[0185.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3838fa8, Length=0x20000, ResultLength=0x7dcf400 | out: SystemInformation=0x3838fa8, ResultLength=0x7dcf400*=0x15150) returned 0x0
[0187.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3838fa8, Length=0x20000, ResultLength=0x7dcf400 | out: SystemInformation=0x3838fa8, ResultLength=0x7dcf400*=0x15150) returned 0x0
[0189.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3838fa8, Length=0x20000, ResultLength=0x7dcf400 | out: SystemInformation=0x3838fa8, ResultLength=0x7dcf400*=0x15190) returned 0x0
Thread:
id = 9
os_tid = 0x1250
Thread:
id = 10
os_tid = 0x1260
Thread:
id = 11
os_tid = 0x124c
Thread:
id = 12
os_tid = 0x1258
Thread:
id = 103
os_tid = 0x12b8
[0190.892] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0190.892] RoInitialize () returned 0x1
[0190.892] RoUninitialize () returned 0x0
[0190.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3838fa8, Length=0x20000, ResultLength=0x859f650 | out: SystemInformation=0x3838fa8, ResultLength=0x859f650*=0x15210) returned 0x0
Thread:
id = 105
os_tid = 0x22c
Process:
id = "2"
image_name = "powershell.exe"
filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x788c9000"
os_pid = "0x126c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xd2c"
cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f188" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 534
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 535
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 536
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 537
start_va = 0x90000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 538
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 539
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 540
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 541
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 542
start_va = 0xa40000
end_va = 0xa41fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a40000"
filename = ""
Region:
id = 543
start_va = 0xa60000
end_va = 0xad0fff
monitored = 0
entry_point = 0xa69c00
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 544
start_va = 0xae0000
end_va = 0x4adffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ae0000"
filename = ""
Region:
id = 545
start_va = 0x770a0000
end_va = 0x7721afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 546
start_va = 0x7f720000
end_va = 0x7f742fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f720000"
filename = ""
Region:
id = 547
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 548
start_va = 0x7fff0000
end_va = 0x7df871dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 549
start_va = 0x7df871e00000
end_va = 0x7ff871dfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df871e00000"
filename = ""
Region:
id = 550
start_va = 0x7ff871e00000
end_va = 0x7ff871fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 551
start_va = 0x7ff871fc1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ff871fc1000"
filename = ""
Region:
id = 552
start_va = 0x100000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 553
start_va = 0x53800000
end_va = 0x5384ffff
monitored = 0
entry_point = 0x53818180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 554
start_va = 0x53850000
end_va = 0x538c9fff
monitored = 0
entry_point = 0x53863290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 573
start_va = 0x75a70000
end_va = 0x75b4ffff
monitored = 0
entry_point = 0x75a83980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 574
start_va = 0x537f0000
end_va = 0x537f7fff
monitored = 0
entry_point = 0x537f17c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 575
start_va = 0x4ae0000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 576
start_va = 0x75a70000
end_va = 0x75b4ffff
monitored = 0
entry_point = 0x75a83980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 577
start_va = 0x75250000
end_va = 0x753cdfff
monitored = 0
entry_point = 0x75301b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 578
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 579
start_va = 0x7f620000
end_va = 0x7f71ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f620000"
filename = ""
Region:
id = 726
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 727
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 728
start_va = 0xa40000
end_va = 0xa43fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a40000"
filename = ""
Region:
id = 729
start_va = 0x75820000
end_va = 0x7589afff
monitored = 0
entry_point = 0x7583e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 730
start_va = 0x75cf0000
end_va = 0x75dadfff
monitored = 0
entry_point = 0x75d25630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 731
start_va = 0x400000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 732
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 733
start_va = 0x75520000
end_va = 0x75563fff
monitored = 0
entry_point = 0x75539d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 734
start_va = 0x76650000
end_va = 0x766fcfff
monitored = 0
entry_point = 0x76664f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 735
start_va = 0x73dd0000
end_va = 0x73dedfff
monitored = 0
entry_point = 0x73ddb640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 736
start_va = 0x73dc0000
end_va = 0x73dc9fff
monitored = 0
entry_point = 0x73dc2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 737
start_va = 0x767a0000
end_va = 0x767f7fff
monitored = 0
entry_point = 0x767e25c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 755
start_va = 0x76fb0000
end_va = 0x7709afff
monitored = 0
entry_point = 0x76fed650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 756
start_va = 0x6f910000
end_va = 0x6f927fff
monitored = 0
entry_point = 0x6f914820
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll")
Region:
id = 757
start_va = 0x753d0000
end_va = 0x75516fff
monitored = 0
entry_point = 0x753e1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 758
start_va = 0x75db0000
end_va = 0x75efefff
monitored = 0
entry_point = 0x75e66820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 759
start_va = 0x758a0000
end_va = 0x75a5cfff
monitored = 0
entry_point = 0x75982a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 760
start_va = 0x76700000
end_va = 0x76791fff
monitored = 0
entry_point = 0x76738cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 761
start_va = 0x6f940000
end_va = 0x6f998fff
monitored = 1
entry_point = 0x6f950780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 762
start_va = 0x4ae0000
end_va = 0x4b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 763
start_va = 0x4c10000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c10000"
filename = ""
Region:
id = 764
start_va = 0x480000
end_va = 0x607fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 765
start_va = 0x4b10000
end_va = 0x4b39fff
monitored = 0
entry_point = 0x4b15680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 766
start_va = 0x757f0000
end_va = 0x7581afff
monitored = 0
entry_point = 0x757f5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 767
start_va = 0x610000
end_va = 0x790fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 768
start_va = 0xa50000
end_va = 0xa52fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 769
start_va = 0x4d10000
end_va = 0x610ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004d10000"
filename = ""
Region:
id = 770
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 771
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 772
start_va = 0x4b10000
end_va = 0x4b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b10000"
filename = ""
Region:
id = 789
start_va = 0x6f670000
end_va = 0x6f6ecfff
monitored = 1
entry_point = 0x6f680db0
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 793
start_va = 0x75bb0000
end_va = 0x75bf4fff
monitored = 0
entry_point = 0x75bcde90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 798
start_va = 0x75a60000
end_va = 0x75a6bfff
monitored = 0
entry_point = 0x75a63930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 799
start_va = 0x6f930000
end_va = 0x6f937fff
monitored = 0
entry_point = 0x6f9317b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 801
start_va = 0x6ef80000
end_va = 0x6f660fff
monitored = 1
entry_point = 0x6efacd70
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 802
start_va = 0x6ee80000
end_va = 0x6ef74fff
monitored = 0
entry_point = 0x6eed4160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 1166
start_va = 0x4ae0000
end_va = 0x4ae0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004ae0000"
filename = ""
Region:
id = 1167
start_va = 0x4b00000
end_va = 0x4b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b00000"
filename = ""
Region:
id = 1168
start_va = 0x4af0000
end_va = 0x4afffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004af0000"
filename = ""
Region:
id = 1169
start_va = 0x4b10000
end_va = 0x4b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b10000"
filename = ""
Region:
id = 1170
start_va = 0x4b80000
end_va = 0x4b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b80000"
filename = ""
Region:
id = 1171
start_va = 0x4b20000
end_va = 0x4b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b20000"
filename = ""
Region:
id = 1172
start_va = 0x4b30000
end_va = 0x4b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b30000"
filename = ""
Region:
id = 1173
start_va = 0x4b40000
end_va = 0x4b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b40000"
filename = ""
Region:
id = 1174
start_va = 0x4b50000
end_va = 0x4b5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b50000"
filename = ""
Region:
id = 1175
start_va = 0x4b60000
end_va = 0x4b60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b60000"
filename = ""
Region:
id = 1176
start_va = 0x4b70000
end_va = 0x4b70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b70000"
filename = ""
Region:
id = 1177
start_va = 0x6110000
end_va = 0x624ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006110000"
filename = ""
Region:
id = 1178
start_va = 0x4b90000
end_va = 0x4c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b90000"
filename = ""
Region:
id = 1179
start_va = 0x7a0000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 1180
start_va = 0x7e0000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 1181
start_va = 0x4b90000
end_va = 0x4b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b90000"
filename = ""
Region:
id = 1182
start_va = 0x4c00000
end_va = 0x4c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c00000"
filename = ""
Region:
id = 1183
start_va = 0x6250000
end_va = 0x824ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006250000"
filename = ""
Region:
id = 1184
start_va = 0x4b90000
end_va = 0x4baffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b90000"
filename = ""
Region:
id = 1185
start_va = 0x820000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 1186
start_va = 0x860000
end_va = 0x89ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 1189
start_va = 0x8250000
end_va = 0x8586fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1191
start_va = 0x6dbc0000
end_va = 0x6ee71fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")
Region:
id = 1193
start_va = 0x8590000
end_va = 0x870ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008590000"
filename = ""
Region:
id = 1207
start_va = 0x4bb0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bb0000"
filename = ""
Region:
id = 1237
start_va = 0x6d170000
end_va = 0x6db3bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")
Region:
id = 1238
start_va = 0x6b7b0000
end_va = 0x6bed0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")
Region:
id = 1239
start_va = 0x6b720000
end_va = 0x6b7a2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Pb378ec07#\\c3373939e7c94b541b901780981fd0cc\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.pb378ec07#\\c3373939e7c94b541b901780981fd0cc\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1240
start_va = 0x710d0000
end_va = 0x710e2fff
monitored = 0
entry_point = 0x710d9950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1241
start_va = 0x70100000
end_va = 0x7012efff
monitored = 0
entry_point = 0x701195e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1242
start_va = 0x71410000
end_va = 0x7142afff
monitored = 0
entry_point = 0x71419050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1243
start_va = 0x69e60000
end_va = 0x6b715fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Manaa57fc8cc#\\ac360ee7d819131e00d9de15ca78e746\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.manaa57fc8cc#\\ac360ee7d819131e00d9de15ca78e746\\system.management.automation.ni.dll")
Region:
id = 1244
start_va = 0x6110000
end_va = 0x6171fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 1245
start_va = 0x6240000
end_va = 0x624ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006240000"
filename = ""
Region:
id = 1314
start_va = 0x4bc0000
end_va = 0x4bc4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll")
Region:
id = 1315
start_va = 0x4bd0000
end_va = 0x4bdffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui")
Region:
id = 1316
start_va = 0x76800000
end_va = 0x76805fff
monitored = 0
entry_point = 0x76801460
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1317
start_va = 0x8a0000
end_va = 0x99ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 1387
start_va = 0x6c220000
end_va = 0x6c264fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.numerics.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Numerics\\d3d95e1e349be37505587e7fee918881\\System.Numerics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.numerics\\d3d95e1e349be37505587e7fee918881\\system.numerics.ni.dll")
Region:
id = 1388
start_va = 0x4be0000
end_va = 0x4beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004be0000"
filename = ""
Region:
id = 1393
start_va = 0x6c0b0000
end_va = 0x6c129fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.management.infrastructure.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Mf49f6405#\\5edeb849552a1a53cfc131825d3f494c\\Microsoft.Management.Infrastructure.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.mf49f6405#\\5edeb849552a1a53cfc131825d3f494c\\microsoft.management.infrastructure.ni.dll")
Region:
id = 1401
start_va = 0x69620000
end_va = 0x69d3dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")
Region:
id = 1409
start_va = 0x4bf0000
end_va = 0x4bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bf0000"
filename = ""
Region:
id = 1410
start_va = 0x6bf50000
end_va = 0x6c06cfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.directoryservices.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dired13b18a9#\\883582fb4e073bf0dfad214569e4200f\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dired13b18a9#\\883582fb4e073bf0dfad214569e4200f\\system.directoryservices.ni.dll")
Region:
id = 1411
start_va = 0x69500000
end_va = 0x6961cfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\98d3949f9ba1a384939805aa5e47e933\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\98d3949f9ba1a384939805aa5e47e933\\system.management.ni.dll")
Region:
id = 1425
start_va = 0x6180000
end_va = 0x618ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006180000"
filename = ""
Region:
id = 1435
start_va = 0x6190000
end_va = 0x619ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006190000"
filename = ""
Region:
id = 1500
start_va = 0x61a0000
end_va = 0x61affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000061a0000"
filename = ""
Region:
id = 1552
start_va = 0x61b0000
end_va = 0x61bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000061b0000"
filename = ""
Thread:
id = 13
os_tid = 0x1274
Thread:
id = 23
os_tid = 0x1144
Thread:
id = 100
os_tid = 0x1cc
Thread:
id = 101
os_tid = 0x11d0
Process:
id = "3"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x684d8000"
os_pid = "0x1254"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xd2c"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\IFNGRZH\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f188" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 555
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 556
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 557
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 558
start_va = 0x90000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 559
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 560
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 561
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 562
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 563
start_va = 0x7e0000
end_va = 0x7e1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 564
start_va = 0xc10000
end_va = 0xc41fff
monitored = 1
entry_point = 0xc305b0
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 565
start_va = 0xc50000
end_va = 0x4c4ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c50000"
filename = ""
Region:
id = 566
start_va = 0x770a0000
end_va = 0x7721afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 567
start_va = 0x7fb80000
end_va = 0x7fba2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007fb80000"
filename = ""
Region:
id = 568
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 569
start_va = 0x7fff0000
end_va = 0x7df871dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 570
start_va = 0x7df871e00000
end_va = 0x7ff871dfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df871e00000"
filename = ""
Region:
id = 571
start_va = 0x7ff871e00000
end_va = 0x7ff871fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 572
start_va = 0x7ff871fc1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ff871fc1000"
filename = ""
Region:
id = 614
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 615
start_va = 0x53800000
end_va = 0x5384ffff
monitored = 0
entry_point = 0x53818180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 616
start_va = 0x53850000
end_va = 0x538c9fff
monitored = 0
entry_point = 0x53863290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 617
start_va = 0x75a70000
end_va = 0x75b4ffff
monitored = 0
entry_point = 0x75a83980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 618
start_va = 0x537f0000
end_va = 0x537f7fff
monitored = 0
entry_point = 0x537f17c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 625
start_va = 0x7f0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 626
start_va = 0x75a70000
end_va = 0x75b4ffff
monitored = 0
entry_point = 0x75a83980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 627
start_va = 0x75250000
end_va = 0x753cdfff
monitored = 0
entry_point = 0x75301b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 628
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 629
start_va = 0x7fa80000
end_va = 0x7fb7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007fa80000"
filename = ""
Region:
id = 773
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 774
start_va = 0x7e0000
end_va = 0x7e3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 775
start_va = 0x75cf0000
end_va = 0x75dadfff
monitored = 0
entry_point = 0x75d25630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 776
start_va = 0x1c0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 777
start_va = 0x400000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 778
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 779
start_va = 0x76700000
end_va = 0x76791fff
monitored = 0
entry_point = 0x76738cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 780
start_va = 0x758a0000
end_va = 0x75a5cfff
monitored = 0
entry_point = 0x75982a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 781
start_va = 0x76650000
end_va = 0x766fcfff
monitored = 0
entry_point = 0x76664f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 782
start_va = 0x73dd0000
end_va = 0x73dedfff
monitored = 0
entry_point = 0x73ddb640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 783
start_va = 0x73dc0000
end_va = 0x73dc9fff
monitored = 0
entry_point = 0x73dc2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 784
start_va = 0x767a0000
end_va = 0x767f7fff
monitored = 0
entry_point = 0x767e25c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 785
start_va = 0x75520000
end_va = 0x75563fff
monitored = 0
entry_point = 0x75539d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 786
start_va = 0x9d0000
end_va = 0xb4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 787
start_va = 0x9d0000
end_va = 0xab9fff
monitored = 0
entry_point = 0xa0d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 788
start_va = 0xb40000
end_va = 0xb4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b40000"
filename = ""
Region:
id = 790
start_va = 0x7f0000
end_va = 0x802fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 791
start_va = 0x8d0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 792
start_va = 0x4c50000
end_va = 0x4f86fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 794
start_va = 0x75a60000
end_va = 0x75a6bfff
monitored = 0
entry_point = 0x75a63930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 795
start_va = 0x810000
end_va = 0x810fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 796
start_va = 0x75620000
end_va = 0x756a3fff
monitored = 0
entry_point = 0x75646220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 797
start_va = 0x820000
end_va = 0x820fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000820000"
filename = ""
Region:
id = 800
start_va = 0x6be50000
end_va = 0x6bedbfff
monitored = 0
entry_point = 0x6be8a6c0
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 14
os_tid = 0x1270
[0180.148] GetModuleHandleA (lpModuleName=0x0) returned 0xc10000
[0180.148] __set_app_type (_Type=0x1)
[0180.149] __p__fmode () returned 0x75da4d6c
[0180.149] __p__commode () returned 0x75da5b1c
[0180.149] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xc30840) returned 0x0
[0180.149] __wgetmainargs (in: _Argc=0xc3ade0, _Argv=0xc3ade4, _Env=0xc3ade8, _DoWildCard=0, _StartInfo=0xc3adf4 | out: _Argc=0xc3ade0, _Argv=0xc3ade4, _Env=0xc3ade8) returned 0
[0180.149] _onexit (_Func=0xc32bc0) returned 0xc32bc0
[0180.150] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0180.150] WinSqmIsOptedIn () returned 0x0
[0180.150] GetProcessHeap () returned 0x8d0000
[0180.150] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d7598
[0180.150] RtlRestoreLastWin32Error () returned 0x0
[0180.150] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0180.150] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0180.150] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0180.151] RtlVerifyVersionInfo (VersionInfo=0xcf6f8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d7448
[0180.151] lstrlenW (lpString="") returned 0
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x2) returned 0x8d0598
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d6f18
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d74d8
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d8710
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d8730
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d6ce0
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d6d00
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d75b0
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d6d20
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d6910
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d6930
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.151] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d6950
[0180.151] GetProcessHeap () returned 0x8d0000
[0180.152] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d73e8
[0180.152] GetProcessHeap () returned 0x8d0000
[0180.152] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d66a8
[0180.152] GetProcessHeap () returned 0x8d0000
[0180.152] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d66c8
[0180.152] GetProcessHeap () returned 0x8d0000
[0180.152] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d66e8
[0180.152] GetProcessHeap () returned 0x8d0000
[0180.152] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d2858
[0180.152] SetThreadUILanguage (LangId=0x0) returned 0x409
[0180.194] RtlRestoreLastWin32Error () returned 0x0
[0180.195] GetProcessHeap () returned 0x8d0000
[0180.195] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9728
[0180.195] GetProcessHeap () returned 0x8d0000
[0180.195] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d95c8
[0180.195] GetProcessHeap () returned 0x8d0000
[0180.195] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9628
[0180.195] GetProcessHeap () returned 0x8d0000
[0180.195] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9608
[0180.195] GetProcessHeap () returned 0x8d0000
[0180.195] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9788
[0180.195] GetProcessHeap () returned 0x8d0000
[0180.195] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d7400
[0180.195] _memicmp (_Buf1=0x8d7400, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.195] GetProcessHeap () returned 0x8d0000
[0180.195] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x208) returned 0x8d8e00
[0180.195] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x8d8e00, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0180.195] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xcf804 | out: lpdwHandle=0xcf804) returned 0x76c
[0180.199] GetProcessHeap () returned 0x8d0000
[0180.199] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x776) returned 0x8da090
[0180.199] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x8da090 | out: lpData=0x8da090) returned 1
[0180.199] VerQueryValueW (in: pBlock=0x8da090, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcf80c, puLen=0xcf810 | out: lplpBuffer=0xcf80c*=0x8da440, puLen=0xcf810) returned 1
[0180.201] _memicmp (_Buf1=0x8d7400, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.201] _vsnwprintf (in: _Buffer=0x8d8e00, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xcf7f0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0180.201] VerQueryValueW (in: pBlock=0x8da090, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xcf81c, puLen=0xcf818 | out: lplpBuffer=0xcf81c*=0x8da270, puLen=0xcf818) returned 1
[0180.201] lstrlenW (lpString="schtasks.exe") returned 12
[0180.201] lstrlenW (lpString="schtasks.exe") returned 12
[0180.201] lstrlenW (lpString=".EXE") returned 4
[0180.201] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0180.202] lstrlenW (lpString="schtasks.exe") returned 12
[0180.202] lstrlenW (lpString=".EXE") returned 4
[0180.202] _memicmp (_Buf1=0x8d7400, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.202] lstrlenW (lpString="schtasks") returned 8
[0180.202] GetProcessHeap () returned 0x8d0000
[0180.202] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9448
[0180.202] GetProcessHeap () returned 0x8d0000
[0180.202] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9768
[0180.202] GetProcessHeap () returned 0x8d0000
[0180.202] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9488
[0180.202] GetProcessHeap () returned 0x8d0000
[0180.202] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d97a8
[0180.202] GetProcessHeap () returned 0x8d0000
[0180.202] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d7508
[0180.203] _memicmp (_Buf1=0x8d7508, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.203] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0xa0) returned 0x8d9010
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.203] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9668
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.203] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d97c8
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.203] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9508
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.203] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d7520
[0180.203] _memicmp (_Buf1=0x8d7520, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.203] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x200) returned 0x8da940
[0180.203] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x8da940, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0180.203] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.203] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x30) returned 0x8d2660
[0180.203] _vsnwprintf (in: _Buffer=0x8d9010, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xcf7f4 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.203] GetProcessHeap () returned 0x8d0000
[0180.204] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8da090) returned 1
[0180.204] GetProcessHeap () returned 0x8d0000
[0180.204] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8da090) returned 0x776
[0180.204] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8da090) returned 1
[0180.204] RtlRestoreLastWin32Error () returned 0x0
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] lstrlenW (lpString="?") returned 1
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] lstrlenW (lpString="create") returned 6
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] lstrlenW (lpString="delete") returned 6
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] lstrlenW (lpString="query") returned 5
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] lstrlenW (lpString="change") returned 6
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] lstrlenW (lpString="run") returned 3
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] lstrlenW (lpString="end") returned 3
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] lstrlenW (lpString="showsid") returned 7
[0180.205] GetThreadLocale () returned 0x409
[0180.205] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.205] RtlRestoreLastWin32Error () returned 0x0
[0180.206] RtlRestoreLastWin32Error () returned 0x0
[0180.206] lstrlenW (lpString="/Create") returned 7
[0180.206] lstrlenW (lpString="-/") returned 2
[0180.206] StrChrIW (lpStart="-/", wMatch=0xb4002f) returned="/"
[0180.206] lstrlenW (lpString="?") returned 1
[0180.206] lstrlenW (lpString="?") returned 1
[0180.206] GetProcessHeap () returned 0x8d0000
[0180.206] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d7460
[0180.206] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.206] GetProcessHeap () returned 0x8d0000
[0180.206] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0xa) returned 0x8d7478
[0180.206] lstrlenW (lpString="Create") returned 6
[0180.206] GetProcessHeap () returned 0x8d0000
[0180.206] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d7538
[0180.206] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.206] GetProcessHeap () returned 0x8d0000
[0180.206] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9688
[0180.206] _vsnwprintf (in: _Buffer=0x8d7478, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|?|") returned 3
[0180.206] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|Create|") returned 8
[0180.206] lstrlenW (lpString="|?|") returned 3
[0180.206] lstrlenW (lpString="|Create|") returned 8
[0180.206] RtlRestoreLastWin32Error () returned 0x490
[0180.206] lstrlenW (lpString="create") returned 6
[0180.207] lstrlenW (lpString="create") returned 6
[0180.207] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.207] GetProcessHeap () returned 0x8d0000
[0180.207] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7478) returned 1
[0180.207] GetProcessHeap () returned 0x8d0000
[0180.207] RtlReAllocateHeap (Heap=0x8d0000, Flags=0xc, Ptr=0x8d7478, Size=0x14) returned 0x8d9808
[0180.207] lstrlenW (lpString="Create") returned 6
[0180.207] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.207] _vsnwprintf (in: _Buffer=0x8d9808, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|create|") returned 8
[0180.207] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|Create|") returned 8
[0180.207] lstrlenW (lpString="|create|") returned 8
[0180.207] lstrlenW (lpString="|Create|") returned 8
[0180.207] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0180.207] RtlRestoreLastWin32Error () returned 0x0
[0180.207] RtlRestoreLastWin32Error () returned 0x0
[0180.207] RtlRestoreLastWin32Error () returned 0x0
[0180.207] lstrlenW (lpString="/TN") returned 3
[0180.207] lstrlenW (lpString="-/") returned 2
[0180.207] StrChrIW (lpStart="-/", wMatch=0xb4002f) returned="/"
[0180.207] lstrlenW (lpString="?") returned 1
[0180.207] lstrlenW (lpString="?") returned 1
[0180.207] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.207] lstrlenW (lpString="TN") returned 2
[0180.207] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.207] _vsnwprintf (in: _Buffer=0x8d9808, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|?|") returned 3
[0180.207] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4
[0180.207] lstrlenW (lpString="|?|") returned 3
[0180.207] lstrlenW (lpString="|TN|") returned 4
[0180.207] RtlRestoreLastWin32Error () returned 0x490
[0180.208] lstrlenW (lpString="create") returned 6
[0180.208] lstrlenW (lpString="create") returned 6
[0180.208] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.208] lstrlenW (lpString="TN") returned 2
[0180.208] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.208] _vsnwprintf (in: _Buffer=0x8d9808, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|create|") returned 8
[0180.208] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4
[0180.208] lstrlenW (lpString="|create|") returned 8
[0180.208] lstrlenW (lpString="|TN|") returned 4
[0180.208] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0180.208] RtlRestoreLastWin32Error () returned 0x490
[0180.208] lstrlenW (lpString="delete") returned 6
[0180.208] lstrlenW (lpString="delete") returned 6
[0180.208] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.208] lstrlenW (lpString="TN") returned 2
[0180.208] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.208] _vsnwprintf (in: _Buffer=0x8d9808, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|delete|") returned 8
[0180.208] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4
[0180.208] lstrlenW (lpString="|delete|") returned 8
[0180.208] lstrlenW (lpString="|TN|") returned 4
[0180.208] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0180.208] RtlRestoreLastWin32Error () returned 0x490
[0180.208] lstrlenW (lpString="query") returned 5
[0180.208] lstrlenW (lpString="query") returned 5
[0180.208] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.208] lstrlenW (lpString="TN") returned 2
[0180.208] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.208] _vsnwprintf (in: _Buffer=0x8d9808, _BufferCount=0x8, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|query|") returned 7
[0180.209] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4
[0180.209] lstrlenW (lpString="|query|") returned 7
[0180.209] lstrlenW (lpString="|TN|") returned 4
[0180.209] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0180.209] RtlRestoreLastWin32Error () returned 0x490
[0180.209] lstrlenW (lpString="change") returned 6
[0180.209] lstrlenW (lpString="change") returned 6
[0180.209] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.209] lstrlenW (lpString="TN") returned 2
[0180.209] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.209] _vsnwprintf (in: _Buffer=0x8d9808, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|change|") returned 8
[0180.209] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4
[0180.209] lstrlenW (lpString="|change|") returned 8
[0180.209] lstrlenW (lpString="|TN|") returned 4
[0180.209] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0180.209] RtlRestoreLastWin32Error () returned 0x490
[0180.209] lstrlenW (lpString="run") returned 3
[0180.209] lstrlenW (lpString="run") returned 3
[0180.209] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.209] lstrlenW (lpString="TN") returned 2
[0180.209] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.209] _vsnwprintf (in: _Buffer=0x8d9808, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|run|") returned 5
[0180.209] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4
[0180.209] lstrlenW (lpString="|run|") returned 5
[0180.209] lstrlenW (lpString="|TN|") returned 4
[0180.209] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0180.209] RtlRestoreLastWin32Error () returned 0x490
[0180.209] lstrlenW (lpString="end") returned 3
[0180.209] lstrlenW (lpString="end") returned 3
[0180.210] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.210] lstrlenW (lpString="TN") returned 2
[0180.210] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.210] _vsnwprintf (in: _Buffer=0x8d9808, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|end|") returned 5
[0180.210] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4
[0180.210] lstrlenW (lpString="|end|") returned 5
[0180.210] lstrlenW (lpString="|TN|") returned 4
[0180.210] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0180.210] RtlRestoreLastWin32Error () returned 0x490
[0180.210] lstrlenW (lpString="showsid") returned 7
[0180.210] lstrlenW (lpString="showsid") returned 7
[0180.210] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.210] GetProcessHeap () returned 0x8d0000
[0180.210] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9808) returned 1
[0180.210] GetProcessHeap () returned 0x8d0000
[0180.210] RtlReAllocateHeap (Heap=0x8d0000, Flags=0xc, Ptr=0x8d9808, Size=0x16) returned 0x8d97e8
[0180.210] lstrlenW (lpString="TN") returned 2
[0180.210] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.210] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0xa, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|showsid|") returned 9
[0180.210] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4
[0180.210] lstrlenW (lpString="|showsid|") returned 9
[0180.210] lstrlenW (lpString="|TN|") returned 4
[0180.210] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0180.210] RtlRestoreLastWin32Error () returned 0x490
[0180.210] RtlRestoreLastWin32Error () returned 0x490
[0180.210] RtlRestoreLastWin32Error () returned 0x0
[0180.210] lstrlenW (lpString="/TN") returned 3
[0180.210] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0180.210] RtlRestoreLastWin32Error () returned 0x490
[0180.210] RtlRestoreLastWin32Error () returned 0x0
[0180.210] lstrlenW (lpString="/TN") returned 3
[0180.211] GetProcessHeap () returned 0x8d0000
[0180.211] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x8) returned 0x8d6d40
[0180.211] GetProcessHeap () returned 0x8d0000
[0180.211] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d96a8
[0180.211] RtlRestoreLastWin32Error () returned 0x0
[0180.211] RtlRestoreLastWin32Error () returned 0x0
[0180.211] lstrlenW (lpString="Updates\\IFNGRZH") returned 15
[0180.211] lstrlenW (lpString="-/") returned 2
[0180.211] StrChrIW (lpStart="-/", wMatch=0xb40055) returned 0x0
[0180.211] RtlRestoreLastWin32Error () returned 0x490
[0180.211] RtlRestoreLastWin32Error () returned 0x490
[0180.211] RtlRestoreLastWin32Error () returned 0x0
[0180.211] lstrlenW (lpString="Updates\\IFNGRZH") returned 15
[0180.211] StrChrIW (lpStart="Updates\\IFNGRZH", wMatch=0x3a) returned 0x0
[0180.211] RtlRestoreLastWin32Error () returned 0x490
[0180.211] RtlRestoreLastWin32Error () returned 0x0
[0180.211] lstrlenW (lpString="Updates\\IFNGRZH") returned 15
[0180.211] GetProcessHeap () returned 0x8d0000
[0180.211] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x20) returned 0x8d28a8
[0180.211] GetProcessHeap () returned 0x8d0000
[0180.211] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d94c8
[0180.211] RtlRestoreLastWin32Error () returned 0x0
[0180.211] RtlRestoreLastWin32Error () returned 0x0
[0180.211] lstrlenW (lpString="/XML") returned 4
[0180.211] lstrlenW (lpString="-/") returned 2
[0180.211] StrChrIW (lpStart="-/", wMatch=0xb4002f) returned="/"
[0180.211] lstrlenW (lpString="?") returned 1
[0180.211] lstrlenW (lpString="?") returned 1
[0180.211] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.211] lstrlenW (lpString="XML") returned 3
[0180.211] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.212] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|?|") returned 3
[0180.212] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|XML|") returned 5
[0180.212] lstrlenW (lpString="|?|") returned 3
[0180.212] lstrlenW (lpString="|XML|") returned 5
[0180.212] RtlRestoreLastWin32Error () returned 0x490
[0180.212] lstrlenW (lpString="create") returned 6
[0180.212] lstrlenW (lpString="create") returned 6
[0180.212] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.212] lstrlenW (lpString="XML") returned 3
[0180.212] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.212] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|create|") returned 8
[0180.212] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|XML|") returned 5
[0180.212] lstrlenW (lpString="|create|") returned 8
[0180.212] lstrlenW (lpString="|XML|") returned 5
[0180.212] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0180.212] RtlRestoreLastWin32Error () returned 0x490
[0180.212] lstrlenW (lpString="delete") returned 6
[0180.212] lstrlenW (lpString="delete") returned 6
[0180.212] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.212] lstrlenW (lpString="XML") returned 3
[0180.212] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.212] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|delete|") returned 8
[0180.212] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|XML|") returned 5
[0180.212] lstrlenW (lpString="|delete|") returned 8
[0180.212] lstrlenW (lpString="|XML|") returned 5
[0180.213] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0180.213] RtlRestoreLastWin32Error () returned 0x490
[0180.213] lstrlenW (lpString="query") returned 5
[0180.213] lstrlenW (lpString="query") returned 5
[0180.213] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.213] lstrlenW (lpString="XML") returned 3
[0180.213] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.213] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x8, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|query|") returned 7
[0180.213] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|XML|") returned 5
[0180.213] lstrlenW (lpString="|query|") returned 7
[0180.213] lstrlenW (lpString="|XML|") returned 5
[0180.213] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0180.213] RtlRestoreLastWin32Error () returned 0x490
[0180.213] lstrlenW (lpString="change") returned 6
[0180.213] lstrlenW (lpString="change") returned 6
[0180.213] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.213] lstrlenW (lpString="XML") returned 3
[0180.213] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.213] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|change|") returned 8
[0180.213] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|XML|") returned 5
[0180.213] lstrlenW (lpString="|change|") returned 8
[0180.213] lstrlenW (lpString="|XML|") returned 5
[0180.213] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0180.213] RtlRestoreLastWin32Error () returned 0x490
[0180.213] lstrlenW (lpString="run") returned 3
[0180.213] lstrlenW (lpString="run") returned 3
[0180.213] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.213] lstrlenW (lpString="XML") returned 3
[0180.213] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.214] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|run|") returned 5
[0180.214] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|XML|") returned 5
[0180.214] lstrlenW (lpString="|run|") returned 5
[0180.214] lstrlenW (lpString="|XML|") returned 5
[0180.214] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0180.214] RtlRestoreLastWin32Error () returned 0x490
[0180.214] lstrlenW (lpString="end") returned 3
[0180.214] lstrlenW (lpString="end") returned 3
[0180.214] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.214] lstrlenW (lpString="XML") returned 3
[0180.214] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.214] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|end|") returned 5
[0180.214] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|XML|") returned 5
[0180.214] lstrlenW (lpString="|end|") returned 5
[0180.214] lstrlenW (lpString="|XML|") returned 5
[0180.214] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0180.214] RtlRestoreLastWin32Error () returned 0x490
[0180.214] lstrlenW (lpString="showsid") returned 7
[0180.214] lstrlenW (lpString="showsid") returned 7
[0180.215] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.215] lstrlenW (lpString="XML") returned 3
[0180.215] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.215] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0xa, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|showsid|") returned 9
[0180.215] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|XML|") returned 5
[0180.215] lstrlenW (lpString="|showsid|") returned 9
[0180.215] lstrlenW (lpString="|XML|") returned 5
[0180.215] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0180.215] RtlRestoreLastWin32Error () returned 0x490
[0180.215] RtlRestoreLastWin32Error () returned 0x490
[0180.215] RtlRestoreLastWin32Error () returned 0x0
[0180.215] lstrlenW (lpString="/XML") returned 4
[0180.215] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0180.215] RtlRestoreLastWin32Error () returned 0x490
[0180.215] RtlRestoreLastWin32Error () returned 0x0
[0180.215] lstrlenW (lpString="/XML") returned 4
[0180.215] GetProcessHeap () returned 0x8d0000
[0180.215] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0xa) returned 0x8d7478
[0180.215] GetProcessHeap () returned 0x8d0000
[0180.215] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9808
[0180.215] RtlRestoreLastWin32Error () returned 0x0
[0180.215] RtlRestoreLastWin32Error () returned 0x0
[0180.215] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.215] lstrlenW (lpString="-/") returned 2
[0180.215] StrChrIW (lpStart="-/", wMatch=0xb40043) returned 0x0
[0180.215] RtlRestoreLastWin32Error () returned 0x490
[0180.215] RtlRestoreLastWin32Error () returned 0x490
[0180.215] RtlRestoreLastWin32Error () returned 0x0
[0180.215] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.215] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp"
[0180.215] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.215] GetProcessHeap () returned 0x8d0000
[0180.216] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8d7550
[0180.216] _memicmp (_Buf1=0x8d7550, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0xc) returned 0x8d7490
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8dad70
[0180.216] _memicmp (_Buf1=0x8dad70, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x6e) returned 0x8daf50
[0180.216] RtlRestoreLastWin32Error () returned 0x7a
[0180.216] RtlRestoreLastWin32Error () returned 0x0
[0180.216] RtlRestoreLastWin32Error () returned 0x0
[0180.216] lstrlenW (lpString="C") returned 1
[0180.216] RtlRestoreLastWin32Error () returned 0x490
[0180.216] RtlRestoreLastWin32Error () returned 0x0
[0180.216] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x6a) returned 0x8d6ab0
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d94e8
[0180.216] RtlRestoreLastWin32Error () returned 0x0
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6d40) returned 1
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6d40) returned 0x8
[0180.216] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6d40) returned 1
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d96a8) returned 1
[0180.216] GetProcessHeap () returned 0x8d0000
[0180.216] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d96a8) returned 0x14
[0180.217] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d96a8) returned 1
[0180.217] GetProcessHeap () returned 0x8d0000
[0180.217] GetProcessHeap () returned 0x8d0000
[0180.217] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d28a8) returned 1
[0180.217] GetProcessHeap () returned 0x8d0000
[0180.217] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d28a8) returned 0x20
[0180.218] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d28a8) returned 1
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d94c8) returned 1
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d94c8) returned 0x14
[0180.218] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d94c8) returned 1
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7478) returned 1
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7478) returned 0xa
[0180.218] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7478) returned 1
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9808) returned 1
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9808) returned 0x14
[0180.218] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9808) returned 1
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6ab0) returned 1
[0180.218] GetProcessHeap () returned 0x8d0000
[0180.218] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6ab0) returned 0x6a
[0180.219] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6ab0) returned 1
[0180.219] GetProcessHeap () returned 0x8d0000
[0180.219] GetProcessHeap () returned 0x8d0000
[0180.219] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d94e8) returned 1
[0180.219] GetProcessHeap () returned 0x8d0000
[0180.219] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d94e8) returned 0x14
[0180.219] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d94e8) returned 1
[0180.219] GetProcessHeap () returned 0x8d0000
[0180.219] GetProcessHeap () returned 0x8d0000
[0180.219] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7598) returned 1
[0180.219] GetProcessHeap () returned 0x8d0000
[0180.219] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7598) returned 0x10
[0180.219] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7598) returned 1
[0180.220] RtlRestoreLastWin32Error () returned 0x0
[0180.220] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0180.220] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0180.220] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0180.220] RtlVerifyVersionInfo (VersionInfo=0xccb60, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0180.220] RtlRestoreLastWin32Error () returned 0x0
[0180.220] lstrlenW (lpString="create") returned 6
[0180.220] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0180.220] RtlRestoreLastWin32Error () returned 0x490
[0180.220] RtlRestoreLastWin32Error () returned 0x0
[0180.220] lstrlenW (lpString="create") returned 6
[0180.220] GetProcessHeap () returned 0x8d0000
[0180.220] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d94c8
[0180.220] GetProcessHeap () returned 0x8d0000
[0180.220] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x10) returned 0x8dac80
[0180.220] _memicmp (_Buf1=0x8dac80, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.221] GetProcessHeap () returned 0x8d0000
[0180.221] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x16) returned 0x8d9468
[0180.221] RtlRestoreLastWin32Error () returned 0x0
[0180.221] _memicmp (_Buf1=0x8d7400, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.221] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x8d8e00, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0180.221] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xccc6c | out: lpdwHandle=0xccc6c) returned 0x76c
[0180.221] GetProcessHeap () returned 0x8d0000
[0180.221] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x776) returned 0x8da090
[0180.221] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x8da090 | out: lpData=0x8da090) returned 1
[0180.221] VerQueryValueW (in: pBlock=0x8da090, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xccc74, puLen=0xccc78 | out: lplpBuffer=0xccc74*=0x8da440, puLen=0xccc78) returned 1
[0180.221] _memicmp (_Buf1=0x8d7400, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.221] _vsnwprintf (in: _Buffer=0x8d8e00, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xccc58 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0180.221] VerQueryValueW (in: pBlock=0x8da090, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xccc84, puLen=0xccc80 | out: lplpBuffer=0xccc84*=0x8da270, puLen=0xccc80) returned 1
[0180.222] lstrlenW (lpString="schtasks.exe") returned 12
[0180.222] lstrlenW (lpString="schtasks.exe") returned 12
[0180.222] lstrlenW (lpString=".EXE") returned 4
[0180.222] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0180.222] lstrlenW (lpString="schtasks.exe") returned 12
[0180.222] lstrlenW (lpString=".EXE") returned 4
[0180.222] lstrlenW (lpString="schtasks") returned 8
[0180.222] lstrlenW (lpString="/create") returned 7
[0180.222] _memicmp (_Buf1=0x8d7400, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.222] _vsnwprintf (in: _Buffer=0x8d8e00, _BufferCount=0x19, _Format="%s %s", _ArgList=0xccc58 | out: _Buffer="schtasks /create") returned 16
[0180.222] _memicmp (_Buf1=0x8d7508, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.222] GetProcessHeap () returned 0x8d0000
[0180.222] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8d9808
[0180.222] _memicmp (_Buf1=0x8d7520, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.222] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x8da940, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0180.222] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0180.222] GetProcessHeap () returned 0x8d0000
[0180.222] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x30) returned 0x8d6658
[0180.222] _vsnwprintf (in: _Buffer=0x8d9010, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xccc5c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0180.222] GetProcessHeap () returned 0x8d0000
[0180.222] GetProcessHeap () returned 0x8d0000
[0180.222] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8da090) returned 1
[0180.222] GetProcessHeap () returned 0x8d0000
[0180.222] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8da090) returned 0x776
[0180.223] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8da090) returned 1
[0180.223] RtlRestoreLastWin32Error () returned 0x0
[0180.223] GetThreadLocale () returned 0x409
[0180.223] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.223] lstrlenW (lpString="create") returned 6
[0180.223] GetThreadLocale () returned 0x409
[0180.223] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="?") returned 1
[0180.224] GetThreadLocale () returned 0x409
[0180.224] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="s") returned 1
[0180.224] GetThreadLocale () returned 0x409
[0180.224] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="u") returned 1
[0180.224] GetThreadLocale () returned 0x409
[0180.224] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="p") returned 1
[0180.224] GetThreadLocale () returned 0x409
[0180.224] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="ru") returned 2
[0180.224] GetThreadLocale () returned 0x409
[0180.224] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="rp") returned 2
[0180.224] GetThreadLocale () returned 0x409
[0180.224] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="sc") returned 2
[0180.224] GetThreadLocale () returned 0x409
[0180.224] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="mo") returned 2
[0180.224] GetThreadLocale () returned 0x409
[0180.224] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.224] lstrlenW (lpString="d") returned 1
[0180.224] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.225] lstrlenW (lpString="m") returned 1
[0180.225] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.225] lstrlenW (lpString="i") returned 1
[0180.225] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.225] lstrlenW (lpString="tn") returned 2
[0180.225] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.225] lstrlenW (lpString="tr") returned 2
[0180.225] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.225] lstrlenW (lpString="st") returned 2
[0180.225] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.225] lstrlenW (lpString="sd") returned 2
[0180.225] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.225] lstrlenW (lpString="ed") returned 2
[0180.225] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.225] lstrlenW (lpString="it") returned 2
[0180.225] GetThreadLocale () returned 0x409
[0180.225] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.226] lstrlenW (lpString="et") returned 2
[0180.226] GetThreadLocale () returned 0x409
[0180.226] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.226] lstrlenW (lpString="k") returned 1
[0180.226] GetThreadLocale () returned 0x409
[0180.226] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.226] lstrlenW (lpString="du") returned 2
[0180.226] GetThreadLocale () returned 0x409
[0180.226] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.226] lstrlenW (lpString="ri") returned 2
[0180.226] GetThreadLocale () returned 0x409
[0180.226] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.226] lstrlenW (lpString="z") returned 1
[0180.226] GetThreadLocale () returned 0x409
[0180.226] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.226] lstrlenW (lpString="f") returned 1
[0180.226] GetThreadLocale () returned 0x409
[0180.226] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.226] lstrlenW (lpString="v1") returned 2
[0180.226] GetThreadLocale () returned 0x409
[0180.226] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.226] lstrlenW (lpString="xml") returned 3
[0180.226] GetThreadLocale () returned 0x409
[0180.226] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.227] lstrlenW (lpString="ec") returned 2
[0180.227] GetThreadLocale () returned 0x409
[0180.227] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.227] lstrlenW (lpString="rl") returned 2
[0180.227] GetThreadLocale () returned 0x409
[0180.227] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.227] lstrlenW (lpString="delay") returned 5
[0180.227] GetThreadLocale () returned 0x409
[0180.227] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.227] lstrlenW (lpString="np") returned 2
[0180.227] GetThreadLocale () returned 0x409
[0180.227] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0180.227] lstrlenW (lpString="hresult") returned 7
[0180.227] RtlRestoreLastWin32Error () returned 0x0
[0180.227] RtlRestoreLastWin32Error () returned 0x0
[0180.227] lstrlenW (lpString="/Create") returned 7
[0180.227] lstrlenW (lpString="-/") returned 2
[0180.227] StrChrIW (lpStart="-/", wMatch=0xb4002f) returned="/"
[0180.227] lstrlenW (lpString="create") returned 6
[0180.227] lstrlenW (lpString="create") returned 6
[0180.227] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.227] lstrlenW (lpString="Create") returned 6
[0180.227] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.227] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|create|") returned 8
[0180.228] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|Create|") returned 8
[0180.228] lstrlenW (lpString="|create|") returned 8
[0180.228] lstrlenW (lpString="|Create|") returned 8
[0180.228] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0180.228] RtlRestoreLastWin32Error () returned 0x0
[0180.228] RtlRestoreLastWin32Error () returned 0x0
[0180.228] RtlRestoreLastWin32Error () returned 0x0
[0180.228] lstrlenW (lpString="/TN") returned 3
[0180.228] lstrlenW (lpString="-/") returned 2
[0180.228] StrChrIW (lpStart="-/", wMatch=0xb4002f) returned="/"
[0180.228] lstrlenW (lpString="create") returned 6
[0180.228] lstrlenW (lpString="create") returned 6
[0180.228] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.228] lstrlenW (lpString="TN") returned 2
[0180.228] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.228] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|create|") returned 8
[0180.228] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.228] lstrlenW (lpString="|create|") returned 8
[0180.228] lstrlenW (lpString="|TN|") returned 4
[0180.228] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0180.228] RtlRestoreLastWin32Error () returned 0x490
[0180.228] lstrlenW (lpString="?") returned 1
[0180.228] lstrlenW (lpString="?") returned 1
[0180.228] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.229] lstrlenW (lpString="TN") returned 2
[0180.229] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.229] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|?|") returned 3
[0180.229] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.229] lstrlenW (lpString="|?|") returned 3
[0180.229] lstrlenW (lpString="|TN|") returned 4
[0180.229] RtlRestoreLastWin32Error () returned 0x490
[0180.229] lstrlenW (lpString="s") returned 1
[0180.229] lstrlenW (lpString="s") returned 1
[0180.229] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.229] lstrlenW (lpString="TN") returned 2
[0180.229] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.229] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|s|") returned 3
[0180.229] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.229] lstrlenW (lpString="|s|") returned 3
[0180.229] lstrlenW (lpString="|TN|") returned 4
[0180.229] RtlRestoreLastWin32Error () returned 0x490
[0180.229] lstrlenW (lpString="u") returned 1
[0180.229] lstrlenW (lpString="u") returned 1
[0180.229] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.229] lstrlenW (lpString="TN") returned 2
[0180.230] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.230] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|u|") returned 3
[0180.230] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.230] lstrlenW (lpString="|u|") returned 3
[0180.230] lstrlenW (lpString="|TN|") returned 4
[0180.230] RtlRestoreLastWin32Error () returned 0x490
[0180.230] lstrlenW (lpString="p") returned 1
[0180.230] lstrlenW (lpString="p") returned 1
[0180.230] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.230] lstrlenW (lpString="TN") returned 2
[0180.230] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.230] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|p|") returned 3
[0180.230] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.230] lstrlenW (lpString="|p|") returned 3
[0180.230] lstrlenW (lpString="|TN|") returned 4
[0180.230] RtlRestoreLastWin32Error () returned 0x490
[0180.230] lstrlenW (lpString="ru") returned 2
[0180.230] lstrlenW (lpString="ru") returned 2
[0180.230] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.230] lstrlenW (lpString="TN") returned 2
[0180.230] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.230] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|ru|") returned 4
[0180.231] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.231] lstrlenW (lpString="|ru|") returned 4
[0180.231] lstrlenW (lpString="|TN|") returned 4
[0180.231] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0180.231] RtlRestoreLastWin32Error () returned 0x490
[0180.231] lstrlenW (lpString="rp") returned 2
[0180.231] lstrlenW (lpString="rp") returned 2
[0180.231] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.231] lstrlenW (lpString="TN") returned 2
[0180.231] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.231] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|rp|") returned 4
[0180.231] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.231] lstrlenW (lpString="|rp|") returned 4
[0180.231] lstrlenW (lpString="|TN|") returned 4
[0180.231] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0180.231] RtlRestoreLastWin32Error () returned 0x490
[0180.231] lstrlenW (lpString="sc") returned 2
[0180.231] lstrlenW (lpString="sc") returned 2
[0180.231] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.231] lstrlenW (lpString="TN") returned 2
[0180.231] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.231] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|sc|") returned 4
[0180.231] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.232] lstrlenW (lpString="|sc|") returned 4
[0180.232] lstrlenW (lpString="|TN|") returned 4
[0180.232] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0180.232] RtlRestoreLastWin32Error () returned 0x490
[0180.232] lstrlenW (lpString="mo") returned 2
[0180.232] lstrlenW (lpString="mo") returned 2
[0180.232] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.232] lstrlenW (lpString="TN") returned 2
[0180.232] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.232] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|mo|") returned 4
[0180.232] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.232] lstrlenW (lpString="|mo|") returned 4
[0180.232] lstrlenW (lpString="|TN|") returned 4
[0180.232] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0180.232] RtlRestoreLastWin32Error () returned 0x490
[0180.232] lstrlenW (lpString="d") returned 1
[0180.232] lstrlenW (lpString="d") returned 1
[0180.232] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.232] lstrlenW (lpString="TN") returned 2
[0180.232] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.232] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|d|") returned 3
[0180.232] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.232] lstrlenW (lpString="|d|") returned 3
[0180.232] lstrlenW (lpString="|TN|") returned 4
[0180.232] RtlRestoreLastWin32Error () returned 0x490
[0180.233] lstrlenW (lpString="m") returned 1
[0180.233] lstrlenW (lpString="m") returned 1
[0180.233] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.233] lstrlenW (lpString="TN") returned 2
[0180.233] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.233] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|m|") returned 3
[0180.233] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.233] lstrlenW (lpString="|m|") returned 3
[0180.233] lstrlenW (lpString="|TN|") returned 4
[0180.233] RtlRestoreLastWin32Error () returned 0x490
[0180.233] lstrlenW (lpString="i") returned 1
[0180.233] lstrlenW (lpString="i") returned 1
[0180.233] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.233] lstrlenW (lpString="TN") returned 2
[0180.233] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.233] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|i|") returned 3
[0180.233] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.233] lstrlenW (lpString="|i|") returned 3
[0180.233] lstrlenW (lpString="|TN|") returned 4
[0180.233] RtlRestoreLastWin32Error () returned 0x490
[0180.233] lstrlenW (lpString="tn") returned 2
[0180.233] lstrlenW (lpString="tn") returned 2
[0180.233] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.234] lstrlenW (lpString="TN") returned 2
[0180.234] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.234] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|tn|") returned 4
[0180.234] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|TN|") returned 4
[0180.234] lstrlenW (lpString="|tn|") returned 4
[0180.234] lstrlenW (lpString="|TN|") returned 4
[0180.234] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0180.234] RtlRestoreLastWin32Error () returned 0x0
[0180.234] RtlRestoreLastWin32Error () returned 0x0
[0180.234] lstrlenW (lpString="Updates\\IFNGRZH") returned 15
[0180.234] lstrlenW (lpString="-/") returned 2
[0180.234] StrChrIW (lpStart="-/", wMatch=0xb40055) returned 0x0
[0180.234] RtlRestoreLastWin32Error () returned 0x490
[0180.234] RtlRestoreLastWin32Error () returned 0x490
[0180.234] RtlRestoreLastWin32Error () returned 0x0
[0180.234] lstrlenW (lpString="Updates\\IFNGRZH") returned 15
[0180.234] StrChrIW (lpStart="Updates\\IFNGRZH", wMatch=0x3a) returned 0x0
[0180.234] RtlRestoreLastWin32Error () returned 0x490
[0180.234] RtlRestoreLastWin32Error () returned 0x0
[0180.234] lstrlenW (lpString="Updates\\IFNGRZH") returned 15
[0180.234] RtlRestoreLastWin32Error () returned 0x0
[0180.234] RtlRestoreLastWin32Error () returned 0x0
[0180.234] lstrlenW (lpString="/XML") returned 4
[0180.234] lstrlenW (lpString="-/") returned 2
[0180.234] StrChrIW (lpStart="-/", wMatch=0xb4002f) returned="/"
[0180.235] lstrlenW (lpString="create") returned 6
[0180.235] lstrlenW (lpString="create") returned 6
[0180.235] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.235] lstrlenW (lpString="XML") returned 3
[0180.235] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.235] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|create|") returned 8
[0180.235] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.235] lstrlenW (lpString="|create|") returned 8
[0180.235] lstrlenW (lpString="|XML|") returned 5
[0180.235] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0180.235] RtlRestoreLastWin32Error () returned 0x490
[0180.235] lstrlenW (lpString="?") returned 1
[0180.235] lstrlenW (lpString="?") returned 1
[0180.235] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.235] lstrlenW (lpString="XML") returned 3
[0180.235] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.235] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|?|") returned 3
[0180.235] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.235] lstrlenW (lpString="|?|") returned 3
[0180.235] lstrlenW (lpString="|XML|") returned 5
[0180.235] RtlRestoreLastWin32Error () returned 0x490
[0180.235] lstrlenW (lpString="s") returned 1
[0180.236] lstrlenW (lpString="s") returned 1
[0180.236] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.236] lstrlenW (lpString="XML") returned 3
[0180.236] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.236] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|s|") returned 3
[0180.236] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.236] lstrlenW (lpString="|s|") returned 3
[0180.236] lstrlenW (lpString="|XML|") returned 5
[0180.236] RtlRestoreLastWin32Error () returned 0x490
[0180.236] lstrlenW (lpString="u") returned 1
[0180.236] lstrlenW (lpString="u") returned 1
[0180.236] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.236] lstrlenW (lpString="XML") returned 3
[0180.236] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.236] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|u|") returned 3
[0180.236] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.236] lstrlenW (lpString="|u|") returned 3
[0180.236] lstrlenW (lpString="|XML|") returned 5
[0180.236] RtlRestoreLastWin32Error () returned 0x490
[0180.236] lstrlenW (lpString="p") returned 1
[0180.236] lstrlenW (lpString="p") returned 1
[0180.236] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.236] lstrlenW (lpString="XML") returned 3
[0180.237] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.237] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|p|") returned 3
[0180.237] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.237] lstrlenW (lpString="|p|") returned 3
[0180.237] lstrlenW (lpString="|XML|") returned 5
[0180.237] RtlRestoreLastWin32Error () returned 0x490
[0180.237] lstrlenW (lpString="ru") returned 2
[0180.237] lstrlenW (lpString="ru") returned 2
[0180.237] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.237] lstrlenW (lpString="XML") returned 3
[0180.237] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.237] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|ru|") returned 4
[0180.237] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.237] lstrlenW (lpString="|ru|") returned 4
[0180.237] lstrlenW (lpString="|XML|") returned 5
[0180.237] RtlRestoreLastWin32Error () returned 0x490
[0180.237] lstrlenW (lpString="rp") returned 2
[0180.238] lstrlenW (lpString="rp") returned 2
[0180.238] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.238] lstrlenW (lpString="XML") returned 3
[0180.238] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.238] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|rp|") returned 4
[0180.238] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.238] lstrlenW (lpString="|rp|") returned 4
[0180.238] lstrlenW (lpString="|XML|") returned 5
[0180.238] RtlRestoreLastWin32Error () returned 0x490
[0180.238] lstrlenW (lpString="sc") returned 2
[0180.238] lstrlenW (lpString="sc") returned 2
[0180.238] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.238] lstrlenW (lpString="XML") returned 3
[0180.238] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.238] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|sc|") returned 4
[0180.238] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.238] lstrlenW (lpString="|sc|") returned 4
[0180.238] lstrlenW (lpString="|XML|") returned 5
[0180.238] RtlRestoreLastWin32Error () returned 0x490
[0180.238] lstrlenW (lpString="mo") returned 2
[0180.238] lstrlenW (lpString="mo") returned 2
[0180.239] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.239] lstrlenW (lpString="XML") returned 3
[0180.239] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.239] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|mo|") returned 4
[0180.239] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.239] lstrlenW (lpString="|mo|") returned 4
[0180.239] lstrlenW (lpString="|XML|") returned 5
[0180.239] RtlRestoreLastWin32Error () returned 0x490
[0180.239] lstrlenW (lpString="d") returned 1
[0180.239] lstrlenW (lpString="d") returned 1
[0180.239] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.239] lstrlenW (lpString="XML") returned 3
[0180.239] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.239] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|d|") returned 3
[0180.239] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.239] lstrlenW (lpString="|d|") returned 3
[0180.239] lstrlenW (lpString="|XML|") returned 5
[0180.239] RtlRestoreLastWin32Error () returned 0x490
[0180.239] lstrlenW (lpString="m") returned 1
[0180.239] lstrlenW (lpString="m") returned 1
[0180.239] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.239] lstrlenW (lpString="XML") returned 3
[0180.239] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.240] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|m|") returned 3
[0180.240] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.240] lstrlenW (lpString="|m|") returned 3
[0180.240] lstrlenW (lpString="|XML|") returned 5
[0180.240] RtlRestoreLastWin32Error () returned 0x490
[0180.240] lstrlenW (lpString="i") returned 1
[0180.240] lstrlenW (lpString="i") returned 1
[0180.240] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.240] lstrlenW (lpString="XML") returned 3
[0180.240] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.240] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|i|") returned 3
[0180.240] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.240] lstrlenW (lpString="|i|") returned 3
[0180.240] lstrlenW (lpString="|XML|") returned 5
[0180.240] RtlRestoreLastWin32Error () returned 0x490
[0180.277] lstrlenW (lpString="tn") returned 2
[0180.277] lstrlenW (lpString="tn") returned 2
[0180.277] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.277] lstrlenW (lpString="XML") returned 3
[0180.277] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.277] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|tn|") returned 4
[0180.277] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.277] lstrlenW (lpString="|tn|") returned 4
[0180.277] lstrlenW (lpString="|XML|") returned 5
[0180.277] RtlRestoreLastWin32Error () returned 0x490
[0180.277] lstrlenW (lpString="tr") returned 2
[0180.277] lstrlenW (lpString="tr") returned 2
[0180.277] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.277] lstrlenW (lpString="XML") returned 3
[0180.277] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.278] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|tr|") returned 4
[0180.278] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.278] lstrlenW (lpString="|tr|") returned 4
[0180.278] lstrlenW (lpString="|XML|") returned 5
[0180.278] RtlRestoreLastWin32Error () returned 0x490
[0180.278] lstrlenW (lpString="st") returned 2
[0180.278] lstrlenW (lpString="st") returned 2
[0180.278] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.278] lstrlenW (lpString="XML") returned 3
[0180.278] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.278] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|st|") returned 4
[0180.278] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.278] lstrlenW (lpString="|st|") returned 4
[0180.278] lstrlenW (lpString="|XML|") returned 5
[0180.278] RtlRestoreLastWin32Error () returned 0x490
[0180.278] lstrlenW (lpString="sd") returned 2
[0180.278] lstrlenW (lpString="sd") returned 2
[0180.278] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.278] lstrlenW (lpString="XML") returned 3
[0180.278] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.278] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|sd|") returned 4
[0180.278] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.278] lstrlenW (lpString="|sd|") returned 4
[0180.278] lstrlenW (lpString="|XML|") returned 5
[0180.279] RtlRestoreLastWin32Error () returned 0x490
[0180.279] lstrlenW (lpString="ed") returned 2
[0180.279] lstrlenW (lpString="ed") returned 2
[0180.279] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.279] lstrlenW (lpString="XML") returned 3
[0180.279] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.279] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|ed|") returned 4
[0180.279] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.279] lstrlenW (lpString="|ed|") returned 4
[0180.279] lstrlenW (lpString="|XML|") returned 5
[0180.279] RtlRestoreLastWin32Error () returned 0x490
[0180.279] lstrlenW (lpString="it") returned 2
[0180.279] lstrlenW (lpString="it") returned 2
[0180.279] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.279] lstrlenW (lpString="XML") returned 3
[0180.279] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.279] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|it|") returned 4
[0180.279] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.279] lstrlenW (lpString="|it|") returned 4
[0180.279] lstrlenW (lpString="|XML|") returned 5
[0180.279] RtlRestoreLastWin32Error () returned 0x490
[0180.279] lstrlenW (lpString="et") returned 2
[0180.280] lstrlenW (lpString="et") returned 2
[0180.280] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.280] lstrlenW (lpString="XML") returned 3
[0180.280] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.280] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|et|") returned 4
[0180.280] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.280] lstrlenW (lpString="|et|") returned 4
[0180.280] lstrlenW (lpString="|XML|") returned 5
[0180.280] RtlRestoreLastWin32Error () returned 0x490
[0180.280] lstrlenW (lpString="k") returned 1
[0180.280] lstrlenW (lpString="k") returned 1
[0180.280] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.280] lstrlenW (lpString="XML") returned 3
[0180.280] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.281] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|k|") returned 3
[0180.281] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.281] lstrlenW (lpString="|k|") returned 3
[0180.281] lstrlenW (lpString="|XML|") returned 5
[0180.281] RtlRestoreLastWin32Error () returned 0x490
[0180.281] lstrlenW (lpString="du") returned 2
[0180.281] lstrlenW (lpString="du") returned 2
[0180.281] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.281] lstrlenW (lpString="XML") returned 3
[0180.281] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.281] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|du|") returned 4
[0180.281] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.281] lstrlenW (lpString="|du|") returned 4
[0180.281] lstrlenW (lpString="|XML|") returned 5
[0180.281] RtlRestoreLastWin32Error () returned 0x490
[0180.282] lstrlenW (lpString="ri") returned 2
[0180.282] lstrlenW (lpString="ri") returned 2
[0180.282] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.282] lstrlenW (lpString="XML") returned 3
[0180.282] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.282] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|ri|") returned 4
[0180.282] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.282] lstrlenW (lpString="|ri|") returned 4
[0180.282] lstrlenW (lpString="|XML|") returned 5
[0180.282] RtlRestoreLastWin32Error () returned 0x490
[0180.282] lstrlenW (lpString="z") returned 1
[0180.282] lstrlenW (lpString="z") returned 1
[0180.282] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.282] lstrlenW (lpString="XML") returned 3
[0180.282] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.282] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|z|") returned 3
[0180.282] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.283] lstrlenW (lpString="|z|") returned 3
[0180.283] lstrlenW (lpString="|XML|") returned 5
[0180.283] RtlRestoreLastWin32Error () returned 0x490
[0180.283] lstrlenW (lpString="f") returned 1
[0180.283] lstrlenW (lpString="f") returned 1
[0180.283] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.283] lstrlenW (lpString="XML") returned 3
[0180.283] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.283] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|f|") returned 3
[0180.283] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.283] lstrlenW (lpString="|f|") returned 3
[0180.283] lstrlenW (lpString="|XML|") returned 5
[0180.283] RtlRestoreLastWin32Error () returned 0x490
[0180.283] lstrlenW (lpString="v1") returned 2
[0180.283] lstrlenW (lpString="v1") returned 2
[0180.283] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.283] lstrlenW (lpString="XML") returned 3
[0180.283] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.283] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|v1|") returned 4
[0180.283] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.283] lstrlenW (lpString="|v1|") returned 4
[0180.283] lstrlenW (lpString="|XML|") returned 5
[0180.283] RtlRestoreLastWin32Error () returned 0x490
[0180.284] lstrlenW (lpString="xml") returned 3
[0180.284] lstrlenW (lpString="xml") returned 3
[0180.284] _memicmp (_Buf1=0x8d7460, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.284] lstrlenW (lpString="XML") returned 3
[0180.284] _memicmp (_Buf1=0x8d7538, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.284] _vsnwprintf (in: _Buffer=0x8d97e8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|xml|") returned 5
[0180.284] _vsnwprintf (in: _Buffer=0x8d9688, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccc48 | out: _Buffer="|XML|") returned 5
[0180.284] lstrlenW (lpString="|xml|") returned 5
[0180.284] lstrlenW (lpString="|XML|") returned 5
[0180.284] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0180.284] RtlRestoreLastWin32Error () returned 0x0
[0180.284] RtlRestoreLastWin32Error () returned 0x0
[0180.284] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.284] lstrlenW (lpString="-/") returned 2
[0180.284] StrChrIW (lpStart="-/", wMatch=0xb40043) returned 0x0
[0180.284] RtlRestoreLastWin32Error () returned 0x490
[0180.284] RtlRestoreLastWin32Error () returned 0x490
[0180.284] RtlRestoreLastWin32Error () returned 0x0
[0180.284] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.284] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp"
[0180.284] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.284] _memicmp (_Buf1=0x8d7550, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.284] _memicmp (_Buf1=0x8dad70, _Buf2=0xc12708, _Size=0x7) returned 0
[0180.285] RtlRestoreLastWin32Error () returned 0x7a
[0180.285] RtlRestoreLastWin32Error () returned 0x0
[0180.285] RtlRestoreLastWin32Error () returned 0x0
[0180.285] lstrlenW (lpString="C") returned 1
[0180.285] RtlRestoreLastWin32Error () returned 0x490
[0180.285] RtlRestoreLastWin32Error () returned 0x0
[0180.285] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.285] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.285] GetProcessHeap () returned 0x8d0000
[0180.285] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x6a) returned 0x8d6ab0
[0180.285] RtlRestoreLastWin32Error () returned 0x0
[0180.285] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0180.285] RtlRestoreLastWin32Error () returned 0x0
[0180.285] GetProcessHeap () returned 0x8d0000
[0180.285] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x1fc) returned 0x8da090
[0180.285] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0180.292] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0180.304] CoCreateInstance (in: rclsid=0xc126c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xc126d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xcd09c | out: ppv=0xcd09c*=0xb43860) returned 0x0
[0180.367] TaskScheduler:ITaskService:Connect (This=0xb43860, serverName=0xcd04c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xcd05c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xcd06c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xcd07c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0
[0180.493] TaskScheduler:ITaskService:GetFolder (in: This=0xb43860, Path=0x0, ppFolder=0xcd164 | out: ppFolder=0xcd164*=0xb43988) returned 0x0
[0180.495] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmp16b3.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x12c
[0180.496] GetFileSizeEx (in: hFile=0x12c, lpFileSize=0xcca7c | out: lpFileSize=0xcca7c*=1595) returned 1
[0180.496] ReadFile (in: hFile=0x12c, lpBuffer=0xcca8c, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0xcca88, lpOverlapped=0x0 | out: lpBuffer=0xcca8c*, lpNumberOfBytesRead=0xcca88*=0x2, lpOverlapped=0x0) returned 1
[0180.496] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0180.496] malloc (_Size=0x63c) returned 0xb421b0
[0180.496] ReadFile (in: hFile=0x12c, lpBuffer=0xb421b0, nNumberOfBytesToRead=0x63c, lpNumberOfBytesRead=0xcca88, lpOverlapped=0x0 | out: lpBuffer=0xb421b0*, lpNumberOfBytesRead=0xcca88*=0x63b, lpOverlapped=0x0) returned 1
[0180.496] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb421b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1596
[0180.496] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb421b0, cbMultiByte=-1, lpWideCharStr=0x8eac1c, cchWideChar=1596 | out: lpWideCharStr="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe\n \n \n") returned 1596
[0180.496] SysStringLen (param_1="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe\n \n \n") returned 0x63b
[0180.496] VarBstrCat (in: bstrLeft=0x0, bstrRight="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe\n \n \n", pbstrResult=0xcca2c | out: pbstrResult=0xcca2c) returned 0x0
[0180.497] free (_Block=0xb421b0)
[0180.498] CloseHandle (hObject=0x12c) returned 1
[0180.498] lstrlenW (lpString="") returned 0
[0180.498] malloc (_Size=0xc) returned 0xb43948
[0180.498] SysStringLen (param_1="") returned 0x0
[0180.498] free (_Block=0xb43948)
[0180.498] lstrlenW (lpString="") returned 0
[0180.499] ITaskFolder:RegisterTask (in: This=0xb43988, Path="Updates\\IFNGRZH", XmlText="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IFNGRZH.exe\n \n \n", flags=2, UserId=0xcca60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), password=0xcca70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=0, sddl=0xcca84*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), ppTask=0xccae0 | out: ppTask=0xccae0*=0xb43a00) returned 0x0
[0181.814] GetProcessHeap () returned 0x8d0000
[0181.814] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x14) returned 0x8e4f00
[0181.814] _memicmp (_Buf1=0x8d7520, _Buf2=0xc12708, _Size=0x7) returned 0
[0181.814] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x8da940, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0181.814] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0181.814] GetProcessHeap () returned 0x8d0000
[0181.814] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0xc, Size=0x82) returned 0x8e9ae0
[0181.814] _vsnwprintf (in: _Buffer=0xccaf8, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0xcca94 | out: _Buffer="SUCCESS: The scheduled task \"Updates\\IFNGRZH\" has successfully been created.\n") returned 77
[0181.815] __iob_func () returned 0x75da1208
[0181.815] _fileno (_File=0x75da1228) returned 1
[0181.815] _errno () returned 0xb405b0
[0181.815] _get_osfhandle (_FileHandle=1) returned 0x3c
[0181.815] _errno () returned 0xb405b0
[0181.815] GetFileType (hFile=0x3c) returned 0x2
[0181.815] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0181.815] GetFileType (hFile=0x3c) returned 0x2
[0181.815] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcca68 | out: lpMode=0xcca68) returned 1
[0181.895] __iob_func () returned 0x75da1208
[0181.895] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0181.895] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\IFNGRZH\" has successfully been created.\n") returned 77
[0181.895] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xccaf8*, nNumberOfCharsToWrite=0x4d, lpNumberOfCharsWritten=0xcca8c, lpReserved=0x0 | out: lpBuffer=0xccaf8*, lpNumberOfCharsWritten=0xcca8c*=0x4d) returned 1
[0182.025] IUnknown:Release (This=0xb43a00) returned 0x0
[0182.025] TaskScheduler:IUnknown:Release (This=0xb43988) returned 0x0
[0182.025] TaskScheduler:IUnknown:Release (This=0xb43860) returned 0x0
[0182.026] lstrlenW (lpString="") returned 0
[0182.026] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp") returned 52
[0182.026] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmp16B3.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53
[0182.026] GetProcessHeap () returned 0x8d0000
[0182.026] GetProcessHeap () returned 0x8d0000
[0182.026] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8da090) returned 1
[0182.026] GetProcessHeap () returned 0x8d0000
[0182.026] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8da090) returned 0x1fc
[0182.027] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8da090) returned 1
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6ab0) returned 1
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6ab0) returned 0x6a
[0182.027] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6ab0) returned 1
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9468) returned 1
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9468) returned 0x16
[0182.027] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9468) returned 1
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8dac80) returned 1
[0182.027] GetProcessHeap () returned 0x8d0000
[0182.027] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8dac80) returned 0x10
[0182.028] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8dac80) returned 1
[0182.028] GetProcessHeap () returned 0x8d0000
[0182.028] GetProcessHeap () returned 0x8d0000
[0182.028] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d94c8) returned 1
[0182.028] GetProcessHeap () returned 0x8d0000
[0182.028] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d94c8) returned 0x14
[0182.028] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d94c8) returned 1
[0182.028] GetProcessHeap () returned 0x8d0000
[0182.028] GetProcessHeap () returned 0x8d0000
[0182.028] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9010) returned 1
[0182.028] GetProcessHeap () returned 0x8d0000
[0182.028] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9010) returned 0xa0
[0182.029] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9010) returned 1
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7508) returned 1
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7508) returned 0x10
[0182.029] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7508) returned 1
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d97a8) returned 1
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d97a8) returned 0x14
[0182.029] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d97a8) returned 1
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8daf50) returned 1
[0182.029] GetProcessHeap () returned 0x8d0000
[0182.029] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8daf50) returned 0x6e
[0182.030] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8daf50) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8dad70) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8dad70) returned 0x10
[0182.030] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8dad70) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9768) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9768) returned 0x14
[0182.030] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9768) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7490) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7490) returned 0xc
[0182.030] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7490) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7550) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7550) returned 0x10
[0182.030] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7550) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9448) returned 1
[0182.030] GetProcessHeap () returned 0x8d0000
[0182.030] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9448) returned 0x14
[0182.031] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9448) returned 1
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d8e00) returned 1
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d8e00) returned 0x208
[0182.031] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d8e00) returned 1
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7400) returned 1
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7400) returned 0x10
[0182.031] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7400) returned 1
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9788) returned 1
[0182.031] GetProcessHeap () returned 0x8d0000
[0182.031] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9788) returned 0x14
[0182.032] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9788) returned 1
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8da940) returned 1
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8da940) returned 0x200
[0182.032] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8da940) returned 1
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7520) returned 1
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7520) returned 0x10
[0182.032] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7520) returned 1
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d95c8) returned 1
[0182.032] GetProcessHeap () returned 0x8d0000
[0182.032] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d95c8) returned 0x14
[0182.032] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d95c8) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9688) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9688) returned 0x14
[0182.033] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9688) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7538) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7538) returned 0x10
[0182.033] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7538) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d66c8) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d66c8) returned 0x14
[0182.033] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d66c8) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d97e8) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d97e8) returned 0x16
[0182.033] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d97e8) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7460) returned 1
[0182.033] GetProcessHeap () returned 0x8d0000
[0182.033] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7460) returned 0x10
[0182.034] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7460) returned 1
[0182.034] GetProcessHeap () returned 0x8d0000
[0182.034] GetProcessHeap () returned 0x8d0000
[0182.034] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d66a8) returned 1
[0182.034] GetProcessHeap () returned 0x8d0000
[0182.034] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d66a8) returned 0x14
[0182.034] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d66a8) returned 1
[0182.034] GetProcessHeap () returned 0x8d0000
[0182.034] GetProcessHeap () returned 0x8d0000
[0182.034] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d0598) returned 1
[0182.034] GetProcessHeap () returned 0x8d0000
[0182.034] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d0598) returned 0x2
[0182.034] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d0598) returned 1
[0182.034] GetProcessHeap () returned 0x8d0000
[0182.034] GetProcessHeap () returned 0x8d0000
[0182.034] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6f18) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6f18) returned 0x14
[0182.035] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6f18) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d8710) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d8710) returned 0x14
[0182.035] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d8710) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d8730) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d8730) returned 0x14
[0182.035] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d8730) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6ce0) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6ce0) returned 0x14
[0182.035] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6ce0) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9668) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.035] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9668) returned 0x14
[0182.035] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9668) returned 1
[0182.035] GetProcessHeap () returned 0x8d0000
[0182.036] GetProcessHeap () returned 0x8d0000
[0182.036] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d97c8) returned 1
[0182.036] GetProcessHeap () returned 0x8d0000
[0182.036] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d97c8) returned 0x14
[0182.036] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d97c8) returned 1
[0182.036] GetProcessHeap () returned 0x8d0000
[0182.036] GetProcessHeap () returned 0x8d0000
[0182.036] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d2660) returned 1
[0182.036] GetProcessHeap () returned 0x8d0000
[0182.036] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d2660) returned 0x30
[0182.036] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d2660) returned 1
[0182.036] GetProcessHeap () returned 0x8d0000
[0182.036] GetProcessHeap () returned 0x8d0000
[0182.036] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9508) returned 1
[0182.036] GetProcessHeap () returned 0x8d0000
[0182.036] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9508) returned 0x14
[0182.037] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9508) returned 1
[0182.037] GetProcessHeap () returned 0x8d0000
[0182.037] GetProcessHeap () returned 0x8d0000
[0182.037] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6658) returned 1
[0182.037] GetProcessHeap () returned 0x8d0000
[0182.037] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6658) returned 0x30
[0182.037] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6658) returned 1
[0182.037] GetProcessHeap () returned 0x8d0000
[0182.037] GetProcessHeap () returned 0x8d0000
[0182.037] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9808) returned 1
[0182.037] GetProcessHeap () returned 0x8d0000
[0182.037] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9808) returned 0x14
[0182.037] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9808) returned 1
[0182.038] GetProcessHeap () returned 0x8d0000
[0182.038] GetProcessHeap () returned 0x8d0000
[0182.038] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8e9ae0) returned 1
[0182.038] GetProcessHeap () returned 0x8d0000
[0182.038] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8e9ae0) returned 0x82
[0182.038] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8e9ae0) returned 1
[0182.038] GetProcessHeap () returned 0x8d0000
[0182.038] GetProcessHeap () returned 0x8d0000
[0182.038] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8e4f00) returned 1
[0182.038] GetProcessHeap () returned 0x8d0000
[0182.038] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8e4f00) returned 0x14
[0182.038] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8e4f00) returned 1
[0182.038] GetProcessHeap () returned 0x8d0000
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d74d8) returned 1
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d74d8) returned 0x10
[0182.039] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d74d8) returned 1
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6d00) returned 1
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6d00) returned 0x14
[0182.039] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6d00) returned 1
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6d20) returned 1
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6d20) returned 0x14
[0182.039] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6d20) returned 1
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6910) returned 1
[0182.039] GetProcessHeap () returned 0x8d0000
[0182.039] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6910) returned 0x14
[0182.039] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6910) returned 1
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6930) returned 1
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6930) returned 0x14
[0182.040] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6930) returned 1
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d75b0) returned 1
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d75b0) returned 0x10
[0182.040] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d75b0) returned 1
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d6950) returned 1
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d6950) returned 0x14
[0182.040] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d6950) returned 1
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.040] GetProcessHeap () returned 0x8d0000
[0182.041] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d66e8) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d66e8) returned 0x14
[0182.041] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d66e8) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9728) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9728) returned 0x14
[0182.041] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9728) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9628) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9628) returned 0x14
[0182.041] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9628) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9608) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9608) returned 0x14
[0182.041] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9608) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d9488) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d9488) returned 0x14
[0182.041] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d9488) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d73e8) returned 1
[0182.041] GetProcessHeap () returned 0x8d0000
[0182.041] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d73e8) returned 0x10
[0182.042] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d73e8) returned 1
[0182.042] GetProcessHeap () returned 0x8d0000
[0182.042] GetProcessHeap () returned 0x8d0000
[0182.042] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d2858) returned 1
[0182.042] GetProcessHeap () returned 0x8d0000
[0182.042] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d2858) returned 0x14
[0182.042] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d2858) returned 1
[0182.042] GetProcessHeap () returned 0x8d0000
[0182.042] GetProcessHeap () returned 0x8d0000
[0182.042] HeapValidate (hHeap=0x8d0000, dwFlags=0x0, lpMem=0x8d7448) returned 1
[0182.042] GetProcessHeap () returned 0x8d0000
[0182.042] RtlSizeHeap (HeapHandle=0x8d0000, Flags=0x0, MemoryPointer=0x8d7448) returned 0x10
[0182.042] RtlFreeHeap (HeapHandle=0x8d0000, Flags=0x0, BaseAddress=0x8d7448) returned 1
[0182.042] exit (_Code=0)
Thread:
id = 24
os_tid = 0x67c
Process:
id = "4"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x410b3000"
os_pid = "0x1264"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x126c"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f188" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 580
start_va = 0x1de00000
end_va = 0x1dffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000001de00000"
filename = ""
Region:
id = 581
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 582
start_va = 0xbbddc50000
end_va = 0xbbddc8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000bbddc50000"
filename = ""
Region:
id = 583
start_va = 0xbbdde00000
end_va = 0xbbddffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000bbdde00000"
filename = ""
Region:
id = 584
start_va = 0x25841cd0000
end_va = 0x25841ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841cd0000"
filename = ""
Region:
id = 585
start_va = 0x25841cf0000
end_va = 0x25841d04fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025841cf0000"
filename = ""
Region:
id = 586
start_va = 0x7df5ffa90000
end_va = 0x7ff5ffa8ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffa90000"
filename = ""
Region:
id = 587
start_va = 0x7ff736a90000
end_va = 0x7ff736ab2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff736a90000"
filename = ""
Region:
id = 588
start_va = 0x7ff737580000
end_va = 0x7ff737590fff
monitored = 0
entry_point = 0x7ff7375816b0
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 589
start_va = 0x7ff871e00000
end_va = 0x7ff871fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 590
start_va = 0x25841d10000
end_va = 0x25841f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841d10000"
filename = ""
Region:
id = 591
start_va = 0x7ff871bc0000
end_va = 0x7ff871c6cfff
monitored = 0
entry_point = 0x7ff871bd81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 592
start_va = 0x7ff86e520000
end_va = 0x7ff86e707fff
monitored = 0
entry_point = 0x7ff86e54ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 593
start_va = 0x25841cd0000
end_va = 0x25841cdffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025841cd0000"
filename = ""
Region:
id = 594
start_va = 0x7ff736990000
end_va = 0x7ff736a8ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff736990000"
filename = ""
Region:
id = 595
start_va = 0x25841d10000
end_va = 0x25841dcdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 596
start_va = 0x25841e90000
end_va = 0x25841f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841e90000"
filename = ""
Region:
id = 597
start_va = 0x7ff86f210000
end_va = 0x7ff86f2acfff
monitored = 0
entry_point = 0x7ff86f2178a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 598
start_va = 0xbbddc90000
end_va = 0xbbddccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000bbddc90000"
filename = ""
Region:
id = 599
start_va = 0x25841f90000
end_va = 0x258420fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841f90000"
filename = ""
Region:
id = 600
start_va = 0x25841ce0000
end_va = 0x25841ce6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841ce0000"
filename = ""
Region:
id = 601
start_va = 0x7ff8659f0000
end_va = 0x7ff865a48fff
monitored = 0
entry_point = 0x7ff8659ffbf0
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 602
start_va = 0x25841dd0000
end_va = 0x25841dd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025841dd0000"
filename = ""
Region:
id = 603
start_va = 0x7ff86f2b0000
end_va = 0x7ff86f52cfff
monitored = 0
entry_point = 0x7ff86f384970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 604
start_va = 0x7ff870fd0000
end_va = 0x7ff8710ebfff
monitored = 0
entry_point = 0x7ff8710102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 605
start_va = 0x7ff86e4b0000
end_va = 0x7ff86e519fff
monitored = 0
entry_point = 0x7ff86e4e6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 606
start_va = 0x7ff8719b0000
end_va = 0x7ff871b05fff
monitored = 0
entry_point = 0x7ff8719ba8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 607
start_va = 0x7ff871c70000
end_va = 0x7ff871df5fff
monitored = 0
entry_point = 0x7ff871cbffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 608
start_va = 0x25841de0000
end_va = 0x25841de6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841de0000"
filename = ""
Region:
id = 609
start_va = 0x7ff871860000
end_va = 0x7ff8719a2fff
monitored = 0
entry_point = 0x7ff871888210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 610
start_va = 0x7ff86f5b0000
end_va = 0x7ff86f60afff
monitored = 0
entry_point = 0x7ff86f5c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 611
start_va = 0x7ff8711c0000
end_va = 0x7ff8711fafff
monitored = 0
entry_point = 0x7ff8711c12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 612
start_va = 0x7ff8710f0000
end_va = 0x7ff8711b0fff
monitored = 0
entry_point = 0x7ff871110da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 613
start_va = 0x7ff86c9a0000
end_va = 0x7ff86cb25fff
monitored = 0
entry_point = 0x7ff86c9ed700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 619
start_va = 0x25841df0000
end_va = 0x25841df0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841df0000"
filename = ""
Region:
id = 620
start_va = 0x25841e00000
end_va = 0x25841e00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841e00000"
filename = ""
Region:
id = 621
start_va = 0x25842100000
end_va = 0x25842287fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025842100000"
filename = ""
Region:
id = 622
start_va = 0x25842290000
end_va = 0x25842410fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025842290000"
filename = ""
Region:
id = 623
start_va = 0x25842420000
end_va = 0x2584381ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025842420000"
filename = ""
Region:
id = 624
start_va = 0x25841e10000
end_va = 0x25841e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841e10000"
filename = ""
Region:
id = 630
start_va = 0xbbddcd0000
end_va = 0xbbddd0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000bbddcd0000"
filename = ""
Region:
id = 631
start_va = 0x7ff86f9f0000
end_va = 0x7ff870f4efff
monitored = 0
entry_point = 0x7ff86fb511f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 666
start_va = 0x7ff86f130000
end_va = 0x7ff86f172fff
monitored = 0
entry_point = 0x7ff86f144b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 667
start_va = 0x7ff86e990000
end_va = 0x7ff86efd3fff
monitored = 0
entry_point = 0x7ff86eb564b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 668
start_va = 0x7ff871b10000
end_va = 0x7ff871bb6fff
monitored = 0
entry_point = 0x7ff871b258d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 669
start_va = 0x7ff86f550000
end_va = 0x7ff86f5a1fff
monitored = 0
entry_point = 0x7ff86f55f530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 670
start_va = 0x7ff86e490000
end_va = 0x7ff86e49efff
monitored = 0
entry_point = 0x7ff86e493210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 671
start_va = 0x7ff86f070000
end_va = 0x7ff86f124fff
monitored = 0
entry_point = 0x7ff86f0b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 672
start_va = 0x7ff86e420000
end_va = 0x7ff86e46afff
monitored = 0
entry_point = 0x7ff86e4235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 673
start_va = 0x7ff86e470000
end_va = 0x7ff86e483fff
monitored = 0
entry_point = 0x7ff86e4752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 674
start_va = 0x7ff86cda0000
end_va = 0x7ff86ce35fff
monitored = 0
entry_point = 0x7ff86cdc5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 675
start_va = 0x25841e10000
end_va = 0x25841e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841e10000"
filename = ""
Region:
id = 676
start_va = 0x25841e80000
end_va = 0x25841e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841e80000"
filename = ""
Region:
id = 694
start_va = 0x25843820000
end_va = 0x25843b56fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 695
start_va = 0x25841f90000
end_va = 0x2584208ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841f90000"
filename = ""
Region:
id = 696
start_va = 0x258420f0000
end_va = 0x258420fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000258420f0000"
filename = ""
Region:
id = 697
start_va = 0x25843b60000
end_va = 0x25843d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025843b60000"
filename = ""
Region:
id = 701
start_va = 0xbbddd10000
end_va = 0xbbddd4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000bbddd10000"
filename = ""
Region:
id = 702
start_va = 0x7ff86f890000
end_va = 0x7ff86f9e9fff
monitored = 0
entry_point = 0x7ff86f8d38e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 703
start_va = 0x25841e10000
end_va = 0x25841e10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025841e10000"
filename = ""
Region:
id = 704
start_va = 0x25841e40000
end_va = 0x25841e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841e40000"
filename = ""
Region:
id = 705
start_va = 0x25843d60000
end_va = 0x25843e1bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025843d60000"
filename = ""
Region:
id = 706
start_va = 0x25841e10000
end_va = 0x25841e13fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025841e10000"
filename = ""
Region:
id = 707
start_va = 0x7ff86bf40000
end_va = 0x7ff86bf61fff
monitored = 0
entry_point = 0x7ff86bf41a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 708
start_va = 0x7ff86cb90000
end_va = 0x7ff86cba2fff
monitored = 0
entry_point = 0x7ff86cb92760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 709
start_va = 0x7ff86e230000
end_va = 0x7ff86e285fff
monitored = 0
entry_point = 0x7ff86e240bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 710
start_va = 0x25841e20000
end_va = 0x25841e26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025841e20000"
filename = ""
Region:
id = 711
start_va = 0x25841e30000
end_va = 0x25841e30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025841e30000"
filename = ""
Region:
id = 712
start_va = 0x25841e50000
end_va = 0x25841e50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025841e50000"
filename = ""
Region:
id = 713
start_va = 0x25841e60000
end_va = 0x25841e64fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 714
start_va = 0x25841e70000
end_va = 0x25841e70fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 715
start_va = 0x25842090000
end_va = 0x25842091fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025842090000"
filename = ""
Region:
id = 716
start_va = 0x7ff863b30000
end_va = 0x7ff863da3fff
monitored = 0
entry_point = 0x7ff863ba0400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 717
start_va = 0x258420a0000
end_va = 0x258420a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 718
start_va = 0x258420b0000
end_va = 0x258420b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000258420b0000"
filename = ""
Thread:
id = 15
os_tid = 0x125c
Thread:
id = 16
os_tid = 0x1190
Thread:
id = 17
os_tid = 0x115c
Thread:
id = 21
os_tid = 0x1158
Process:
id = "5"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x4405a000"
os_pid = "0xefc"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "3"
os_parent_pid = "0x1254"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f188" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 632
start_va = 0x6600000
end_va = 0x67fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006600000"
filename = ""
Region:
id = 633
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 634
start_va = 0xb3c6580000
end_va = 0xb3c65bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000b3c6580000"
filename = ""
Region:
id = 635
start_va = 0xb3c6600000
end_va = 0xb3c67fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000b3c6600000"
filename = ""
Region:
id = 636
start_va = 0x1f82dc70000
end_va = 0x1f82dc8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82dc70000"
filename = ""
Region:
id = 637
start_va = 0x1f82dc90000
end_va = 0x1f82dca4fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82dc90000"
filename = ""
Region:
id = 638
start_va = 0x7df5ff2e0000
end_va = 0x7ff5ff2dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff2e0000"
filename = ""
Region:
id = 639
start_va = 0x7ff737100000
end_va = 0x7ff737122fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff737100000"
filename = ""
Region:
id = 640
start_va = 0x7ff737580000
end_va = 0x7ff737590fff
monitored = 0
entry_point = 0x7ff7375816b0
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 641
start_va = 0x7ff871e00000
end_va = 0x7ff871fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 642
start_va = 0x1f82dcb0000
end_va = 0x1f82df0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82dcb0000"
filename = ""
Region:
id = 643
start_va = 0x7ff871bc0000
end_va = 0x7ff871c6cfff
monitored = 0
entry_point = 0x7ff871bd81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 644
start_va = 0x7ff86e520000
end_va = 0x7ff86e707fff
monitored = 0
entry_point = 0x7ff86e54ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 645
start_va = 0x1f82dc70000
end_va = 0x1f82dc7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82dc70000"
filename = ""
Region:
id = 646
start_va = 0x7ff737000000
end_va = 0x7ff7370fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff737000000"
filename = ""
Region:
id = 647
start_va = 0x1f82dcb0000
end_va = 0x1f82dd6dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 648
start_va = 0x1f82de10000
end_va = 0x1f82df0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82de10000"
filename = ""
Region:
id = 649
start_va = 0x7ff86f210000
end_va = 0x7ff86f2acfff
monitored = 0
entry_point = 0x7ff86f2178a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 650
start_va = 0xb3c65c0000
end_va = 0xb3c65fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000b3c65c0000"
filename = ""
Region:
id = 651
start_va = 0x1f82df10000
end_va = 0x1f82e0cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82df10000"
filename = ""
Region:
id = 652
start_va = 0x1f82dc80000
end_va = 0x1f82dc86fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82dc80000"
filename = ""
Region:
id = 653
start_va = 0x7ff8659f0000
end_va = 0x7ff865a48fff
monitored = 0
entry_point = 0x7ff8659ffbf0
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 654
start_va = 0x1f82dd70000
end_va = 0x1f82dd70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82dd70000"
filename = ""
Region:
id = 655
start_va = 0x7ff86f2b0000
end_va = 0x7ff86f52cfff
monitored = 0
entry_point = 0x7ff86f384970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 656
start_va = 0x7ff870fd0000
end_va = 0x7ff8710ebfff
monitored = 0
entry_point = 0x7ff8710102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 657
start_va = 0x7ff86e4b0000
end_va = 0x7ff86e519fff
monitored = 0
entry_point = 0x7ff86e4e6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 658
start_va = 0x7ff8719b0000
end_va = 0x7ff871b05fff
monitored = 0
entry_point = 0x7ff8719ba8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 659
start_va = 0x7ff871c70000
end_va = 0x7ff871df5fff
monitored = 0
entry_point = 0x7ff871cbffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 660
start_va = 0x1f82dd80000
end_va = 0x1f82dd86fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82dd80000"
filename = ""
Region:
id = 661
start_va = 0x7ff871860000
end_va = 0x7ff8719a2fff
monitored = 0
entry_point = 0x7ff871888210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 662
start_va = 0x7ff86f5b0000
end_va = 0x7ff86f60afff
monitored = 0
entry_point = 0x7ff86f5c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 663
start_va = 0x7ff8711c0000
end_va = 0x7ff8711fafff
monitored = 0
entry_point = 0x7ff8711c12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 664
start_va = 0x7ff8710f0000
end_va = 0x7ff8711b0fff
monitored = 0
entry_point = 0x7ff871110da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 665
start_va = 0x7ff86c9a0000
end_va = 0x7ff86cb25fff
monitored = 0
entry_point = 0x7ff86c9ed700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 677
start_va = 0x1f82dd90000
end_va = 0x1f82dd90fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82dd90000"
filename = ""
Region:
id = 678
start_va = 0x1f82dda0000
end_va = 0x1f82dda0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82dda0000"
filename = ""
Region:
id = 679
start_va = 0x1f82df10000
end_va = 0x1f82e097fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82df10000"
filename = ""
Region:
id = 680
start_va = 0x1f82e0c0000
end_va = 0x1f82e0cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82e0c0000"
filename = ""
Region:
id = 681
start_va = 0x1f82e0d0000
end_va = 0x1f82e250fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82e0d0000"
filename = ""
Region:
id = 682
start_va = 0x1f82e260000
end_va = 0x1f82f65ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82e260000"
filename = ""
Region:
id = 683
start_va = 0x1f82f660000
end_va = 0x1f82f81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82f660000"
filename = ""
Region:
id = 684
start_va = 0xb3c6800000
end_va = 0xb3c683ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000b3c6800000"
filename = ""
Region:
id = 685
start_va = 0x7ff86f9f0000
end_va = 0x7ff870f4efff
monitored = 0
entry_point = 0x7ff86fb511f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 686
start_va = 0x7ff86f130000
end_va = 0x7ff86f172fff
monitored = 0
entry_point = 0x7ff86f144b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 687
start_va = 0x7ff86e990000
end_va = 0x7ff86efd3fff
monitored = 0
entry_point = 0x7ff86eb564b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 688
start_va = 0x7ff871b10000
end_va = 0x7ff871bb6fff
monitored = 0
entry_point = 0x7ff871b258d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 689
start_va = 0x7ff86f550000
end_va = 0x7ff86f5a1fff
monitored = 0
entry_point = 0x7ff86f55f530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 690
start_va = 0x7ff86e490000
end_va = 0x7ff86e49efff
monitored = 0
entry_point = 0x7ff86e493210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 691
start_va = 0x7ff86f070000
end_va = 0x7ff86f124fff
monitored = 0
entry_point = 0x7ff86f0b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 692
start_va = 0x7ff86e420000
end_va = 0x7ff86e46afff
monitored = 0
entry_point = 0x7ff86e4235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 693
start_va = 0x7ff86e470000
end_va = 0x7ff86e483fff
monitored = 0
entry_point = 0x7ff86e4752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 698
start_va = 0x7ff86cda0000
end_va = 0x7ff86ce35fff
monitored = 0
entry_point = 0x7ff86cdc5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 699
start_va = 0x1f82f660000
end_va = 0x1f82f7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82f660000"
filename = ""
Region:
id = 700
start_va = 0x1f82f810000
end_va = 0x1f82f81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82f810000"
filename = ""
Region:
id = 719
start_va = 0x1f82f820000
end_va = 0x1f82fb56fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 720
start_va = 0x1f82fb60000
end_va = 0x1f82fd74fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82fb60000"
filename = ""
Region:
id = 721
start_va = 0x1f82fd80000
end_va = 0x1f82ff98fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82fd80000"
filename = ""
Region:
id = 722
start_va = 0x1f82f660000
end_va = 0x1f82f768fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82f660000"
filename = ""
Region:
id = 723
start_va = 0x1f82f7f0000
end_va = 0x1f82f7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82f7f0000"
filename = ""
Region:
id = 724
start_va = 0x1f82ffa0000
end_va = 0x1f8301b3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82ffa0000"
filename = ""
Region:
id = 725
start_va = 0x1f8301c0000
end_va = 0x1f8302cdfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f8301c0000"
filename = ""
Region:
id = 738
start_va = 0xb3c6840000
end_va = 0xb3c687ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000b3c6840000"
filename = ""
Region:
id = 739
start_va = 0x7ff86f890000
end_va = 0x7ff86f9e9fff
monitored = 0
entry_point = 0x7ff86f8d38e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 740
start_va = 0x1f82ddb0000
end_va = 0x1f82ddb0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82ddb0000"
filename = ""
Region:
id = 741
start_va = 0x1f8302d0000
end_va = 0x1f83038bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f8302d0000"
filename = ""
Region:
id = 742
start_va = 0x1f82ddb0000
end_va = 0x1f82ddb3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82ddb0000"
filename = ""
Region:
id = 743
start_va = 0x7ff86bf40000
end_va = 0x7ff86bf61fff
monitored = 0
entry_point = 0x7ff86bf41a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 744
start_va = 0x7ff86cb90000
end_va = 0x7ff86cba2fff
monitored = 0
entry_point = 0x7ff86cb92760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 745
start_va = 0x7ff86e230000
end_va = 0x7ff86e285fff
monitored = 0
entry_point = 0x7ff86e240bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 746
start_va = 0x1f82ddc0000
end_va = 0x1f82ddc6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001f82ddc0000"
filename = ""
Region:
id = 747
start_va = 0x1f82ddd0000
end_va = 0x1f82ddd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82ddd0000"
filename = ""
Region:
id = 748
start_va = 0x1f82dde0000
end_va = 0x1f82dde0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82dde0000"
filename = ""
Region:
id = 749
start_va = 0x1f82ddf0000
end_va = 0x1f82ddf4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 750
start_va = 0x1f82de00000
end_va = 0x1f82de00fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 751
start_va = 0x1f82e0a0000
end_va = 0x1f82e0a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82e0a0000"
filename = ""
Region:
id = 752
start_va = 0x7ff863b30000
end_va = 0x7ff863da3fff
monitored = 0
entry_point = 0x7ff863ba0400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 753
start_va = 0x1f82e0b0000
end_va = 0x1f82e0b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 754
start_va = 0x1f82f770000
end_va = 0x1f82f771fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001f82f770000"
filename = ""
Thread:
id = 18
os_tid = 0x10bc
Thread:
id = 19
os_tid = 0x250
Thread:
id = 20
os_tid = 0x258
Thread:
id = 22
os_tid = 0x1150
Process:
id = "6"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x75083000"
os_pid = "0x360"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "3"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac06" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 803
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 804
start_va = 0x8b6eec0000
end_va = 0x8b6ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6eec0000"
filename = ""
Region:
id = 805
start_va = 0x8b6f000000
end_va = 0x8b6f1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6f000000"
filename = ""
Region:
id = 806
start_va = 0x8b6f300000
end_va = 0x8b6f3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6f300000"
filename = ""
Region:
id = 807
start_va = 0x8b6f400000
end_va = 0x8b6f4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6f400000"
filename = ""
Region:
id = 808
start_va = 0x8b6f600000
end_va = 0x8b6f6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6f600000"
filename = ""
Region:
id = 809
start_va = 0x8b6f700000
end_va = 0x8b6f7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6f700000"
filename = ""
Region:
id = 810
start_va = 0x8b6f800000
end_va = 0x8b6f8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6f800000"
filename = ""
Region:
id = 811
start_va = 0x8b6f900000
end_va = 0x8b6f9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6f900000"
filename = ""
Region:
id = 812
start_va = 0x8b6fa00000
end_va = 0x8b6fafffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6fa00000"
filename = ""
Region:
id = 813
start_va = 0x8b6fb00000
end_va = 0x8b6fb7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6fb00000"
filename = ""
Region:
id = 814
start_va = 0x8b6fb80000
end_va = 0x8b6fc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6fb80000"
filename = ""
Region:
id = 815
start_va = 0x8b6fd80000
end_va = 0x8b6fe7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6fd80000"
filename = ""
Region:
id = 816
start_va = 0x8b6fe80000
end_va = 0x8b6ff7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b6fe80000"
filename = ""
Region:
id = 817
start_va = 0x8b70200000
end_va = 0x8b702fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70200000"
filename = ""
Region:
id = 818
start_va = 0x8b70300000
end_va = 0x8b703fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70300000"
filename = ""
Region:
id = 819
start_va = 0x8b70480000
end_va = 0x8b7057ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70480000"
filename = ""
Region:
id = 820
start_va = 0x8b70580000
end_va = 0x8b7067ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70580000"
filename = ""
Region:
id = 821
start_va = 0x8b70680000
end_va = 0x8b7077ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70680000"
filename = ""
Region:
id = 822
start_va = 0x8b70900000
end_va = 0x8b7097ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70900000"
filename = ""
Region:
id = 823
start_va = 0x8b70a80000
end_va = 0x8b70b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70a80000"
filename = ""
Region:
id = 824
start_va = 0x8b70b80000
end_va = 0x8b70c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70b80000"
filename = ""
Region:
id = 825
start_va = 0x8b70d80000
end_va = 0x8b70e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b70d80000"
filename = ""
Region:
id = 826
start_va = 0x8b71080000
end_va = 0x8b7117ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71080000"
filename = ""
Region:
id = 827
start_va = 0x8b71280000
end_va = 0x8b712fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71280000"
filename = ""
Region:
id = 828
start_va = 0x8b71400000
end_va = 0x8b7147ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71400000"
filename = ""
Region:
id = 829
start_va = 0x8b71680000
end_va = 0x8b716fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71680000"
filename = ""
Region:
id = 830
start_va = 0x8b71700000
end_va = 0x8b717fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71700000"
filename = ""
Region:
id = 831
start_va = 0x8b71800000
end_va = 0x8b718fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71800000"
filename = ""
Region:
id = 832
start_va = 0x8b71a00000
end_va = 0x8b71afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71a00000"
filename = ""
Region:
id = 833
start_va = 0x8b71b00000
end_va = 0x8b71bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71b00000"
filename = ""
Region:
id = 834
start_va = 0x8b71c00000
end_va = 0x8b71cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71c00000"
filename = ""
Region:
id = 835
start_va = 0x8b71d00000
end_va = 0x8b71dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b71d00000"
filename = ""
Region:
id = 836
start_va = 0x8b72200000
end_va = 0x8b722fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72200000"
filename = ""
Region:
id = 837
start_va = 0x8b72300000
end_va = 0x8b723fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72300000"
filename = ""
Region:
id = 838
start_va = 0x8b72400000
end_va = 0x8b724fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72400000"
filename = ""
Region:
id = 839
start_va = 0x8b72500000
end_va = 0x8b725fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72500000"
filename = ""
Region:
id = 840
start_va = 0x8b72600000
end_va = 0x8b726fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72600000"
filename = ""
Region:
id = 841
start_va = 0x8b72a00000
end_va = 0x8b72afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72a00000"
filename = ""
Region:
id = 842
start_va = 0x8b72b00000
end_va = 0x8b72bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72b00000"
filename = ""
Region:
id = 843
start_va = 0x8b72c00000
end_va = 0x8b72cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72c00000"
filename = ""
Region:
id = 844
start_va = 0x8b72f00000
end_va = 0x8b72ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b72f00000"
filename = ""
Region:
id = 845
start_va = 0x8b73000000
end_va = 0x8b730fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73000000"
filename = ""
Region:
id = 846
start_va = 0x8b73100000
end_va = 0x8b731fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73100000"
filename = ""
Region:
id = 847
start_va = 0x8b73200000
end_va = 0x8b732fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73200000"
filename = ""
Region:
id = 848
start_va = 0x8b73300000
end_va = 0x8b733fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73300000"
filename = ""
Region:
id = 849
start_va = 0x8b73400000
end_va = 0x8b7347ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73400000"
filename = ""
Region:
id = 850
start_va = 0x8b73480000
end_va = 0x8b734fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73480000"
filename = ""
Region:
id = 851
start_va = 0x8b73500000
end_va = 0x8b735fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73500000"
filename = ""
Region:
id = 852
start_va = 0x8b73600000
end_va = 0x8b736fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73600000"
filename = ""
Region:
id = 853
start_va = 0x8b73700000
end_va = 0x8b737fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73700000"
filename = ""
Region:
id = 854
start_va = 0x8b73800000
end_va = 0x8b738fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73800000"
filename = ""
Region:
id = 855
start_va = 0x8b73e00000
end_va = 0x8b73efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73e00000"
filename = ""
Region:
id = 856
start_va = 0x8b73f00000
end_va = 0x8b73f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b73f00000"
filename = ""
Region:
id = 857
start_va = 0x8b74200000
end_va = 0x8b742fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74200000"
filename = ""
Region:
id = 858
start_va = 0x8b74300000
end_va = 0x8b7437ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74300000"
filename = ""
Region:
id = 859
start_va = 0x8b74380000
end_va = 0x8b743fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74380000"
filename = ""
Region:
id = 860
start_va = 0x8b74400000
end_va = 0x8b7447ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74400000"
filename = ""
Region:
id = 861
start_va = 0x8b74580000
end_va = 0x8b7467ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74580000"
filename = ""
Region:
id = 862
start_va = 0x8b74680000
end_va = 0x8b7477ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74680000"
filename = ""
Region:
id = 863
start_va = 0x8b74780000
end_va = 0x8b7487ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74780000"
filename = ""
Region:
id = 864
start_va = 0x8b74880000
end_va = 0x8b7497ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74880000"
filename = ""
Region:
id = 865
start_va = 0x8b74980000
end_va = 0x8b74a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74980000"
filename = ""
Region:
id = 866
start_va = 0x8b74b80000
end_va = 0x8b74bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74b80000"
filename = ""
Region:
id = 867
start_va = 0x8b74d00000
end_va = 0x8b74dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74d00000"
filename = ""
Region:
id = 868
start_va = 0x8b74e00000
end_va = 0x8b74efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74e00000"
filename = ""
Region:
id = 869
start_va = 0x8b74f00000
end_va = 0x8b74ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b74f00000"
filename = ""
Region:
id = 870
start_va = 0x8b75000000
end_va = 0x8b750fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b75000000"
filename = ""
Region:
id = 871
start_va = 0x8b75100000
end_va = 0x8b751fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b75100000"
filename = ""
Region:
id = 872
start_va = 0x8b75200000
end_va = 0x8b752fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b75200000"
filename = ""
Region:
id = 873
start_va = 0x8b75300000
end_va = 0x8b753fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b75300000"
filename = ""
Region:
id = 874
start_va = 0x8b75400000
end_va = 0x8b7547ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b75400000"
filename = ""
Region:
id = 875
start_va = 0x8b75480000
end_va = 0x8b7557ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b75480000"
filename = ""
Region:
id = 876
start_va = 0x8b75780000
end_va = 0x8b757fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b75780000"
filename = ""
Region:
id = 877
start_va = 0x8b75900000
end_va = 0x8b759fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000008b75900000"
filename = ""
Region:
id = 878
start_va = 0x24732780000
end_va = 0x2473278ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732780000"
filename = ""
Region:
id = 879
start_va = 0x24732790000
end_va = 0x24732790fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 880
start_va = 0x247327a0000
end_va = 0x247327b4fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000247327a0000"
filename = ""
Region:
id = 881
start_va = 0x247327c0000
end_va = 0x247327c3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000247327c0000"
filename = ""
Region:
id = 882
start_va = 0x247327d0000
end_va = 0x247327d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000247327d0000"
filename = ""
Region:
id = 883
start_va = 0x247327e0000
end_va = 0x247327e1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000247327e0000"
filename = ""
Region:
id = 884
start_va = 0x247327f0000
end_va = 0x247327f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000247327f0000"
filename = ""
Region:
id = 885
start_va = 0x24732800000
end_va = 0x24732800fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024732800000"
filename = ""
Region:
id = 886
start_va = 0x24732810000
end_va = 0x24732810fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732810000"
filename = ""
Region:
id = 887
start_va = 0x24732820000
end_va = 0x24732820fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732820000"
filename = ""
Region:
id = 888
start_va = 0x24732830000
end_va = 0x24732830fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732830000"
filename = ""
Region:
id = 889
start_va = 0x24732840000
end_va = 0x24732840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024732840000"
filename = ""
Region:
id = 890
start_va = 0x24732850000
end_va = 0x24732856fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024732850000"
filename = ""
Region:
id = 891
start_va = 0x24732860000
end_va = 0x24732866fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024732860000"
filename = ""
Region:
id = 892
start_va = 0x24732870000
end_va = 0x24732878fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 893
start_va = 0x24732880000
end_va = 0x24732880fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732880000"
filename = ""
Region:
id = 894
start_va = 0x24732890000
end_va = 0x2473289cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 895
start_va = 0x247328a0000
end_va = 0x247328a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000247328a0000"
filename = ""
Region:
id = 896
start_va = 0x247328b0000
end_va = 0x247328b3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 897
start_va = 0x247328c0000
end_va = 0x247328c3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 898
start_va = 0x247328d0000
end_va = 0x247328e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 899
start_va = 0x247328f0000
end_va = 0x247328f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000247328f0000"
filename = ""
Region:
id = 900
start_va = 0x24732900000
end_va = 0x247329fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024732900000"
filename = ""
Region:
id = 901
start_va = 0x24732a00000
end_va = 0x24732abdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 902
start_va = 0x24732ac0000
end_va = 0x24732b7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732ac0000"
filename = ""
Region:
id = 903
start_va = 0x24732b80000
end_va = 0x24732bc4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 904
start_va = 0x24732bd0000
end_va = 0x24732bd1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "activeds.dll.mui"
filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui")
Region:
id = 905
start_va = 0x24732be0000
end_va = 0x24732becfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iphlpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui")
Region:
id = 906
start_va = 0x24732bf0000
end_va = 0x24732bf1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732bf0000"
filename = ""
Region:
id = 907
start_va = 0x24732c00000
end_va = 0x24732c06fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024732c00000"
filename = ""
Region:
id = 908
start_va = 0x24732c10000
end_va = 0x24732c9dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 909
start_va = 0x24732ca0000
end_va = 0x24732ca9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "crypt32.dll.mui"
filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui")
Region:
id = 910
start_va = 0x24732cc0000
end_va = 0x24732cc6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024732cc0000"
filename = ""
Region:
id = 911
start_va = 0x24732cd0000
end_va = 0x24732cd4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")
Region:
id = 912
start_va = 0x24732ce0000
end_va = 0x24732ceffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")
Region:
id = 913
start_va = 0x24732cf0000
end_va = 0x24732cf2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mswsock.dll.mui"
filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui")
Region:
id = 914
start_va = 0x24732d00000
end_va = 0x24732dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024732d00000"
filename = ""
Region:
id = 915
start_va = 0x24732e00000
end_va = 0x24732f87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732e00000"
filename = ""
Region:
id = 916
start_va = 0x24732f90000
end_va = 0x24733110fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732f90000"
filename = ""
Region:
id = 917
start_va = 0x24733120000
end_va = 0x247331fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 918
start_va = 0x24733200000
end_va = 0x247332fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733200000"
filename = ""
Region:
id = 919
start_va = 0x24733300000
end_va = 0x247333fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733300000"
filename = ""
Region:
id = 920
start_va = 0x24733400000
end_va = 0x24733736fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 921
start_va = 0x24733740000
end_va = 0x2473383ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733740000"
filename = ""
Region:
id = 922
start_va = 0x24733840000
end_va = 0x24733841fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 923
start_va = 0x24733850000
end_va = 0x24733860fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1256.nls"
filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls")
Region:
id = 924
start_va = 0x24733880000
end_va = 0x24733886fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733880000"
filename = ""
Region:
id = 925
start_va = 0x24733890000
end_va = 0x247338a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1251.nls"
filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls")
Region:
id = 926
start_va = 0x247338b0000
end_va = 0x247338c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1254.nls"
filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls")
Region:
id = 927
start_va = 0x247338d0000
end_va = 0x247338e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1250.nls"
filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls")
Region:
id = 928
start_va = 0x247338f0000
end_va = 0x24733900fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1253.nls"
filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls")
Region:
id = 929
start_va = 0x24733910000
end_va = 0x24733916fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733910000"
filename = ""
Region:
id = 930
start_va = 0x24733920000
end_va = 0x24733930fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1257.nls"
filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls")
Region:
id = 931
start_va = 0x24733940000
end_va = 0x24733950fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1255.nls"
filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")
Region:
id = 932
start_va = 0x24733960000
end_va = 0x24733987fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_932.nls"
filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls")
Region:
id = 933
start_va = 0x24733990000
end_va = 0x247339c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_949.nls"
filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls")
Region:
id = 934
start_va = 0x247339d0000
end_va = 0x247339e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_874.nls"
filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls")
Region:
id = 935
start_va = 0x247339f0000
end_va = 0x247339f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usocore.dll.mui"
filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui")
Region:
id = 936
start_va = 0x24733a00000
end_va = 0x24733afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733a00000"
filename = ""
Region:
id = 937
start_va = 0x24733b00000
end_va = 0x24733bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733b00000"
filename = ""
Region:
id = 938
start_va = 0x24733c00000
end_va = 0x24733cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733c00000"
filename = ""
Region:
id = 939
start_va = 0x24733d00000
end_va = 0x24733dfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024733d00000"
filename = ""
Region:
id = 940
start_va = 0x24733e00000
end_va = 0x24733e10fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1258.nls"
filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls")
Region:
id = 941
start_va = 0x24733e20000
end_va = 0x24733e50fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_936.nls"
filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls")
Region:
id = 942
start_va = 0x24733e70000
end_va = 0x24733e76fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733e70000"
filename = ""
Region:
id = 943
start_va = 0x24733e80000
end_va = 0x24733eb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_950.nls"
filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls")
Region:
id = 944
start_va = 0x24733ed0000
end_va = 0x24733ed1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024733ed0000"
filename = ""
Region:
id = 945
start_va = 0x24733fd0000
end_va = 0x24733fd6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733fd0000"
filename = ""
Region:
id = 946
start_va = 0x24733ff0000
end_va = 0x24733ff6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024733ff0000"
filename = ""
Region:
id = 947
start_va = 0x24734000000
end_va = 0x247340fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734000000"
filename = ""
Region:
id = 948
start_va = 0x247342a0000
end_va = 0x247342a6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000247342a0000"
filename = ""
Region:
id = 949
start_va = 0x24734300000
end_va = 0x247343fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734300000"
filename = ""
Region:
id = 950
start_va = 0x24734400000
end_va = 0x247344fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734400000"
filename = ""
Region:
id = 951
start_va = 0x24734500000
end_va = 0x247345fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734500000"
filename = ""
Region:
id = 952
start_va = 0x24734600000
end_va = 0x247346fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734600000"
filename = ""
Region:
id = 953
start_va = 0x24734700000
end_va = 0x247347fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734700000"
filename = ""
Region:
id = 954
start_va = 0x24734800000
end_va = 0x247348fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734800000"
filename = ""
Region:
id = 955
start_va = 0x24734900000
end_va = 0x247349fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734900000"
filename = ""
Region:
id = 956
start_va = 0x24734a00000
end_va = 0x24734afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734a00000"
filename = ""
Region:
id = 957
start_va = 0x24734b00000
end_va = 0x24734bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734b00000"
filename = ""
Region:
id = 958
start_va = 0x24734c00000
end_va = 0x24734cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734c00000"
filename = ""
Region:
id = 959
start_va = 0x24734d00000
end_va = 0x24734dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734d00000"
filename = ""
Region:
id = 960
start_va = 0x24734e00000
end_va = 0x24734efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734e00000"
filename = ""
Region:
id = 961
start_va = 0x24734f00000
end_va = 0x24734ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024734f00000"
filename = ""
Region:
id = 962
start_va = 0x24735000000
end_va = 0x247350fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024735000000"
filename = ""
Region:
id = 963
start_va = 0x24735100000
end_va = 0x247351fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024735100000"
filename = ""
Region:
id = 964
start_va = 0x24735200000
end_va = 0x247352fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024735200000"
filename = ""
Region:
id = 965
start_va = 0x24735300000
end_va = 0x247353fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024735300000"
filename = ""
Region:
id = 966
start_va = 0x24735400000
end_va = 0x247354fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000024735400000"
filename = ""
Region:
id = 967
start_va = 0x7df5ffe70000
end_va = 0x7ff5ffe6ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffe70000"
filename = ""
Region:
id = 968
start_va = 0x7ff6e09a0000
end_va = 0x7ff6e0a9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6e09a0000"
filename = ""
Region:
id = 969
start_va = 0x7ff6e0aa0000
end_va = 0x7ff6e0ac2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff6e0aa0000"
filename = ""
Region:
id = 970
start_va = 0x7ff6e1560000
end_va = 0x7ff6e156cfff
monitored = 0
entry_point = 0x7ff6e1563980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 971
start_va = 0x7ff8558b0000
end_va = 0x7ff8558c7fff
monitored = 0
entry_point = 0x7ff8558b1b10
region_type = mapped_file
name = "locationframeworkinternalps.dll"
filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")
Region:
id = 972
start_va = 0x7ff855fd0000
end_va = 0x7ff855fe6fff
monitored = 0
entry_point = 0x7ff855fd7520
region_type = mapped_file
name = "usoapi.dll"
filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")
Region:
id = 973
start_va = 0x7ff855ff0000
end_va = 0x7ff8560c4fff
monitored = 0
entry_point = 0x7ff85600cf80
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 974
start_va = 0x7ff8561c0000
end_va = 0x7ff856203fff
monitored = 0
entry_point = 0x7ff8561e83e0
region_type = mapped_file
name = "updatehandlers.dll"
filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")
Region:
id = 975
start_va = 0x7ff856210000
end_va = 0x7ff856231fff
monitored = 0
entry_point = 0x7ff856222540
region_type = mapped_file
name = "updatepolicy.dll"
filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")
Region:
id = 976
start_va = 0x7ff856240000
end_va = 0x7ff856257fff
monitored = 0
entry_point = 0x7ff85624b850
region_type = mapped_file
name = "dmcmnutils.dll"
filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")
Region:
id = 977
start_va = 0x7ff856260000
end_va = 0x7ff8562bcfff
monitored = 0
entry_point = 0x7ff85628e510
region_type = mapped_file
name = "usocore.dll"
filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")
Region:
id = 978
start_va = 0x7ff857d20000
end_va = 0x7ff857fcffff
monitored = 0
entry_point = 0x7ff857d21cf0
region_type = mapped_file
name = "netshell.dll"
filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")
Region:
id = 979
start_va = 0x7ff858190000
end_va = 0x7ff8581a1fff
monitored = 0
entry_point = 0x7ff858191a80
region_type = mapped_file
name = "bitsproxy.dll"
filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")
Region:
id = 980
start_va = 0x7ff859cb0000
end_va = 0x7ff859d16fff
monitored = 0
entry_point = 0x7ff859cbb160
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 981
start_va = 0x7ff859d20000
end_va = 0x7ff859e2efff
monitored = 0
entry_point = 0x7ff859d5c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 982
start_va = 0x7ff859e50000
end_va = 0x7ff859e81fff
monitored = 0
entry_point = 0x7ff859e5b0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 983
start_va = 0x7ff859ee0000
end_va = 0x7ff859ffcfff
monitored = 0
entry_point = 0x7ff859f0fe60
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 984
start_va = 0x7ff861060000
end_va = 0x7ff861073fff
monitored = 0
entry_point = 0x7ff861063710
region_type = mapped_file
name = "mskeyprotect.dll"
filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")
Region:
id = 985
start_va = 0x7ff861110000
end_va = 0x7ff86112dfff
monitored = 0
entry_point = 0x7ff86111ef80
region_type = mapped_file
name = "ncryptsslp.dll"
filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")
Region:
id = 986
start_va = 0x7ff861190000
end_va = 0x7ff86120ffff
monitored = 0
entry_point = 0x7ff8611bd280
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 987
start_va = 0x7ff861320000
end_va = 0x7ff861355fff
monitored = 0
entry_point = 0x7ff8613227f0
region_type = mapped_file
name = "windows.networking.hostname.dll"
filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")
Region:
id = 988
start_va = 0x7ff861360000
end_va = 0x7ff861375fff
monitored = 0
entry_point = 0x7ff861361d50
region_type = mapped_file
name = "wwapi.dll"
filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")
Region:
id = 989
start_va = 0x7ff863130000
end_va = 0x7ff8631b3fff
monitored = 0
entry_point = 0x7ff863148d50
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 990
start_va = 0x7ff8631c0000
end_va = 0x7ff863295fff
monitored = 0
entry_point = 0x7ff8631ea800
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 991
start_va = 0x7ff8632b0000
end_va = 0x7ff8632c5fff
monitored = 0
entry_point = 0x7ff8632b1af0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 992
start_va = 0x7ff8632d0000
end_va = 0x7ff8632e9fff
monitored = 0
entry_point = 0x7ff8632d2330
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 993
start_va = 0x7ff8632f0000
end_va = 0x7ff8632fcfff
monitored = 0
entry_point = 0x7ff8632f1420
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 994
start_va = 0x7ff863300000
end_va = 0x7ff863363fff
monitored = 0
entry_point = 0x7ff86331bed0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 995
start_va = 0x7ff863370000
end_va = 0x7ff863394fff
monitored = 0
entry_point = 0x7ff863379900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 996
start_va = 0x7ff8633a0000
end_va = 0x7ff8633b3fff
monitored = 0
entry_point = 0x7ff8633a1800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 997
start_va = 0x7ff8633c0000
end_va = 0x7ff8634b5fff
monitored = 0
entry_point = 0x7ff8633f9590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 998
start_va = 0x7ff8634c0000
end_va = 0x7ff863533fff
monitored = 0
entry_point = 0x7ff8634d5eb0
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 999
start_va = 0x7ff863540000
end_va = 0x7ff863676fff
monitored = 0
entry_point = 0x7ff863580480
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 1000
start_va = 0x7ff863a30000
end_va = 0x7ff863a40fff
monitored = 0
entry_point = 0x7ff863a37480
region_type = mapped_file
name = "tetheringclient.dll"
filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")
Region:
id = 1001
start_va = 0x7ff863a50000
end_va = 0x7ff863a65fff
monitored = 0
entry_point = 0x7ff863a555e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1002
start_va = 0x7ff863ed0000
end_va = 0x7ff863edefff
monitored = 0
entry_point = 0x7ff863ed4960
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 1003
start_va = 0x7ff863ee0000
end_va = 0x7ff863ef0fff
monitored = 0
entry_point = 0x7ff863ee2fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1004
start_va = 0x7ff863f00000
end_va = 0x7ff863f1dfff
monitored = 0
entry_point = 0x7ff863f03a40
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1005
start_va = 0x7ff863f20000
end_va = 0x7ff863fa1fff
monitored = 0
entry_point = 0x7ff863f22a10
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 1006
start_va = 0x7ff864010000
end_va = 0x7ff86401bfff
monitored = 0
entry_point = 0x7ff8640135c0
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1007
start_va = 0x7ff864070000
end_va = 0x7ff8640affff
monitored = 0
entry_point = 0x7ff86407cbe0
region_type = mapped_file
name = "adsldpc.dll"
filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")
Region:
id = 1008
start_va = 0x7ff8640b0000
end_va = 0x7ff8640f6fff
monitored = 0
entry_point = 0x7ff8640b1d10
region_type = mapped_file
name = "activeds.dll"
filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll")
Region:
id = 1009
start_va = 0x7ff8641b0000
end_va = 0x7ff8641f1fff
monitored = 0
entry_point = 0x7ff8641b3670
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 1010
start_va = 0x7ff864200000
end_va = 0x7ff864207fff
monitored = 0
entry_point = 0x7ff8642013b0
region_type = mapped_file
name = "dmiso8601utils.dll"
filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")
Region:
id = 1011
start_va = 0x7ff8643f0000
end_va = 0x7ff86442ffff
monitored = 0
entry_point = 0x7ff864406c60
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 1012
start_va = 0x7ff864430000
end_va = 0x7ff86444efff
monitored = 0
entry_point = 0x7ff8644337e0
region_type = mapped_file
name = "netsetupapi.dll"
filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")
Region:
id = 1013
start_va = 0x7ff864450000
end_va = 0x7ff8644c8fff
monitored = 0
entry_point = 0x7ff8644576a0
region_type = mapped_file
name = "netsetupshim.dll"
filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")
Region:
id = 1014
start_va = 0x7ff8644d0000
end_va = 0x7ff8644e7fff
monitored = 0
entry_point = 0x7ff8644d4e10
region_type = mapped_file
name = "adhsvc.dll"
filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")
Region:
id = 1015
start_va = 0x7ff8644f0000
end_va = 0x7ff864514fff
monitored = 0
entry_point = 0x7ff8644f5ca0
region_type = mapped_file
name = "httpprxm.dll"
filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")
Region:
id = 1016
start_va = 0x7ff8645f0000
end_va = 0x7ff864630fff
monitored = 0
entry_point = 0x7ff8645f3750
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 1017
start_va = 0x7ff864640000
end_va = 0x7ff864732fff
monitored = 0
entry_point = 0x7ff864665d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1018
start_va = 0x7ff864830000
end_va = 0x7ff864847fff
monitored = 0
entry_point = 0x7ff864832000
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 1019
start_va = 0x7ff864850000
end_va = 0x7ff8649d1fff
monitored = 0
entry_point = 0x7ff8648682a0
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 1020
start_va = 0x7ff8649e0000
end_va = 0x7ff864a82fff
monitored = 0
entry_point = 0x7ff8649e2c10
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 1021
start_va = 0x7ff864a90000
end_va = 0x7ff864ae1fff
monitored = 0
entry_point = 0x7ff864a95770
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 1022
start_va = 0x7ff864af0000
end_va = 0x7ff864b1dfff
monitored = 1
entry_point = 0x7ff864af2300
region_type = mapped_file
name = "wmidcom.dll"
filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")
Region:
id = 1023
start_va = 0x7ff864b20000
end_va = 0x7ff864b7dfff
monitored = 0
entry_point = 0x7ff864b25080
region_type = mapped_file
name = "miutils.dll"
filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")
Region:
id = 1024
start_va = 0x7ff864b80000
end_va = 0x7ff864b9ffff
monitored = 0
entry_point = 0x7ff864b81f50
region_type = mapped_file
name = "mi.dll"
filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")
Region:
id = 1025
start_va = 0x7ff864ba0000
end_va = 0x7ff864ba8fff
monitored = 0
entry_point = 0x7ff864ba18f0
region_type = mapped_file
name = "sscoreext.dll"
filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")
Region:
id = 1026
start_va = 0x7ff864bb0000
end_va = 0x7ff864bc0fff
monitored = 0
entry_point = 0x7ff864bb1d30
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 1027
start_va = 0x7ff864c00000
end_va = 0x7ff864c7efff
monitored = 0
entry_point = 0x7ff864c17110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1028
start_va = 0x7ff864c80000
end_va = 0x7ff864cbbfff
monitored = 0
entry_point = 0x7ff864c86aa0
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 1029
start_va = 0x7ff865310000
end_va = 0x7ff86535bfff
monitored = 0
entry_point = 0x7ff865325310
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 1030
start_va = 0x7ff865400000
end_va = 0x7ff865434fff
monitored = 0
entry_point = 0x7ff86540a270
region_type = mapped_file
name = "fwpolicyiomgr.dll"
filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")
Region:
id = 1031
start_va = 0x7ff8657b0000
end_va = 0x7ff8657b9fff
monitored = 0
entry_point = 0x7ff8657b14c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1032
start_va = 0x7ff865ca0000
end_va = 0x7ff865ca8fff
monitored = 0
entry_point = 0x7ff865ca21d0
region_type = mapped_file
name = "httpprxc.dll"
filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")
Region:
id = 1033
start_va = 0x7ff865e30000
end_va = 0x7ff865e44fff
monitored = 0
entry_point = 0x7ff865e32dc0
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")
Region:
id = 1034
start_va = 0x7ff865f30000
end_va = 0x7ff865f3ffff
monitored = 0
entry_point = 0x7ff865f31700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 1035
start_va = 0x7ff865f40000
end_va = 0x7ff865f48fff
monitored = 0
entry_point = 0x7ff865f41ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 1036
start_va = 0x7ff865f50000
end_va = 0x7ff865f7cfff
monitored = 0
entry_point = 0x7ff865f52290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 1037
start_va = 0x7ff865f80000
end_va = 0x7ff865fd1fff
monitored = 0
entry_point = 0x7ff865f838e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 1038
start_va = 0x7ff866720000
end_va = 0x7ff86672dfff
monitored = 0
entry_point = 0x7ff866721460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1039
start_va = 0x7ff8669c0000
end_va = 0x7ff8669d1fff
monitored = 0
entry_point = 0x7ff8669c3580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1040
start_va = 0x7ff866a50000
end_va = 0x7ff866a6afff
monitored = 0
entry_point = 0x7ff866a51040
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1041
start_va = 0x7ff866b00000
end_va = 0x7ff866b13fff
monitored = 0
entry_point = 0x7ff866b02a00
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 1042
start_va = 0x7ff866b20000
end_va = 0x7ff866bb9fff
monitored = 0
entry_point = 0x7ff866b3ada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 1043
start_va = 0x7ff866bc0000
end_va = 0x7ff866bd4fff
monitored = 0
entry_point = 0x7ff866bc3460
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 1044
start_va = 0x7ff866cc0000
end_va = 0x7ff866d26fff
monitored = 0
entry_point = 0x7ff866cc63e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1045
start_va = 0x7ff866d40000
end_va = 0x7ff866d85fff
monitored = 0
entry_point = 0x7ff866d479a0
region_type = mapped_file
name = "adsldp.dll"
filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll")
Region:
id = 1046
start_va = 0x7ff866e30000
end_va = 0x7ff866e3afff
monitored = 0
entry_point = 0x7ff866e31d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1047
start_va = 0x7ff866e90000
end_va = 0x7ff866ea9fff
monitored = 0
entry_point = 0x7ff866e92430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1048
start_va = 0x7ff866eb0000
end_va = 0x7ff866ec5fff
monitored = 0
entry_point = 0x7ff866eb19f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1049
start_va = 0x7ff867020000
end_va = 0x7ff8670cdfff
monitored = 0
entry_point = 0x7ff8670380c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 1050
start_va = 0x7ff8670d0000
end_va = 0x7ff8670e1fff
monitored = 0
entry_point = 0x7ff8670d9260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 1051
start_va = 0x7ff8670f0000
end_va = 0x7ff8671a0fff
monitored = 0
entry_point = 0x7ff8671688b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 1052
start_va = 0x7ff8671b0000
end_va = 0x7ff8671d4fff
monitored = 0
entry_point = 0x7ff8671c2f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 1053
start_va = 0x7ff8671e0000
end_va = 0x7ff8671f0fff
monitored = 0
entry_point = 0x7ff8671e7ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 1054
start_va = 0x7ff867200000
end_va = 0x7ff867219fff
monitored = 0
entry_point = 0x7ff867202cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 1055
start_va = 0x7ff867220000
end_va = 0x7ff8672dffff
monitored = 0
entry_point = 0x7ff86724fd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 1056
start_va = 0x7ff8672e0000
end_va = 0x7ff867317fff
monitored = 0
entry_point = 0x7ff8672f8cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1057
start_va = 0x7ff867320000
end_va = 0x7ff867374fff
monitored = 0
entry_point = 0x7ff867323fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 1058
start_va = 0x7ff867380000
end_va = 0x7ff8673b6fff
monitored = 0
entry_point = 0x7ff867386020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 1059
start_va = 0x7ff8673c0000
end_va = 0x7ff8673dffff
monitored = 0
entry_point = 0x7ff8673c39a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 1060
start_va = 0x7ff8673e0000
end_va = 0x7ff8673ebfff
monitored = 0
entry_point = 0x7ff8673e14d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 1061
start_va = 0x7ff8673f0000
end_va = 0x7ff867430fff
monitored = 0
entry_point = 0x7ff8673f4840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 1062
start_va = 0x7ff867550000
end_va = 0x7ff867617fff
monitored = 0
entry_point = 0x7ff8675913f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1063
start_va = 0x7ff867620000
end_va = 0x7ff867680fff
monitored = 0
entry_point = 0x7ff867624b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 1064
start_va = 0x7ff867690000
end_va = 0x7ff86780bfff
monitored = 0
entry_point = 0x7ff8676e1650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 1065
start_va = 0x7ff867810000
end_va = 0x7ff86781afff
monitored = 0
entry_point = 0x7ff867811770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 1066
start_va = 0x7ff867aa0000
end_va = 0x7ff867acdfff
monitored = 0
entry_point = 0x7ff867aa7550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 1067
start_va = 0x7ff867b40000
end_va = 0x7ff867b4bfff
monitored = 0
entry_point = 0x7ff867b42830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 1068
start_va = 0x7ff867c40000
end_va = 0x7ff867c53fff
monitored = 0
entry_point = 0x7ff867c42d50
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 1069
start_va = 0x7ff867fd0000
end_va = 0x7ff868062fff
monitored = 0
entry_point = 0x7ff867fd9680
region_type = mapped_file
name = "msvcp_win.dll"
filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")
Region:
id = 1070
start_va = 0x7ff868070000
end_va = 0x7ff86808efff
monitored = 0
entry_point = 0x7ff868074960
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 1071
start_va = 0x7ff868180000
end_va = 0x7ff868198fff
monitored = 0
entry_point = 0x7ff868184520
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1072
start_va = 0x7ff868250000
end_va = 0x7ff868265fff
monitored = 0
entry_point = 0x7ff868251b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1073
start_va = 0x7ff868270000
end_va = 0x7ff86827cfff
monitored = 0
entry_point = 0x7ff868272ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 1074
start_va = 0x7ff868280000
end_va = 0x7ff8682aefff
monitored = 0
entry_point = 0x7ff868288910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 1075
start_va = 0x7ff8686f0000
end_va = 0x7ff8687d5fff
monitored = 0
entry_point = 0x7ff86870cf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 1076
start_va = 0x7ff868830000
end_va = 0x7ff868846fff
monitored = 0
entry_point = 0x7ff868835630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1077
start_va = 0x7ff868890000
end_va = 0x7ff868921fff
monitored = 0
entry_point = 0x7ff8688da780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 1078
start_va = 0x7ff8689b0000
end_va = 0x7ff868a1dfff
monitored = 0
entry_point = 0x7ff8689b7f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 1079
start_va = 0x7ff868a20000
end_va = 0x7ff868a2ffff
monitored = 0
entry_point = 0x7ff868a22c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 1080
start_va = 0x7ff868a30000
end_va = 0x7ff868aa9fff
monitored = 0
entry_point = 0x7ff868a57630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1081
start_va = 0x7ff868c70000
end_va = 0x7ff868ff1fff
monitored = 0
entry_point = 0x7ff868cc1220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1082
start_va = 0x7ff869000000
end_va = 0x7ff869135fff
monitored = 0
entry_point = 0x7ff86902f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1083
start_va = 0x7ff86a230000
end_va = 0x7ff86a33dfff
monitored = 0
entry_point = 0x7ff86a27eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 1084
start_va = 0x7ff86a660000
end_va = 0x7ff86a670fff
monitored = 0
entry_point = 0x7ff86a663320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1085
start_va = 0x7ff86a680000
end_va = 0x7ff86a6c0fff
monitored = 0
entry_point = 0x7ff86a697eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 1086
start_va = 0x7ff86a6d0000
end_va = 0x7ff86a7cbfff
monitored = 0
entry_point = 0x7ff86a706df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 1087
start_va = 0x7ff86a880000
end_va = 0x7ff86a8bdfff
monitored = 0
entry_point = 0x7ff86a88a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1088
start_va = 0x7ff86a8c0000
end_va = 0x7ff86a8e6fff
monitored = 0
entry_point = 0x7ff86a8c3bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 1089
start_va = 0x7ff86a930000
end_va = 0x7ff86a942fff
monitored = 0
entry_point = 0x7ff86a9357f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 1090
start_va = 0x7ff86a950000
end_va = 0x7ff86a9a4fff
monitored = 0
entry_point = 0x7ff86a95fc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 1091
start_va = 0x7ff86a9b0000
end_va = 0x7ff86aa13fff
monitored = 0
entry_point = 0x7ff86a9c5ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1092
start_va = 0x7ff86abe0000
end_va = 0x7ff86ac9efff
monitored = 0
entry_point = 0x7ff86ac01c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 1093
start_va = 0x7ff86acd0000
end_va = 0x7ff86ad05fff
monitored = 0
entry_point = 0x7ff86ace0070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1094
start_va = 0x7ff86b5b0000
end_va = 0x7ff86b5b9fff
monitored = 0
entry_point = 0x7ff86b5b1660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1095
start_va = 0x7ff86b5c0000
end_va = 0x7ff86b5d7fff
monitored = 0
entry_point = 0x7ff86b5c5910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1096
start_va = 0x7ff86b5e0000
end_va = 0x7ff86b72cfff
monitored = 0
entry_point = 0x7ff86b623da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 1097
start_va = 0x7ff86b940000
end_va = 0x7ff86b947fff
monitored = 0
entry_point = 0x7ff86b9413e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 1098
start_va = 0x7ff86b980000
end_va = 0x7ff86b9bffff
monitored = 0
entry_point = 0x7ff86b991960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 1099
start_va = 0x7ff86bb70000
end_va = 0x7ff86bb7afff
monitored = 0
entry_point = 0x7ff86bb71de0
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 1100
start_va = 0x7ff86bb80000
end_va = 0x7ff86bb9cfff
monitored = 0
entry_point = 0x7ff86bb84f60
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 1101
start_va = 0x7ff86bba0000
end_va = 0x7ff86bbb0fff
monitored = 0
entry_point = 0x7ff86bba28d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 1102
start_va = 0x7ff86bf90000
end_va = 0x7ff86c422fff
monitored = 0
entry_point = 0x7ff86bf9f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 1103
start_va = 0x7ff86c430000
end_va = 0x7ff86c496fff
monitored = 0
entry_point = 0x7ff86c44e710
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")
Region:
id = 1104
start_va = 0x7ff86c9a0000
end_va = 0x7ff86cb25fff
monitored = 0
entry_point = 0x7ff86c9ed700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1105
start_va = 0x7ff86cb30000
end_va = 0x7ff86cb4bfff
monitored = 0
entry_point = 0x7ff86cb337a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 1106
start_va = 0x7ff86cb90000
end_va = 0x7ff86cba2fff
monitored = 0
entry_point = 0x7ff86cb92760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1107
start_va = 0x7ff86cc60000
end_va = 0x7ff86cc69fff
monitored = 0
entry_point = 0x7ff86cc61350
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1108
start_va = 0x7ff86cd00000
end_va = 0x7ff86cd78fff
monitored = 0
entry_point = 0x7ff86cd1fb90
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1109
start_va = 0x7ff86ce40000
end_va = 0x7ff86cee9fff
monitored = 0
entry_point = 0x7ff86ce67910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1110
start_va = 0x7ff86cef0000
end_va = 0x7ff86cf16fff
monitored = 0
entry_point = 0x7ff86cef7940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1111
start_va = 0x7ff86cf20000
end_va = 0x7ff86d01ffff
monitored = 0
entry_point = 0x7ff86cf60f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 1112
start_va = 0x7ff86d0d0000
end_va = 0x7ff86d0dbfff
monitored = 0
entry_point = 0x7ff86d0d2480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 1113
start_va = 0x7ff86d1a0000
end_va = 0x7ff86d1d1fff
monitored = 0
entry_point = 0x7ff86d1b2340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 1114
start_va = 0x7ff86d410000
end_va = 0x7ff86d41bfff
monitored = 0
entry_point = 0x7ff86d412790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 1115
start_va = 0x7ff86d420000
end_va = 0x7ff86d443fff
monitored = 0
entry_point = 0x7ff86d423260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1116
start_va = 0x7ff86d5c0000
end_va = 0x7ff86d6b3fff
monitored = 0
entry_point = 0x7ff86d5ca960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1117
start_va = 0x7ff86d710000
end_va = 0x7ff86d758fff
monitored = 0
entry_point = 0x7ff86d71a090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 1118
start_va = 0x7ff86d830000
end_va = 0x7ff86d83bfff
monitored = 0
entry_point = 0x7ff86d8327e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1119
start_va = 0x7ff86d910000
end_va = 0x7ff86d940fff
monitored = 0
entry_point = 0x7ff86d917d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1120
start_va = 0x7ff86d970000
end_va = 0x7ff86d9e9fff
monitored = 0
entry_point = 0x7ff86d991a50
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1121
start_va = 0x7ff86da30000
end_va = 0x7ff86da63fff
monitored = 0
entry_point = 0x7ff86da4ae70
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1122
start_va = 0x7ff86da70000
end_va = 0x7ff86da79fff
monitored = 0
entry_point = 0x7ff86da71830
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 1123
start_va = 0x7ff86db80000
end_va = 0x7ff86db9efff
monitored = 0
entry_point = 0x7ff86db85d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1124
start_va = 0x7ff86dcf0000
end_va = 0x7ff86dd4bfff
monitored = 0
entry_point = 0x7ff86dd06f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1125
start_va = 0x7ff86dda0000
end_va = 0x7ff86ddb6fff
monitored = 0
entry_point = 0x7ff86dda79d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1126
start_va = 0x7ff86dec0000
end_va = 0x7ff86decafff
monitored = 0
entry_point = 0x7ff86dec19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1127
start_va = 0x7ff86df00000
end_va = 0x7ff86df20fff
monitored = 0
entry_point = 0x7ff86df10250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 1128
start_va = 0x7ff86df50000
end_va = 0x7ff86df89fff
monitored = 0
entry_point = 0x7ff86df58d20
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 1129
start_va = 0x7ff86df90000
end_va = 0x7ff86dfb6fff
monitored = 0
entry_point = 0x7ff86dfa0aa0
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 1130
start_va = 0x7ff86e0a0000
end_va = 0x7ff86e0ccfff
monitored = 0
entry_point = 0x7ff86e0b9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1131
start_va = 0x7ff86e230000
end_va = 0x7ff86e285fff
monitored = 0
entry_point = 0x7ff86e240bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1132
start_va = 0x7ff86e290000
end_va = 0x7ff86e2a8fff
monitored = 0
entry_point = 0x7ff86e295e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 1133
start_va = 0x7ff86e2b0000
end_va = 0x7ff86e2d8fff
monitored = 0
entry_point = 0x7ff86e2c4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1134
start_va = 0x7ff86e2e0000
end_va = 0x7ff86e378fff
monitored = 0
entry_point = 0x7ff86e30f4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1135
start_va = 0x7ff86e420000
end_va = 0x7ff86e46afff
monitored = 0
entry_point = 0x7ff86e4235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1136
start_va = 0x7ff86e470000
end_va = 0x7ff86e483fff
monitored = 0
entry_point = 0x7ff86e4752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1137
start_va = 0x7ff86e490000
end_va = 0x7ff86e49efff
monitored = 0
entry_point = 0x7ff86e493210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1138
start_va = 0x7ff86e4a0000
end_va = 0x7ff86e4affff
monitored = 0
entry_point = 0x7ff86e4a56e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1139
start_va = 0x7ff86e4b0000
end_va = 0x7ff86e519fff
monitored = 0
entry_point = 0x7ff86e4e6d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1140
start_va = 0x7ff86e520000
end_va = 0x7ff86e707fff
monitored = 0
entry_point = 0x7ff86e54ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1141
start_va = 0x7ff86e7c0000
end_va = 0x7ff86e986fff
monitored = 0
entry_point = 0x7ff86e81db80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1142
start_va = 0x7ff86e990000
end_va = 0x7ff86efd3fff
monitored = 0
entry_point = 0x7ff86eb564b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1143
start_va = 0x7ff86efe0000
end_va = 0x7ff86f065fff
monitored = 0
entry_point = 0x7ff86efed8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1144
start_va = 0x7ff86f070000
end_va = 0x7ff86f124fff
monitored = 0
entry_point = 0x7ff86f0b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1145
start_va = 0x7ff86f130000
end_va = 0x7ff86f172fff
monitored = 0
entry_point = 0x7ff86f144b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1146
start_va = 0x7ff86f180000
end_va = 0x7ff86f1d4fff
monitored = 0
entry_point = 0x7ff86f197970
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1147
start_va = 0x7ff86f1e0000
end_va = 0x7ff86f1f6fff
monitored = 0
entry_point = 0x7ff86f1e1390
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1148
start_va = 0x7ff86f210000
end_va = 0x7ff86f2acfff
monitored = 0
entry_point = 0x7ff86f2178a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1149
start_va = 0x7ff86f2b0000
end_va = 0x7ff86f52cfff
monitored = 0
entry_point = 0x7ff86f384970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1150
start_va = 0x7ff86f550000
end_va = 0x7ff86f5a1fff
monitored = 0
entry_point = 0x7ff86f55f530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1151
start_va = 0x7ff86f5b0000
end_va = 0x7ff86f60afff
monitored = 0
entry_point = 0x7ff86f5c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1152
start_va = 0x7ff86f7c0000
end_va = 0x7ff86f82afff
monitored = 0
entry_point = 0x7ff86f7d90c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1153
start_va = 0x7ff86f9f0000
end_va = 0x7ff870f4efff
monitored = 0
entry_point = 0x7ff86fb511f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1154
start_va = 0x7ff870fd0000
end_va = 0x7ff8710ebfff
monitored = 0
entry_point = 0x7ff8710102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1155
start_va = 0x7ff8710f0000
end_va = 0x7ff8711b0fff
monitored = 0
entry_point = 0x7ff871110da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1156
start_va = 0x7ff871200000
end_va = 0x7ff871207fff
monitored = 0
entry_point = 0x7ff871201ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1157
start_va = 0x7ff871320000
end_va = 0x7ff871748fff
monitored = 0
entry_point = 0x7ff871348740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1158
start_va = 0x7ff871750000
end_va = 0x7ff8717f6fff
monitored = 0
entry_point = 0x7ff87175b4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1159
start_va = 0x7ff871800000
end_va = 0x7ff87185bfff
monitored = 0
entry_point = 0x7ff87181b720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1160
start_va = 0x7ff871860000
end_va = 0x7ff8719a2fff
monitored = 0
entry_point = 0x7ff871888210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1161
start_va = 0x7ff8719b0000
end_va = 0x7ff871b05fff
monitored = 0
entry_point = 0x7ff8719ba8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1162
start_va = 0x7ff871b10000
end_va = 0x7ff871bb6fff
monitored = 0
entry_point = 0x7ff871b258d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1163
start_va = 0x7ff871bc0000
end_va = 0x7ff871c6cfff
monitored = 0
entry_point = 0x7ff871bd81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1164
start_va = 0x7ff871c70000
end_va = 0x7ff871df5fff
monitored = 0
entry_point = 0x7ff871cbffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1165
start_va = 0x7ff871e00000
end_va = 0x7ff871fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1324
start_va = 0x24732cb0000
end_va = 0x24732cb0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732cb0000"
filename = ""
Region:
id = 1499
start_va = 0x24732cb0000
end_va = 0x24732cb0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000024732cb0000"
filename = ""
Thread:
id = 25
os_tid = 0x1010
Thread:
id = 26
os_tid = 0x3b4
Thread:
id = 27
os_tid = 0x864
Thread:
id = 28
os_tid = 0xb78
Thread:
id = 29
os_tid = 0xac8
Thread:
id = 30
os_tid = 0xb94
Thread:
id = 31
os_tid = 0x3c0
Thread:
id = 32
os_tid = 0x4ac
Thread:
id = 33
os_tid = 0x388
Thread:
id = 34
os_tid = 0x548
Thread:
id = 35
os_tid = 0x17c
Thread:
id = 36
os_tid = 0x404
Thread:
id = 37
os_tid = 0x354
Thread:
id = 38
os_tid = 0x7c8
Thread:
id = 39
os_tid = 0x408
Thread:
id = 40
os_tid = 0xab8
Thread:
id = 41
os_tid = 0xad4
Thread:
id = 42
os_tid = 0xa9c
Thread:
id = 43
os_tid = 0x918
Thread:
id = 44
os_tid = 0x8c
Thread:
id = 45
os_tid = 0xf0
Thread:
id = 46
os_tid = 0xb20
Thread:
id = 47
os_tid = 0x298
Thread:
id = 48
os_tid = 0x278
Thread:
id = 49
os_tid = 0x4b8
Thread:
id = 50
os_tid = 0x960
Thread:
id = 51
os_tid = 0x80c
Thread:
id = 52
os_tid = 0x9c0
Thread:
id = 53
os_tid = 0x9f0
Thread:
id = 54
os_tid = 0xa6c
Thread:
id = 55
os_tid = 0xa68
Thread:
id = 56
os_tid = 0xb64
Thread:
id = 57
os_tid = 0x334
Thread:
id = 58
os_tid = 0xb80
Thread:
id = 59
os_tid = 0xb90
Thread:
id = 60
os_tid = 0x858
Thread:
id = 61
os_tid = 0x578
Thread:
id = 62
os_tid = 0x784
Thread:
id = 63
os_tid = 0x774
Thread:
id = 64
os_tid = 0x698
Thread:
id = 65
os_tid = 0x644
Thread:
id = 66
os_tid = 0x684
Thread:
id = 67
os_tid = 0x668
Thread:
id = 68
os_tid = 0x40c
Thread:
id = 69
os_tid = 0x7ec
Thread:
id = 70
os_tid = 0x7d0
Thread:
id = 71
os_tid = 0x518
Thread:
id = 72
os_tid = 0x7c0
Thread:
id = 73
os_tid = 0x7b8
Thread:
id = 74
os_tid = 0x7b0
Thread:
id = 75
os_tid = 0x79c
Thread:
id = 76
os_tid = 0x790
Thread:
id = 77
os_tid = 0x740
Thread:
id = 78
os_tid = 0x474
Thread:
id = 79
os_tid = 0x700
Thread:
id = 80
os_tid = 0x6e4
Thread:
id = 81
os_tid = 0x6c4
Thread:
id = 82
os_tid = 0x570
Thread:
id = 83
os_tid = 0x4d0
Thread:
id = 84
os_tid = 0x4a4
Thread:
id = 85
os_tid = 0x48c
Thread:
id = 86
os_tid = 0x45c
Thread:
id = 87
os_tid = 0x444
Thread:
id = 88
os_tid = 0x3ac
Thread:
id = 89
os_tid = 0x3b0
Thread:
id = 90
os_tid = 0x2e4
Thread:
id = 91
os_tid = 0x2a8
Thread:
id = 92
os_tid = 0x170
Thread:
id = 93
os_tid = 0x260
Thread:
id = 94
os_tid = 0x20c
Thread:
id = 95
os_tid = 0x178
Thread:
id = 96
os_tid = 0x158
Thread:
id = 97
os_tid = 0x3f4
Thread:
id = 98
os_tid = 0x3e4
Thread:
id = 99
os_tid = 0x364
Process:
id = "7"
image_name = "221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
page_root = "0x6aefe000"
os_pid = "0x11cc"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xd2c"
cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f188" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1220
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1221
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1222
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1223
start_va = 0x90000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 1224
start_va = 0x190000
end_va = 0x193fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1225
start_va = 0x1a0000
end_va = 0x1a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1226
start_va = 0x1b0000
end_va = 0x1b1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1227
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1228
start_va = 0x5b0000
end_va = 0x673fff
monitored = 1
entry_point = 0x66cd7e
region_type = mapped_file
name = "221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe")
Region:
id = 1229
start_va = 0x680000
end_va = 0x681fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 1230
start_va = 0x770a0000
end_va = 0x7721afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1231
start_va = 0x7f330000
end_va = 0x7f352fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f330000"
filename = ""
Region:
id = 1232
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1233
start_va = 0x7fff0000
end_va = 0x7ff871dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1234
start_va = 0x7ff871e00000
end_va = 0x7ff871fc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1235
start_va = 0x7ff871fc1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ff871fc1000"
filename = ""
Region:
id = 1236
start_va = 0x400000
end_va = 0x425fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1246
start_va = 0x690000
end_va = 0x83ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 1247
start_va = 0x53800000
end_va = 0x5384ffff
monitored = 0
entry_point = 0x53818180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1248
start_va = 0x53850000
end_va = 0x538c9fff
monitored = 0
entry_point = 0x53863290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1249
start_va = 0x75a70000
end_va = 0x75b4ffff
monitored = 0
entry_point = 0x75a83980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1250
start_va = 0x537f0000
end_va = 0x537f7fff
monitored = 0
entry_point = 0x537f17c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1251
start_va = 0x690000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 1252
start_va = 0x830000
end_va = 0x83ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 1253
start_va = 0x6f940000
end_va = 0x6f998fff
monitored = 1
entry_point = 0x6f950780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1254
start_va = 0x75a70000
end_va = 0x75b4ffff
monitored = 0
entry_point = 0x75a83980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1255
start_va = 0x75250000
end_va = 0x753cdfff
monitored = 0
entry_point = 0x75301b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1256
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1257
start_va = 0x7f230000
end_va = 0x7f32ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f230000"
filename = ""
Region:
id = 1258
start_va = 0x430000
end_va = 0x4edfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1259
start_va = 0x840000
end_va = 0x9bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 1260
start_va = 0x680000
end_va = 0x683fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 1261
start_va = 0x75820000
end_va = 0x7589afff
monitored = 0
entry_point = 0x7583e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1262
start_va = 0x75cf0000
end_va = 0x75dadfff
monitored = 0
entry_point = 0x75d25630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1263
start_va = 0x1c0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1264
start_va = 0x840000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 1265
start_va = 0x9b0000
end_va = 0x9bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009b0000"
filename = ""
Region:
id = 1266
start_va = 0x75520000
end_va = 0x75563fff
monitored = 0
entry_point = 0x75539d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1267
start_va = 0x76650000
end_va = 0x766fcfff
monitored = 0
entry_point = 0x76664f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1268
start_va = 0x73dd0000
end_va = 0x73dedfff
monitored = 0
entry_point = 0x73ddb640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1269
start_va = 0x73dc0000
end_va = 0x73dc9fff
monitored = 0
entry_point = 0x73dc2a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1270
start_va = 0x767a0000
end_va = 0x767f7fff
monitored = 0
entry_point = 0x767e25c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 1271
start_va = 0x690000
end_va = 0x71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 1272
start_va = 0x730000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 1275
start_va = 0x6f670000
end_va = 0x6f6ecfff
monitored = 1
entry_point = 0x6f680db0
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1278
start_va = 0x75bb0000
end_va = 0x75bf4fff
monitored = 0
entry_point = 0x75bcde90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1279
start_va = 0x758a0000
end_va = 0x75a5cfff
monitored = 0
entry_point = 0x75982a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 1280
start_va = 0x75db0000
end_va = 0x75efefff
monitored = 0
entry_point = 0x75e66820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1281
start_va = 0x753d0000
end_va = 0x75516fff
monitored = 0
entry_point = 0x753e1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1282
start_va = 0x690000
end_va = 0x6b9fff
monitored = 0
entry_point = 0x695680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1283
start_va = 0x710000
end_va = 0x71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000710000"
filename = ""
Region:
id = 1284
start_va = 0x9c0000
end_va = 0xb47fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009c0000"
filename = ""
Region:
id = 1285
start_va = 0x757f0000
end_va = 0x7581afff
monitored = 0
entry_point = 0x757f5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1286
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1287
start_va = 0x4f0000
end_va = 0x4f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 1288
start_va = 0xb50000
end_va = 0xcd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b50000"
filename = ""
Region:
id = 1289
start_va = 0xce0000
end_va = 0x20dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ce0000"
filename = ""
Region:
id = 1290
start_va = 0x20e0000
end_va = 0x219ffff
monitored = 1
entry_point = 0x219cd7e
region_type = mapped_file
name = "221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe")
Region:
id = 1291
start_va = 0x75a60000
end_va = 0x75a6bfff
monitored = 0
entry_point = 0x75a63930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1292
start_va = 0x6f930000
end_va = 0x6f937fff
monitored = 0
entry_point = 0x6f9317b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1293
start_va = 0x6ef80000
end_va = 0x6f660fff
monitored = 1
entry_point = 0x6efacd70
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1294
start_va = 0x6ee80000
end_va = 0x6ef74fff
monitored = 0
entry_point = 0x6eed4160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 1295
start_va = 0x690000
end_va = 0x690fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000690000"
filename = ""
Region:
id = 1296
start_va = 0x6a0000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006a0000"
filename = ""
Region:
id = 1297
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1298
start_va = 0x6c0000
end_va = 0x6cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 1299
start_va = 0x6d0000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 1300
start_va = 0x6e0000
end_va = 0x6effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006e0000"
filename = ""
Region:
id = 1301
start_va = 0x6f0000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006f0000"
filename = ""
Region:
id = 1302
start_va = 0x700000
end_va = 0x700fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1303
start_va = 0x720000
end_va = 0x720fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 1304
start_va = 0x940000
end_va = 0x94ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000940000"
filename = ""
Region:
id = 1305
start_va = 0x20e0000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020e0000"
filename = ""
Region:
id = 1306
start_va = 0x500000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 1307
start_va = 0x20e0000
end_va = 0x21dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020e0000"
filename = ""
Region:
id = 1308
start_va = 0x22b0000
end_va = 0x22bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022b0000"
filename = ""
Region:
id = 1309
start_va = 0x950000
end_va = 0x95ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 1310
start_va = 0x22c0000
end_va = 0x42bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022c0000"
filename = ""
Region:
id = 1311
start_va = 0x21e0000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021e0000"
filename = ""
Region:
id = 1312
start_va = 0x540000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 1313
start_va = 0x42c0000
end_va = 0x43bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000042c0000"
filename = ""
Region:
id = 1318
start_va = 0x43c0000
end_va = 0x46f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1319
start_va = 0x6dbc0000
end_va = 0x6ee71fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")
Region:
id = 1320
start_va = 0x76fb0000
end_va = 0x7709afff
monitored = 0
entry_point = 0x76fed650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1321
start_va = 0x4700000
end_va = 0x4790fff
monitored = 0
entry_point = 0x4738cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1322
start_va = 0x73ca0000
end_va = 0x73d14fff
monitored = 0
entry_point = 0x73cd9a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1323
start_va = 0x950000
end_va = 0x96ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 1325
start_va = 0x950000
end_va = 0x95ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 1326
start_va = 0x960000
end_va = 0x96ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000960000"
filename = ""
Region:
id = 1327
start_va = 0x6db40000
end_va = 0x6dbbffff
monitored = 1
entry_point = 0x6db41180
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 1328
start_va = 0x76700000
end_va = 0x76791fff
monitored = 0
entry_point = 0x76738cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1329
start_va = 0x970000
end_va = 0x97ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000970000"
filename = ""
Region:
id = 1330
start_va = 0x6d170000
end_va = 0x6db3bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")
Region:
id = 1331
start_va = 0x6cfe0000
end_va = 0x6d16efff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")
Region:
id = 1332
start_va = 0x6c370000
end_va = 0x6cfd6fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")
Region:
id = 1333
start_va = 0x980000
end_va = 0x98ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000980000"
filename = ""
Region:
id = 1334
start_va = 0x47a0000
end_va = 0x483bfff
monitored = 1
entry_point = 0x482e9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1335
start_va = 0x4700000
end_va = 0x479bfff
monitored = 1
entry_point = 0x478e9a6
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1336
start_va = 0x990000
end_va = 0x99ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000990000"
filename = ""
Region:
id = 1337
start_va = 0x4840000
end_va = 0x493ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004840000"
filename = ""
Region:
id = 1338
start_va = 0x4700000
end_va = 0x478ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004700000"
filename = ""
Region:
id = 1339
start_va = 0x73df0000
end_va = 0x751eefff
monitored = 0
entry_point = 0x73fab990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1340
start_va = 0x757b0000
end_va = 0x757e6fff
monitored = 0
entry_point = 0x757b3b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1341
start_va = 0x76980000
end_va = 0x76e78fff
monitored = 0
entry_point = 0x76b87610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 1342
start_va = 0x75570000
end_va = 0x755fcfff
monitored = 0
entry_point = 0x755b9b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 1343
start_va = 0x76070000
end_va = 0x760b3fff
monitored = 0
entry_point = 0x76077410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1344
start_va = 0x75f00000
end_va = 0x75f0efff
monitored = 0
entry_point = 0x75f02e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1345
start_va = 0x990000
end_va = 0x990fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000990000"
filename = ""
Region:
id = 1346
start_va = 0x9a0000
end_va = 0x9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 1347
start_va = 0x9a0000
end_va = 0x9a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 1348
start_va = 0x9a0000
end_va = 0x9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 1349
start_va = 0x9a0000
end_va = 0x9a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 1350
start_va = 0x9a0000
end_va = 0x9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 1351
start_va = 0x9a0000
end_va = 0x9a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 1352
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1353
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1354
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1355
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1356
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1357
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1358
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1359
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1360
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1361
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1362
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1363
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1364
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1365
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1366
start_va = 0x6b7b0000
end_va = 0x6bed0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")
Region:
id = 1367
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1368
start_va = 0x2290000
end_va = 0x229ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002290000"
filename = ""
Region:
id = 1369
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1370
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1371
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1372
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1373
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1374
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1375
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1376
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1377
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1378
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1379
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1380
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1381
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1382
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1383
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1384
start_va = 0x2280000
end_va = 0x228ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 1385
start_va = 0x2280000
end_va = 0x2290fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002280000"
filename = ""
Region:
id = 1386
start_va = 0x6c270000
end_va = 0x6c360fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")
Region:
id = 1389
start_va = 0x69620000
end_va = 0x69d3dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")
Region:
id = 1390
start_va = 0x6c170000
end_va = 0x6c214fff
monitored = 0
entry_point = 0x6c18ac50
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")
Region:
id = 1391
start_va = 0x6c140000
end_va = 0x6c162fff
monitored = 0
entry_point = 0x6c145570
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")
Region:
id = 1392
start_va = 0x6c130000
end_va = 0x6c13ffff
monitored = 0
entry_point = 0x6c133820
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")
Region:
id = 1394
start_va = 0x751f0000
end_va = 0x7524efff
monitored = 0
entry_point = 0x751f4af0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 1395
start_va = 0x712d0000
end_va = 0x7131efff
monitored = 0
entry_point = 0x712dd850
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 1396
start_va = 0x4940000
end_va = 0x4a1ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 1397
start_va = 0x4700000
end_va = 0x473ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004700000"
filename = ""
Region:
id = 1398
start_va = 0x4780000
end_va = 0x478ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004780000"
filename = ""
Region:
id = 1399
start_va = 0x4a20000
end_va = 0x4b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a20000"
filename = ""
Region:
id = 1400
start_va = 0x71320000
end_va = 0x713bafff
monitored = 0
entry_point = 0x7135f7e0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")
Region:
id = 1402
start_va = 0x4740000
end_va = 0x477ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004740000"
filename = ""
Region:
id = 1403
start_va = 0x4b20000
end_va = 0x4c1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b20000"
filename = ""
Region:
id = 1404
start_va = 0x713f0000
end_va = 0x71401fff
monitored = 0
entry_point = 0x713f4510
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")
Region:
id = 1405
start_va = 0x713c0000
end_va = 0x713eefff
monitored = 0
entry_point = 0x713cbb70
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")
Region:
id = 1406
start_va = 0x75f10000
end_va = 0x75f16fff
monitored = 0
entry_point = 0x75f11e10
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 1407
start_va = 0x6c090000
end_va = 0x6c0a2fff
monitored = 0
entry_point = 0x6c0925d0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")
Region:
id = 1408
start_va = 0x6c070000
end_va = 0x6c083fff
monitored = 0
entry_point = 0x6c073c10
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")
Region:
id = 1412
start_va = 0x4c20000
end_va = 0x4c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c20000"
filename = ""
Region:
id = 1413
start_va = 0x4c60000
end_va = 0x4d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c60000"
filename = ""
Region:
id = 1414
start_va = 0x4d60000
end_va = 0x4d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d60000"
filename = ""
Region:
id = 1415
start_va = 0x4da0000
end_va = 0x4e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004da0000"
filename = ""
Region:
id = 1416
start_va = 0x4ea0000
end_va = 0x4edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ea0000"
filename = ""
Region:
id = 1417
start_va = 0x4ee0000
end_va = 0x4fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ee0000"
filename = ""
Region:
id = 1418
start_va = 0x4fe0000
end_va = 0x501ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fe0000"
filename = ""
Region:
id = 1419
start_va = 0x5020000
end_va = 0x511ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005020000"
filename = ""
Region:
id = 1420
start_va = 0x70920000
end_va = 0x709a3fff
monitored = 0
entry_point = 0x70946530
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")
Region:
id = 1421
start_va = 0x712c0000
end_va = 0x712c7fff
monitored = 0
entry_point = 0x712c1fc0
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll")
Region:
id = 1422
start_va = 0x6fad0000
end_va = 0x6fad7fff
monitored = 0
entry_point = 0x6fad1920
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")
Region:
id = 1423
start_va = 0x6fae0000
end_va = 0x6fb26fff
monitored = 0
entry_point = 0x6faf58d0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")
Region:
id = 1424
start_va = 0x71410000
end_va = 0x7142afff
monitored = 0
entry_point = 0x71419050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1426
start_va = 0x710d0000
end_va = 0x710e2fff
monitored = 0
entry_point = 0x710d9950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1427
start_va = 0x70100000
end_va = 0x7012efff
monitored = 0
entry_point = 0x701195e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1428
start_va = 0x9a0000
end_va = 0x9affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 1429
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1430
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1431
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1432
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1433
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1434
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1436
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1437
start_va = 0x4790000
end_va = 0x479ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004790000"
filename = ""
Region:
id = 1438
start_va = 0x69430000
end_va = 0x694f3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.security.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\754ca70e68140abcdb8476cff64c4169\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\754ca70e68140abcdb8476cff64c4169\\system.security.ni.dll")
Region:
id = 1439
start_va = 0x760c0000
end_va = 0x76237fff
monitored = 0
entry_point = 0x76118a90
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 1440
start_va = 0x76fa0000
end_va = 0x76fadfff
monitored = 0
entry_point = 0x76fa5410
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 1441
start_va = 0x6f9d0000
end_va = 0x6f9d7fff
monitored = 0
entry_point = 0x6f9d1d70
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll")
Region:
id = 1442
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1443
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1444
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1445
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1446
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1447
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1448
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1449
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1450
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1451
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1452
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1453
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1454
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1455
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1456
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1457
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1458
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1459
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1460
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1461
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1462
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1463
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1464
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1465
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1466
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1467
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1468
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1469
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1470
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1471
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1472
start_va = 0x4790000
end_va = 0x479ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004790000"
filename = ""
Region:
id = 1473
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1474
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1475
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1476
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1477
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1478
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1479
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1480
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1481
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1482
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1483
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1484
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1485
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1486
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1487
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1488
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1489
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1490
start_va = 0x4790000
end_va = 0x479ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004790000"
filename = ""
Region:
id = 1491
start_va = 0x4790000
end_va = 0x479ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004790000"
filename = ""
Region:
id = 1492
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1493
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1494
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1495
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1496
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1497
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1498
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1501
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1502
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1503
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1504
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1505
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1506
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1507
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1508
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1509
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1510
start_va = 0x4790000
end_va = 0x479ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004790000"
filename = ""
Region:
id = 1511
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1512
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1513
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1514
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1515
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1516
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1517
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1518
start_va = 0x4790000
end_va = 0x479ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004790000"
filename = ""
Region:
id = 1519
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1520
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1521
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1522
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1523
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1524
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1525
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1526
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1527
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1528
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1529
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1530
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1531
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1532
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1533
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1534
start_va = 0x5120000
end_va = 0x512ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005120000"
filename = ""
Region:
id = 1535
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1536
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1537
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1538
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1539
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1540
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1541
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1542
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1543
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1544
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1545
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1546
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1547
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1548
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1549
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1550
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1551
start_va = 0x5120000
end_va = 0x512ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005120000"
filename = ""
Region:
id = 1553
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1554
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1555
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1556
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1557
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 1558
start_va = 0x22a0000
end_va = 0x22affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Thread:
id = 102
os_tid = 0x11ac
[0192.335] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0192.353] RoInitialize () returned 0x1
[0192.354] RoUninitialize () returned 0x0
[0192.956] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x18deb4 | out: lpLuid=0x18deb4*(LowPart=0x14, HighPart=0)) returned 1
[0192.960] GetCurrentProcess () returned 0xffffffff
[0192.960] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x18deb0 | out: TokenHandle=0x18deb0*=0x258) returned 1
[0192.960] AdjustTokenPrivileges (in: TokenHandle=0x258, DisableAllPrivileges=0, NewState=0x22c3548*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0192.961] CloseHandle (hObject=0x258) returned 1
[0192.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32c94d0, Length=0x20000, ResultLength=0x18e59c | out: SystemInformation=0x32c94d0, ResultLength=0x18e59c*=0x14d60) returned 0x0
[0193.100] GetComputerNameW (in: lpBuffer=0x18e374, nSize=0x18e5ec | out: lpBuffer="XC64ZB", nSize=0x18e5ec) returned 1
[0193.162] GetTimeZoneInformation (in: lpTimeZoneInformation=0x18e3a8 | out: lpTimeZoneInformation=0x18e3a8) returned 0x1
[0193.164] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x18e204 | out: pTimeZoneInformation=0x18e204) returned 0x1
[0193.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e2e8 | out: phkResult=0x18e2e8*=0x264) returned 0x0
[0193.192] RegQueryValueExW (in: hKey=0x264, lpValueName="TZI", lpReserved=0x0, lpType=0x18e304, lpData=0x0, lpcbData=0x18e300*=0x0 | out: lpType=0x18e304*=0x3, lpData=0x0, lpcbData=0x18e300*=0x2c) returned 0x0
[0193.198] RegQueryValueExW (in: hKey=0x264, lpValueName="TZI", lpReserved=0x0, lpType=0x18e304, lpData=0x22ec0d8, lpcbData=0x18e300*=0x2c | out: lpType=0x18e304*=0x3, lpData=0x22ec0d8*, lpcbData=0x18e300*=0x2c) returned 0x0
[0193.199] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e13c | out: phkResult=0x18e13c*=0x0) returned 0x2
[0193.200] RegQueryValueExW (in: hKey=0x264, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x18e2dc, lpData=0x0, lpcbData=0x18e2d8*=0x0 | out: lpType=0x18e2dc*=0x1, lpData=0x0, lpcbData=0x18e2d8*=0x20) returned 0x0
[0193.200] RegQueryValueExW (in: hKey=0x264, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x18e2dc, lpData=0x22ec5e4, lpcbData=0x18e2d8*=0x20 | out: lpType=0x18e2dc*=0x1, lpData="@tzres.dll,-320", lpcbData=0x18e2d8*=0x20) returned 0x0
[0193.201] RegQueryValueExW (in: hKey=0x264, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x18e2dc, lpData=0x0, lpcbData=0x18e2d8*=0x0 | out: lpType=0x18e2dc*=0x1, lpData=0x0, lpcbData=0x18e2d8*=0x20) returned 0x0
[0193.201] RegQueryValueExW (in: hKey=0x264, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x18e2dc, lpData=0x22ec63c, lpcbData=0x18e2d8*=0x20 | out: lpType=0x18e2dc*=0x1, lpData="@tzres.dll,-322", lpcbData=0x18e2d8*=0x20) returned 0x0
[0193.201] RegQueryValueExW (in: hKey=0x264, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x18e2dc, lpData=0x0, lpcbData=0x18e2d8*=0x0 | out: lpType=0x18e2dc*=0x1, lpData=0x0, lpcbData=0x18e2d8*=0x20) returned 0x0
[0193.201] RegQueryValueExW (in: hKey=0x264, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x18e2dc, lpData=0x22ec694, lpcbData=0x18e2d8*=0x20 | out: lpType=0x18e2dc*=0x1, lpData="@tzres.dll,-321", lpcbData=0x18e2d8*=0x20) returned 0x0
[0193.286] CoTaskMemAlloc (cb=0x20c) returned 0x77a640
[0193.286] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x77a640 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0193.291] CoTaskMemFree (pv=0x77a640)
[0193.343] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x18cd08 | out: phkResult=0x18cd08*=0x0) returned 0x2
[0193.349] CoTaskMemAlloc (cb=0x20c) returned 0x77a640
[0193.349] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x18e2f8, pwszFileMUIPath=0x77a640, pcchFileMUIPath=0x18e2fc, pululEnumerator=0x18e2f0 | out: pwszLanguage=0x0, pcchLanguage=0x18e2f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x18e2fc, pululEnumerator=0x18e2f0) returned 1
[0193.613] CoTaskMemFree (pv=0x0)
[0193.613] CoTaskMemFree (pv=0x77a640)
[0193.614] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x9a0001
[0193.947] CoTaskMemAlloc (cb=0x3ec) returned 0x77f840
[0193.947] LoadStringW (in: hInstance=0x9a0001, uID=0x140, lpBuffer=0x77f840, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c
[0193.948] CoTaskMemFree (pv=0x77f840)
[0193.948] FreeLibrary (hLibModule=0x9a0001) returned 1
[0193.949] CoTaskMemAlloc (cb=0x20c) returned 0x77a640
[0193.949] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x77a640 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0193.949] CoTaskMemFree (pv=0x77a640)
[0193.949] CoTaskMemAlloc (cb=0x20c) returned 0x77a640
[0193.949] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x18e2f8, pwszFileMUIPath=0x77a640, pcchFileMUIPath=0x18e2fc, pululEnumerator=0x18e2f0 | out: pwszLanguage=0x0, pcchLanguage=0x18e2f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x18e2fc, pululEnumerator=0x18e2f0) returned 1
[0193.950] CoTaskMemFree (pv=0x0)
[0193.950] CoTaskMemFree (pv=0x77a640)
[0193.950] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x9a0001
[0193.951] CoTaskMemAlloc (cb=0x3ec) returned 0x77f840
[0193.951] LoadStringW (in: hInstance=0x9a0001, uID=0x142, lpBuffer=0x77f840, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17
[0193.952] CoTaskMemFree (pv=0x77f840)
[0193.952] FreeLibrary (hLibModule=0x9a0001) returned 1
[0193.952] CoTaskMemAlloc (cb=0x20c) returned 0x77a640
[0193.952] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x77a640 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0193.952] CoTaskMemFree (pv=0x77a640)
[0193.953] CoTaskMemAlloc (cb=0x20c) returned 0x77a640
[0193.953] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x18e2f8, pwszFileMUIPath=0x77a640, pcchFileMUIPath=0x18e2fc, pululEnumerator=0x18e2f0 | out: pwszLanguage=0x0, pcchLanguage=0x18e2f8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x18e2fc, pululEnumerator=0x18e2f0) returned 1
[0193.954] CoTaskMemFree (pv=0x0)
[0193.954] CoTaskMemFree (pv=0x77a640)
[0193.954] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x9a0001
[0193.956] CoTaskMemAlloc (cb=0x3ec) returned 0x77f840
[0193.956] LoadStringW (in: hInstance=0x9a0001, uID=0x141, lpBuffer=0x77f840, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17
[0193.956] CoTaskMemFree (pv=0x77f840)
[0193.956] FreeLibrary (hLibModule=0x9a0001) returned 1
[0193.957] RegCloseKey (hKey=0x264) returned 0x0
[0194.960] GetACP () returned 0x4e4
[0195.134] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x18d624 | out: phkResult=0x18d624*=0x2d8) returned 0x0
[0195.135] RegQueryValueExW (in: hKey=0x2d8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18d644, lpData=0x0, lpcbData=0x18d640*=0x0 | out: lpType=0x18d644*=0x1, lpData=0x0, lpcbData=0x18d640*=0xe) returned 0x0
[0195.135] RegQueryValueExW (in: hKey=0x2d8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x18d644, lpData=0x22f68f0, lpcbData=0x18d640*=0xe | out: lpType=0x18d644*=0x1, lpData="Client", lpcbData=0x18d640*=0xe) returned 0x0
[0195.136] RegCloseKey (hKey=0x2d8) returned 0x0
[0195.631] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config", nBufferLength=0x105, lpBuffer=0x18cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config", lpFilePart=0x0) returned 0x69
[0196.652] GetCurrentProcess () returned 0xffffffff
[0196.652] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d320 | out: TokenHandle=0x18d320*=0x2d8) returned 1
[0196.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x18cdb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0196.675] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18d318 | out: lpFileInformation=0x18d318*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0196.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x18cd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0196.677] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18d320 | out: lpFileInformation=0x18d320*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0196.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x18cd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0196.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18d258) returned 1
[0196.680] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d0
[0196.680] GetFileType (hFile=0x2d0) returned 0x1
[0196.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18d254) returned 1
[0196.680] GetFileType (hFile=0x2d0) returned 0x1
[0196.821] GetFileSize (in: hFile=0x2d0, lpFileSizeHigh=0x18d314 | out: lpFileSizeHigh=0x18d314*=0x0) returned 0x8c8f
[0196.822] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d2d0, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18d2d0*=0x1000, lpOverlapped=0x0) returned 1
[0196.883] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d180, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18d180*=0x1000, lpOverlapped=0x0) returned 1
[0196.885] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d034, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18d034*=0x1000, lpOverlapped=0x0) returned 1
[0196.885] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d034, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18d034*=0x1000, lpOverlapped=0x0) returned 1
[0196.886] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d034, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18d034*=0x1000, lpOverlapped=0x0) returned 1
[0196.886] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18cf6c, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18cf6c*=0x1000, lpOverlapped=0x0) returned 1
[0196.889] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d0ec, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18d0ec*=0x1000, lpOverlapped=0x0) returned 1
[0196.891] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18cffc, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18cffc*=0x1000, lpOverlapped=0x0) returned 1
[0196.891] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18cffc, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18cffc*=0xc8f, lpOverlapped=0x0) returned 1
[0196.891] ReadFile (in: hFile=0x2d0, lpBuffer=0x22fa184, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18d0bc, lpOverlapped=0x0 | out: lpBuffer=0x22fa184*, lpNumberOfBytesRead=0x18d0bc*=0x0, lpOverlapped=0x0) returned 1
[0196.891] CloseHandle (hObject=0x2d0) returned 1
[0196.893] GetCurrentProcess () returned 0xffffffff
[0196.893] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d464 | out: TokenHandle=0x18d464*=0x2d0) returned 1
[0196.893] GetCurrentProcess () returned 0xffffffff
[0196.894] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d464 | out: TokenHandle=0x18d464*=0x2dc) returned 1
[0196.894] GetCurrentProcess () returned 0xffffffff
[0196.894] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d320 | out: TokenHandle=0x18d320*=0x2e0) returned 1
[0196.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x18d318 | out: lpFileInformation=0x18d318*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0196.895] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config", nBufferLength=0x105, lpBuffer=0x18cd84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config", lpFilePart=0x0) returned 0x69
[0196.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x18d320 | out: lpFileInformation=0x18d320*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0196.896] GetCurrentProcess () returned 0xffffffff
[0196.896] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d464 | out: TokenHandle=0x18d464*=0x2e4) returned 1
[0196.897] GetCurrentProcess () returned 0xffffffff
[0196.897] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d464 | out: TokenHandle=0x18d464*=0x2e8) returned 1
[0196.970] GetCurrentProcess () returned 0xffffffff
[0196.970] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d2c4 | out: TokenHandle=0x18d2c4*=0x2ec) returned 1
[0196.999] GetCurrentProcess () returned 0xffffffff
[0196.999] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18d2d4 | out: TokenHandle=0x18d2d4*=0x2f0) returned 1
[0197.293] CoTaskMemAlloc (cb=0xcc0) returned 0x79cc88
[0197.294] RasEnumConnectionsW (in: param_1=0x79cc88, param_2=0x18e4fc, param_3=0x18e500 | out: param_1=0x79cc88, param_2=0x18e4fc, param_3=0x18e500) returned 0x0
[0197.384] CoTaskMemFree (pv=0x79cc88)
[0197.446] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x18e2e4 | out: lpWSAData=0x18e2e4) returned 0
[0197.457] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x34c
[0197.561] setsockopt (s=0x34c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0197.561] closesocket (s=0x34c) returned 0
[0197.562] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x34c
[0197.564] setsockopt (s=0x34c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0197.564] closesocket (s=0x34c) returned 0
[0197.568] GetCurrentProcess () returned 0xffffffff
[0197.568] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e12c | out: TokenHandle=0x18e12c*=0x34c) returned 1
[0197.573] GetCurrentProcess () returned 0xffffffff
[0197.573] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e13c | out: TokenHandle=0x18e13c*=0x350) returned 1
[0197.621] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x354
[0197.623] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358
[0197.624] ioctlsocket (in: s=0x354, cmd=-2147195266, argp=0x18e504 | out: argp=0x18e504) returned 0
[0197.624] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x35c
[0197.624] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x360
[0197.625] ioctlsocket (in: s=0x35c, cmd=-2147195266, argp=0x18e504 | out: argp=0x18e504) returned 0
[0197.625] WSAIoctl (in: s=0x354, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18e4ec, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18e4ec, lpOverlapped=0x0) returned -1
[0197.628] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x18e21c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0197.634] WSAEventSelect (s=0x354, hEventObject=0x358, lNetworkEvents=512) returned 0
[0197.634] WSAIoctl (in: s=0x35c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18e4ec, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18e4ec, lpOverlapped=0x0) returned -1
[0197.635] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x18e21c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0197.635] WSAEventSelect (s=0x35c, hEventObject=0x360, lNetworkEvents=512) returned 0
[0197.635] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368
[0197.635] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x368, param_3=0x3) returned 0x0
[0197.727] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x18e518 | out: phkResult=0x18e518*=0x380) returned 0x0
[0197.727] RegOpenKeyExW (in: hKey=0x380, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e4cc | out: phkResult=0x18e4cc*=0x384) returned 0x0
[0197.728] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
[0197.729] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x388, fAsynchronous=1) returned 0x0
[0197.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e4d0 | out: phkResult=0x18e4d0*=0x38c) returned 0x0
[0197.731] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390
[0197.731] RegNotifyChangeKeyValue (hKey=0x38c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x390, fAsynchronous=1) returned 0x0
[0197.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e4d0 | out: phkResult=0x18e4d0*=0x394) returned 0x0
[0197.731] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
[0197.731] RegNotifyChangeKeyValue (hKey=0x394, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x398, fAsynchronous=1) returned 0x0
[0197.732] GetCurrentProcess () returned 0xffffffff
[0197.732] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e4c0 | out: TokenHandle=0x18e4c0*=0x39c) returned 1
[0197.737] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ddc8 | out: phkResult=0x18ddc8*=0x3a0) returned 0x0
[0197.737] RegQueryValueExW (in: hKey=0x3a0, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x18dde4, lpData=0x0, lpcbData=0x18dde0*=0x0 | out: lpType=0x18dde4*=0x0, lpData=0x0, lpcbData=0x18dde0*=0x0) returned 0x2
[0197.737] RegCloseKey (hKey=0x3a0) returned 0x0
[0197.818] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x7a3300
[0197.840] WinHttpSetTimeouts (hInternet=0x7a3300, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
[0197.842] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x18e4cc | out: pProxyConfig=0x18e4cc) returned 1
[0197.976] SystemFunction041 (in: Memory=0x79ceec, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x79ceec) returned 0x0
[0198.023] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
[0198.023] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x404
[0198.028] GetCurrentProcess () returned 0xffffffff
[0198.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e150 | out: TokenHandle=0x18e150*=0x408) returned 1
[0198.031] GetCurrentProcess () returned 0xffffffff
[0198.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e160 | out: TokenHandle=0x18e160*=0x40c) returned 1
[0198.033] QueryPerformanceFrequency (in: lpFrequency=0x6d6560 | out: lpFrequency=0x6d6560*=100000000) returned 1
[0198.034] QueryPerformanceCounter (in: lpPerformanceCount=0x18e4d4 | out: lpPerformanceCount=0x18e4d4*=1631911474935) returned 1
[0198.036] GetCurrentProcess () returned 0xffffffff
[0198.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e130 | out: TokenHandle=0x18e130*=0x410) returned 1
[0198.038] GetCurrentProcess () returned 0xffffffff
[0198.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e140 | out: TokenHandle=0x18e140*=0x414) returned 1
[0198.041] GetCurrentProcess () returned 0xffffffff
[0198.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e3b8 | out: TokenHandle=0x18e3b8*=0x418) returned 1
[0198.041] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x18e3e4 | out: phkResult=0x18e3e4*=0x41c) returned 0x0
[0198.041] RegOpenKeyExW (in: hKey=0x41c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e398 | out: phkResult=0x18e398*=0x420) returned 0x0
[0198.041] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424
[0198.041] RegNotifyChangeKeyValue (hKey=0x420, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x424, fAsynchronous=1) returned 0x0
[0198.041] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e39c | out: phkResult=0x18e39c*=0x428) returned 0x0
[0198.042] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x42c
[0198.042] RegNotifyChangeKeyValue (hKey=0x428, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x42c, fAsynchronous=1) returned 0x0
[0198.042] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e39c | out: phkResult=0x18e39c*=0x430) returned 0x0
[0198.042] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x434
[0198.042] RegNotifyChangeKeyValue (hKey=0x430, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x434, fAsynchronous=1) returned 0x0
[0198.042] GetCurrentProcess () returned 0xffffffff
[0198.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e38c | out: TokenHandle=0x18e38c*=0x438) returned 1
[0198.042] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x7a2198
[0198.042] WinHttpSetTimeouts (hInternet=0x7a2198, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1
[0198.042] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x18e398 | out: pProxyConfig=0x18e398) returned 1
[0198.125] CoTaskMemAlloc (cb=0x20c) returned 0x7b3808
[0198.125] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x7b3808, nSize=0x104 | out: lpBuffer="") returned 0x0
[0198.125] CoTaskMemFree (pv=0x7b3808)
[0198.125] CoTaskMemAlloc (cb=0x20c) returned 0x7b3808
[0198.125] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x7b3808, nSize=0x104 | out: lpBuffer="") returned 0x0
[0198.125] CoTaskMemFree (pv=0x7b3808)
[0198.133] EtwEventRegister (in: ProviderId=0x231ec4c, EnableCallback=0x47805fe, CallbackContext=0x0, RegHandle=0x231ec28 | out: RegHandle=0x231ec28) returned 0x0
[0198.184] EtwEventSetInformation (RegHandle=0x77e670, InformationClass=0x3f, EventInformation=0x2, InformationLength=0x231ebe8) returned 0x0
[0198.186] GetCurrentProcess () returned 0xffffffff
[0198.186] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e0f8 | out: TokenHandle=0x18e0f8*=0x444) returned 1
[0198.188] GetCurrentProcess () returned 0xffffffff
[0198.188] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e108 | out: TokenHandle=0x18e108*=0x448) returned 1
[0198.202] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18e330*=0x368, lpdwindex=0x18e14c | out: lpdwindex=0x18e14c) returned 0x80010115
[0198.298] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18e310*=0x358, lpdwindex=0x18e12c | out: lpdwindex=0x18e12c) returned 0x80010115
[0198.298] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18e310*=0x360, lpdwindex=0x18e12c | out: lpdwindex=0x18e12c) returned 0x80010115
[0198.298] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18e364*=0x388, lpdwindex=0x18e184 | out: lpdwindex=0x18e184) returned 0x80010115
[0198.299] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18e364*=0x390, lpdwindex=0x18e184 | out: lpdwindex=0x18e184) returned 0x80010115
[0198.299] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x18e364*=0x398, lpdwindex=0x18e184 | out: lpdwindex=0x18e184) returned 0x80010115
[0198.302] GetCurrentProcess () returned 0xffffffff
[0198.302] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e0a0 | out: TokenHandle=0x18e0a0*=0x470) returned 1
[0198.303] GetCurrentProcess () returned 0xffffffff
[0198.303] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18e0b0 | out: TokenHandle=0x18e0b0*=0x474) returned 1
[0198.304] SetEvent (hEvent=0x3f4) returned 1
[0198.359] EtwEventRegister (in: ProviderId=0x232169c, EnableCallback=0x4780626, CallbackContext=0x0, RegHandle=0x2321678 | out: RegHandle=0x2321678) returned 0x0
[0198.359] EtwEventSetInformation (RegHandle=0x73f0b0, InformationClass=0x40, EventInformation=0x2, InformationLength=0x232163c) returned 0x0
[0198.361] SetEvent (hEvent=0x3f4) returned 1
[0198.372] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x18e350 | out: pFixedInfo=0x0, pOutBufLen=0x18e350) returned 0x6f
[0198.596] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x7add90
[0198.596] GetNetworkParams (in: pFixedInfo=0x7add90, pOutBufLen=0x18e350 | out: pFixedInfo=0x7add90, pOutBufLen=0x18e350) returned 0x0
[0198.613] LocalFree (hMem=0x7add90) returned 0x0
[0198.615] CoTaskMemAlloc (cb=0x20c) returned 0x7add90
[0198.615] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x7add90, nSize=0x104 | out: lpBuffer="") returned 0x0
[0198.615] CoTaskMemFree (pv=0x7add90)
[0198.615] CoTaskMemAlloc (cb=0x20c) returned 0x7add90
[0198.615] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x7add90, nSize=0x104 | out: lpBuffer="") returned 0x0
[0198.615] CoTaskMemFree (pv=0x7add90)
[0198.620] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d8
[0198.636] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a8
[0198.669] GetAddrInfoW (in: pNodeName="checkip.dyndns.org", pServiceName=0x0, pHints=0x18e238*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18e1e0 | out: ppResult=0x18e1e0*=0x7a3e88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.com", ai_addr=0x7a9a68*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x7a3e38*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a80*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x7a3e60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a99f0*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x7a3f78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a99d8*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x7a3fa0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a50*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x0)))))) returned 0
[0198.716] FreeAddrInfoW (pAddrInfo=0x7a3e88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.com", ai_addr=0x7a9a68*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x7a3e38*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a80*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x7a3e60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a99f0*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x7a3f78*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a99d8*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x7a3fa0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a50*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x0))))))
[0198.717] GetAddrInfoW (in: pNodeName="checkip.dyndns.org", pServiceName=0x0, pHints=0x18e238*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18e1e0 | out: ppResult=0x18e1e0*=0x7a3ed8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.org", ai_addr=0x7a99d8*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x7a3f00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a20*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x7a3e88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a99f0*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x7a3f28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a50*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x7a3e10*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a68*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x0)))))) returned 0
[0198.770] FreeAddrInfoW (pAddrInfo=0x7a3ed8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.org", ai_addr=0x7a99d8*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x7a3f00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a20*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x7a3e88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a99f0*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x7a3f28*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a50*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x7a3e10*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x7a9a68*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x0))))))
[0198.771] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x500
[0198.771] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x504
[0198.771] ioctlsocket (in: s=0x500, cmd=-2147195266, argp=0x18e210 | out: argp=0x18e210) returned 0
[0198.772] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x508
[0198.772] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x50c
[0198.772] ioctlsocket (in: s=0x508, cmd=-2147195266, argp=0x18e210 | out: argp=0x18e210) returned 0
[0198.772] WSAIoctl (in: s=0x500, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18e1f8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18e1f8, lpOverlapped=0x0) returned -1
[0198.772] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x18df28, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0198.772] WSAEventSelect (s=0x500, hEventObject=0x504, lNetworkEvents=512) returned 0
[0198.772] WSAIoctl (in: s=0x508, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x18e1f8, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x18e1f8, lpOverlapped=0x0) returned -1
[0198.772] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x18df28, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
[0198.772] WSAEventSelect (s=0x508, hEventObject=0x50c, lNetworkEvents=512) returned 0
[0198.773] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x18e1f4*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x18e1f4*=0xa80) returned 0x6f
[0198.778] LocalAlloc (uFlags=0x0, uBytes=0xa80) returned 0x7afd18
[0198.778] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x7afd18, SizePointer=0x18e1f4*=0xa80 | out: AdapterAddresses=0x7afd18*(Alignment=0x600000178, Length=0x178, IfIndex=0x6, Next=0x7affc8, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x7aff3c, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0xec, [1]=0x93, [2]=0x27, [3]=0x3c, [4]=0x45, [5]=0x99, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0x7afe90*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x18e1f4*=0xa80) returned 0x0
[0198.790] LocalFree (hMem=0x7afd18) returned 0x0
[0198.842] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e210 | out: phkResult=0x18e210*=0x510) returned 0x0
[0198.842] RegQueryValueExW (in: hKey=0x510, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x18e22c, lpData=0x0, lpcbData=0x18e228*=0x0 | out: lpType=0x18e22c*=0x0, lpData=0x0, lpcbData=0x18e228*=0x0) returned 0x2
[0198.843] RegCloseKey (hKey=0x510) returned 0x0
[0198.844] WSAConnect (in: s=0x4d8, name=0x232afe0*(sa_family=2, sin_port=0x50, sin_addr="132.226.247.73"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
[0199.057] closesocket (s=0x4a8) returned 0
[0199.060] send (s=0x4d8, buf=0x232bc0c*, len=151, flags=0) returned 151
[0199.062] setsockopt (s=0x4d8, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
[0199.063] recv (in: s=0x4d8, buf=0x2326160, len=4096, flags=0 | out: buf=0x2326160*) returned 273
[0199.274] setsockopt (s=0x4d8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
[0199.275] SetEvent (hEvent=0x3f4) returned 1
[0199.350] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x18e548 | out: pfEnabled=0x18e548) returned 0x0
[0199.680] CoTaskMemAlloc (cb=0x20c) returned 0x7c79f0
[0199.680] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7c79f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0
[0199.683] CoTaskMemFree (pv=0x7c79f0)
[0199.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25
[0199.858] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ebbc | out: phkResult=0x18ebbc*=0x0) returned 0x2
[0199.858] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ebbc | out: phkResult=0x18ebbc*=0x0) returned 0x2
[0199.859] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ebbc | out: phkResult=0x18ebbc*=0x0) returned 0x2
[0199.859] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ebbc | out: phkResult=0x18ebbc*=0x524) returned 0x0
[0199.860] RegQueryInfoKeyW (in: hKey=0x524, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x18ebe4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18ebe0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x18ebe4*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18ebe0*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
[0199.860] RegEnumKeyExW (in: hKey=0x524, dwIndex=0x0, lpName=0x2335810, lpcchName=0x18ec00, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x18ec00, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0199.861] RegEnumKeyExW (in: hKey=0x524, dwIndex=0x1, lpName=0x2335810, lpcchName=0x18ec00, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x18ec00, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0199.861] RegEnumKeyExW (in: hKey=0x524, dwIndex=0x2, lpName=0x2335810, lpcchName=0x18ec00, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x18ec00, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
[0199.861] RegOpenKeyExW (in: hKey=0x524, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ebbc | out: phkResult=0x18ebbc*=0x51c) returned 0x0
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="Email", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.864] RegCloseKey (hKey=0x51c) returned 0x0
[0199.864] RegOpenKeyExW (in: hKey=0x524, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ebbc | out: phkResult=0x18ebbc*=0x51c) returned 0x0
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="Email", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x1, lpData=0x0, lpcbData=0x18ebd8*=0x1e) returned 0x0
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="Email", lpReserved=0x0, lpType=0x18ebdc, lpData=0x2335d4c, lpcbData=0x18ebd8*=0x1e | out: lpType=0x18ebdc*=0x1, lpData="achoo@gdllo.de", lpcbData=0x18ebd8*=0x1e) returned 0x0
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x3, lpData=0x0, lpcbData=0x18ebd8*=0x121) returned 0x0
[0199.864] RegQueryValueExW (in: hKey=0x51c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x2335da4, lpcbData=0x18ebd8*=0x121 | out: lpType=0x18ebdc*=0x3, lpData=0x2335da4*, lpcbData=0x18ebd8*=0x121) returned 0x0
[0199.865] RegQueryValueExW (in: hKey=0x51c, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.865] RegQueryValueExW (in: hKey=0x51c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.865] RegQueryValueExW (in: hKey=0x51c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0199.865] RegQueryValueExW (in: hKey=0x51c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x3, lpData=0x0, lpcbData=0x18ebd8*=0x121) returned 0x0
[0199.865] RegQueryValueExW (in: hKey=0x51c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x2335ed4, lpcbData=0x18ebd8*=0x121 | out: lpType=0x18ebdc*=0x3, lpData=0x2335ed4*, lpcbData=0x18ebd8*=0x121) returned 0x0
[0199.865] RegQueryValueExW (in: hKey=0x51c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x3, lpData=0x0, lpcbData=0x18ebd8*=0x121) returned 0x0
[0199.865] RegQueryValueExW (in: hKey=0x51c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x2336004, lpcbData=0x18ebd8*=0x121 | out: lpType=0x18ebdc*=0x3, lpData=0x2336004*, lpcbData=0x18ebd8*=0x121) returned 0x0
[0200.188] CryptUnprotectData (in: pDataIn=0x18eba0, ppszDataDescr=0x0, pOptionalEntropy=0x18eb98, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x18eba8 | out: ppszDataDescr=0x0, pDataOut=0x18eba8) returned 1
[0200.273] LocalFree (hMem=0x7c6e68) returned 0x0
[0200.276] RegQueryValueExW (in: hKey=0x51c, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0200.276] RegQueryValueExW (in: hKey=0x51c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0200.277] RegQueryValueExW (in: hKey=0x51c, lpValueName="Email", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x1, lpData=0x0, lpcbData=0x18ebd8*=0x1e) returned 0x0
[0200.277] RegQueryValueExW (in: hKey=0x51c, lpValueName="Email", lpReserved=0x0, lpType=0x18ebdc, lpData=0x2336334, lpcbData=0x18ebd8*=0x1e | out: lpType=0x18ebdc*=0x1, lpData="achoo@gdllo.de", lpcbData=0x18ebd8*=0x1e) returned 0x0
[0204.243] RegQueryValueExW (in: hKey=0x51c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x1, lpData=0x0, lpcbData=0x18ebd8*=0x1c) returned 0x0
[0204.244] RegQueryValueExW (in: hKey=0x51c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x18ebdc, lpData=0x2339658, lpcbData=0x18ebd8*=0x1c | out: lpType=0x18ebdc*=0x1, lpData="smtp.gdllo.de", lpcbData=0x18ebd8*=0x1c) returned 0x0
[0204.257] RegCloseKey (hKey=0x51c) returned 0x0
[0204.258] RegOpenKeyExW (in: hKey=0x524, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ebbc | out: phkResult=0x18ebbc*=0x51c) returned 0x0
[0204.258] RegQueryValueExW (in: hKey=0x51c, lpValueName="Email", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0204.258] RegQueryValueExW (in: hKey=0x51c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0204.258] RegQueryValueExW (in: hKey=0x51c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0204.258] RegQueryValueExW (in: hKey=0x51c, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0204.258] RegQueryValueExW (in: hKey=0x51c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x18ebdc, lpData=0x0, lpcbData=0x18ebd8*=0x0 | out: lpType=0x18ebdc*=0x0, lpData=0x0, lpcbData=0x18ebd8*=0x0) returned 0x2
[0204.259] RegCloseKey (hKey=0x51c) returned 0x0
[0204.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32c94d0, Length=0x20000, ResultLength=0x18ec2c | out: SystemInformation=0x32c94d0, ResultLength=0x18ec2c*=0x15598) returned 0x0
[0211.271] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Classes\\Foxmail.url.mailto\\Shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x18ec44 | out: phkResult=0x18ec44*=0x0) returned 0x2
[0211.479] CoTaskMemAlloc (cb=0x20c) returned 0x7dad30
[0211.479] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x7dad30 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0
[0211.481] CoTaskMemFree (pv=0x7dad30)
[0211.481] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e798, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23
[0211.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", nBufferLength=0x105, lpBuffer=0x18e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", lpFilePart=0x0) returned 0x58
[0211.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec24) returned 1
[0211.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\ya login data"), fInfoLevelId=0x0, lpFileInformation=0x18eca0 | out: lpFileInformation=0x18eca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0211.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ec20) returned 1
[0211.623] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", nBufferLength=0x105, lpBuffer=0x18e82c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", lpFilePart=0x0) returned 0x58
[0211.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ecd4) returned 1
[0211.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\ya login data"), fInfoLevelId=0x0, lpFileInformation=0x18ed50 | out: lpFileInformation=0x18ed50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0211.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecd0) returned 1
[0211.678] CoTaskMemAlloc (cb=0x20c) returned 0x7d2720
[0211.678] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x7d2720 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0
[0211.678] CoTaskMemFree (pv=0x7d2720)
[0211.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e798, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23
[0211.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x18e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46
[0211.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec24) returned 1
[0211.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x18eca0 | out: lpFileInformation=0x18eca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0211.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ec20) returned 1
[0211.730] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x18e82c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46
[0211.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ecd4) returned 1
[0211.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x18ed50 | out: lpFileInformation=0x18ed50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0211.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecd0) returned 1
[0211.753] CoTaskMemAlloc (cb=0x20c) returned 0x7d2720
[0211.753] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x7d2720 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0
[0211.753] CoTaskMemFree (pv=0x7d2720)
[0211.753] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x18e798, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23
[0211.754] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x18e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45
[0211.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ec24) returned 1
[0211.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xpom\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x18eca0 | out: lpFileInformation=0x18eca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0211.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ec20) returned 1
[0211.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x18e82c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45
[0211.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ecd4) returned 1
[0211.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xpom\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x18ed50 | out: lpFileInformation=0x18ed50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0211.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ecd0) returned 1
Thread:
id = 104
os_tid = 0x10d0
Thread:
id = 106
os_tid = 0x12e4
Thread:
id = 107
os_tid = 0x11ec
[0192.375] CoGetContextToken (in: pToken=0x43bfaf4 | out: pToken=0x43bfaf4) returned 0x800401f0
[0192.375] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0192.375] RoInitialize () returned 0x1
[0192.375] RoUninitialize () returned 0x0
Thread:
id = 108
os_tid = 0x1168
Thread:
id = 109
os_tid = 0x11e8
Thread:
id = 110
os_tid = 0x11e4
Thread:
id = 111
os_tid = 0x12f8
Thread:
id = 112
os_tid = 0x1178
Thread:
id = 113
os_tid = 0x1164
[0198.356] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0198.356] RoInitialize () returned 0x1
[0198.356] RoUninitialize () returned 0x0
[0198.357] ResetEvent (hEvent=0x3f4) returned 1
Process:
id = "8"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x75583000"
os_pid = "0x358"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "3"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b257" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1654
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1655
start_va = 0x6e36810000
end_va = 0x6e3688ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e36810000"
filename = ""
Region:
id = 1656
start_va = 0x6e36a00000
end_va = 0x6e36bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e36a00000"
filename = ""
Region:
id = 1657
start_va = 0x25b573d0000
end_va = 0x25b573effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b573d0000"
filename = ""
Region:
id = 1658
start_va = 0x25b573f0000
end_va = 0x25b57404fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b573f0000"
filename = ""
Region:
id = 1659
start_va = 0x25b57410000
end_va = 0x25b57413fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57410000"
filename = ""
Region:
id = 1660
start_va = 0x25b57420000
end_va = 0x25b57420fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57420000"
filename = ""
Region:
id = 1661
start_va = 0x25b57430000
end_va = 0x25b57431fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57430000"
filename = ""
Region:
id = 1662
start_va = 0x7df5ffdd0000
end_va = 0x7ff5ffdcffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffdd0000"
filename = ""
Region:
id = 1663
start_va = 0x7ff7165e0000
end_va = 0x7ff716602fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7165e0000"
filename = ""
Region:
id = 1664
start_va = 0x7ff716750000
end_va = 0x7ff71675cfff
monitored = 0
entry_point = 0x7ff716753980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1665
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1783
start_va = 0x25b57440000
end_va = 0x25b575f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57440000"
filename = ""
Region:
id = 1784
start_va = 0x25b57600000
end_va = 0x25b577fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57600000"
filename = ""
Region:
id = 1785
start_va = 0x25b57600000
end_va = 0x25b576fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57600000"
filename = ""
Region:
id = 1786
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1787
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1788
start_va = 0x25b573d0000
end_va = 0x25b573dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b573d0000"
filename = ""
Region:
id = 1789
start_va = 0x7ff7164e0000
end_va = 0x7ff7165dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7164e0000"
filename = ""
Region:
id = 1790
start_va = 0x25b57440000
end_va = 0x25b574fdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1791
start_va = 0x25b575f0000
end_va = 0x25b575f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b575f0000"
filename = ""
Region:
id = 1792
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1793
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1794
start_va = 0x6e36890000
end_va = 0x6e3690ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e36890000"
filename = ""
Region:
id = 1795
start_va = 0x7ff9b7a80000
end_va = 0x7ff9b7b73fff
monitored = 0
entry_point = 0x7ff9b7a8a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1796
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1797
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1798
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1799
start_va = 0x25b57500000
end_va = 0x25b57576fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57500000"
filename = ""
Region:
id = 1800
start_va = 0x25b57700000
end_va = 0x25b578fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57700000"
filename = ""
Region:
id = 1801
start_va = 0x25b57700000
end_va = 0x25b577fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57700000"
filename = ""
Region:
id = 1802
start_va = 0x25b57800000
end_va = 0x25b578dcfff
monitored = 0
entry_point = 0x25b5785e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1803
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1804
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1805
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1806
start_va = 0x25b57800000
end_va = 0x25b57987fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57800000"
filename = ""
Region:
id = 1807
start_va = 0x25b57990000
end_va = 0x25b57b10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57990000"
filename = ""
Region:
id = 1808
start_va = 0x25b57b20000
end_va = 0x25b57bdffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57b20000"
filename = ""
Region:
id = 1809
start_va = 0x25b573e0000
end_va = 0x25b573e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1810
start_va = 0x25b57500000
end_va = 0x25b57500fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57500000"
filename = ""
Region:
id = 1811
start_va = 0x25b57510000
end_va = 0x25b57510fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57510000"
filename = ""
Region:
id = 1812
start_va = 0x25b57570000
end_va = 0x25b57576fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57570000"
filename = ""
Region:
id = 1813
start_va = 0x25b57be0000
end_va = 0x25b57cc6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57be0000"
filename = ""
Region:
id = 1814
start_va = 0x25b57cd0000
end_va = 0x25b57ecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57cd0000"
filename = ""
Region:
id = 1815
start_va = 0x25b57d00000
end_va = 0x25b57dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57d00000"
filename = ""
Region:
id = 1816
start_va = 0x6e36c00000
end_va = 0x6e36cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e36c00000"
filename = ""
Region:
id = 1817
start_va = 0x7ff9b5aa0000
end_va = 0x7ff9b5becfff
monitored = 0
entry_point = 0x7ff9b5ae3da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 1818
start_va = 0x7ff9b7590000
end_va = 0x7ff9b759bfff
monitored = 0
entry_point = 0x7ff9b7592480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 1819
start_va = 0x7ff9b5a80000
end_va = 0x7ff9b5a97fff
monitored = 0
entry_point = 0x7ff9b5a85910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1820
start_va = 0x7ff9b5a70000
end_va = 0x7ff9b5a79fff
monitored = 0
entry_point = 0x7ff9b5a71660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1821
start_va = 0x7ff9bbf30000
end_va = 0x7ff9bbff0fff
monitored = 0
entry_point = 0x7ff9bbf50da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1822
start_va = 0x25b57e00000
end_va = 0x25b57f42fff
monitored = 0
entry_point = 0x25b57e28210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1823
start_va = 0x25b57520000
end_va = 0x25b57526fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57520000"
filename = ""
Region:
id = 1824
start_va = 0x25b57e00000
end_va = 0x25b57ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57e00000"
filename = ""
Region:
id = 1825
start_va = 0x25b57e00000
end_va = 0x25b57efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57e00000"
filename = ""
Region:
id = 1826
start_va = 0x25b57f00000
end_va = 0x25b58236fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1827
start_va = 0x6e36d00000
end_va = 0x6e36dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e36d00000"
filename = ""
Region:
id = 1828
start_va = 0x25b57530000
end_va = 0x25b57530fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57530000"
filename = ""
Region:
id = 1829
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1830
start_va = 0x25b57540000
end_va = 0x25b57540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57540000"
filename = ""
Region:
id = 1831
start_va = 0x7ff9b2ec0000
end_va = 0x7ff9b2f7efff
monitored = 0
entry_point = 0x7ff9b2ee1c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 1832
start_va = 0x6e36e00000
end_va = 0x6e36efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e36e00000"
filename = ""
Region:
id = 1833
start_va = 0x6e36f00000
end_va = 0x6e36ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e36f00000"
filename = ""
Region:
id = 1834
start_va = 0x6e37000000
end_va = 0x6e370fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37000000"
filename = ""
Region:
id = 1837
start_va = 0x7ff9b2a90000
end_va = 0x7ff9b2a9afff
monitored = 0
entry_point = 0x7ff9b2a91770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 1838
start_va = 0x7ff9b30d0000
end_va = 0x7ff9b3161fff
monitored = 0
entry_point = 0x7ff9b311a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 1839
start_va = 0x7ff9b2910000
end_va = 0x7ff9b2a8bfff
monitored = 0
entry_point = 0x7ff9b2961650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 1840
start_va = 0x7ff9b8910000
end_va = 0x7ff9b895afff
monitored = 0
entry_point = 0x7ff9b89135f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1841
start_va = 0x7ff9bbd80000
end_va = 0x7ff9bbe26fff
monitored = 0
entry_point = 0x7ff9bbd958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1842
start_va = 0x7ff9b9170000
end_va = 0x7ff9b9336fff
monitored = 0
entry_point = 0x7ff9b91cdb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1843
start_va = 0x7ff9b8960000
end_va = 0x7ff9b896ffff
monitored = 0
entry_point = 0x7ff9b89656e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1844
start_va = 0x7ff9ba210000
end_va = 0x7ff9ba27afff
monitored = 0
entry_point = 0x7ff9ba2290c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1845
start_va = 0x7ff9b66a0000
end_va = 0x7ff9b66dffff
monitored = 0
entry_point = 0x7ff9b66b1960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 1846
start_va = 0x7ff9b28a0000
end_va = 0x7ff9b2900fff
monitored = 0
entry_point = 0x7ff9b28a4b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 1847
start_va = 0x7ff9b27d0000
end_va = 0x7ff9b2897fff
monitored = 0
entry_point = 0x7ff9b28113f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1848
start_va = 0x7ff9b3e70000
end_va = 0x7ff9b3ea5fff
monitored = 0
entry_point = 0x7ff9b3e80070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1849
start_va = 0x6e37100000
end_va = 0x6e371fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37100000"
filename = ""
Region:
id = 1850
start_va = 0x25b57be0000
end_va = 0x25b57cbcfff
monitored = 0
entry_point = 0x25b57c3e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1851
start_va = 0x25b57cc0000
end_va = 0x25b57cc6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57cc0000"
filename = ""
Region:
id = 1852
start_va = 0x6e37200000
end_va = 0x6e372fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37200000"
filename = ""
Region:
id = 1853
start_va = 0x7ff9b2770000
end_va = 0x7ff9b27c4fff
monitored = 0
entry_point = 0x7ff9b277fc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 1854
start_va = 0x7ff9b88e0000
end_va = 0x7ff9b88f3fff
monitored = 0
entry_point = 0x7ff9b88e52e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1855
start_va = 0x6e37300000
end_va = 0x6e373fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37300000"
filename = ""
Region:
id = 1856
start_va = 0x7ff9b26c0000
end_va = 0x7ff9b26e6fff
monitored = 0
entry_point = 0x7ff9b26c3bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 1857
start_va = 0x7ff9ba480000
end_va = 0x7ff9ba4dbfff
monitored = 0
entry_point = 0x7ff9ba49b720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1858
start_va = 0x7ff9ba7a0000
end_va = 0x7ff9bbcfefff
monitored = 0
entry_point = 0x7ff9ba9011f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1859
start_va = 0x7ff9b80a0000
end_va = 0x7ff9b80befff
monitored = 0
entry_point = 0x7ff9b80a5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1860
start_va = 0x7ff9b7d50000
end_va = 0x7ff9b7d5bfff
monitored = 0
entry_point = 0x7ff9b7d527e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1861
start_va = 0x7ff9b2680000
end_va = 0x7ff9b26bdfff
monitored = 0
entry_point = 0x7ff9b268a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1862
start_va = 0x7ff9b9360000
end_va = 0x7ff9b93a2fff
monitored = 0
entry_point = 0x7ff9b9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1863
start_va = 0x7ff9b8b20000
end_va = 0x7ff9b9163fff
monitored = 0
entry_point = 0x7ff9b8ce64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1864
start_va = 0x7ff9bbed0000
end_va = 0x7ff9bbf21fff
monitored = 0
entry_point = 0x7ff9bbedf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1865
start_va = 0x7ff9b8970000
end_va = 0x7ff9b8a24fff
monitored = 0
entry_point = 0x7ff9b89b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1866
start_va = 0x7ff9b2650000
end_va = 0x7ff9b2662fff
monitored = 0
entry_point = 0x7ff9b26557f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 1867
start_va = 0x7ff9b7bd0000
end_va = 0x7ff9b7c25fff
monitored = 0
entry_point = 0x7ff9b7be0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1868
start_va = 0x7ff9b2670000
end_va = 0x7ff9b267ffff
monitored = 0
entry_point = 0x7ff9b2672c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 1869
start_va = 0x7ff9b2640000
end_va = 0x7ff9b264bfff
monitored = 0
entry_point = 0x7ff9b26414d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 1870
start_va = 0x6e37400000
end_va = 0x6e374fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37400000"
filename = ""
Region:
id = 1871
start_va = 0x7ff9b2540000
end_va = 0x7ff9b263bfff
monitored = 0
entry_point = 0x7ff9b2576df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 1872
start_va = 0x7ff9b24f0000
end_va = 0x7ff9b2530fff
monitored = 0
entry_point = 0x7ff9b2507eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 1873
start_va = 0x7ff9b8750000
end_va = 0x7ff9b8768fff
monitored = 0
entry_point = 0x7ff9b8755e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 1874
start_va = 0x25b58240000
end_va = 0x25b58386fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58240000"
filename = ""
Region:
id = 1875
start_va = 0x25b58390000
end_va = 0x25b5858ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58390000"
filename = ""
Region:
id = 1876
start_va = 0x25b58400000
end_va = 0x25b584fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58400000"
filename = ""
Region:
id = 1877
start_va = 0x6e37500000
end_va = 0x6e375fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37500000"
filename = ""
Region:
id = 1878
start_va = 0x7ff9b78e0000
end_va = 0x7ff9b7903fff
monitored = 0
entry_point = 0x7ff9b78e3260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1879
start_va = 0x6e37600000
end_va = 0x6e376fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37600000"
filename = ""
Region:
id = 1880
start_va = 0x7ff9b7b80000
end_va = 0x7ff9b7bc8fff
monitored = 0
entry_point = 0x7ff9b7b8a090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 1881
start_va = 0x7ff9b24d0000
end_va = 0x7ff9b24e0fff
monitored = 0
entry_point = 0x7ff9b24d3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1882
start_va = 0x7ff9b85c0000
end_va = 0x7ff9b85ecfff
monitored = 0
entry_point = 0x7ff9b85d9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1883
start_va = 0x25b57550000
end_va = 0x25b57550fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57550000"
filename = ""
Region:
id = 1884
start_va = 0x25b57550000
end_va = 0x25b57550fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57550000"
filename = ""
Region:
id = 1885
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1886
start_va = 0x6e36910000
end_va = 0x6e3698ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e36910000"
filename = ""
Region:
id = 1887
start_va = 0x7ff9b2460000
end_va = 0x7ff9b24a1fff
monitored = 0
entry_point = 0x7ff9b24627d0
region_type = mapped_file
name = "mstask.dll"
filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")
Region:
id = 1888
start_va = 0x6e37700000
end_va = 0x6e377fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37700000"
filename = ""
Region:
id = 1889
start_va = 0x25b57550000
end_va = 0x25b57551fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57550000"
filename = ""
Region:
id = 1890
start_va = 0x7ff9b23f0000
end_va = 0x7ff9b245dfff
monitored = 0
entry_point = 0x7ff9b23f7f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 1891
start_va = 0x7ff9b23d0000
end_va = 0x7ff9b23e6fff
monitored = 0
entry_point = 0x7ff9b23d5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1892
start_va = 0x7ff9b7e30000
end_va = 0x7ff9b7e60fff
monitored = 0
entry_point = 0x7ff9b7e37d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1893
start_va = 0x6e37800000
end_va = 0x6e378fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37800000"
filename = ""
Region:
id = 1894
start_va = 0x6e37900000
end_va = 0x6e3797ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37900000"
filename = ""
Region:
id = 1895
start_va = 0x6e37980000
end_va = 0x6e37a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37980000"
filename = ""
Region:
id = 1896
start_va = 0x6e37a80000
end_va = 0x6e37afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37a80000"
filename = ""
Region:
id = 1897
start_va = 0x6e37b00000
end_va = 0x6e37bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37b00000"
filename = ""
Region:
id = 1898
start_va = 0x25b57560000
end_va = 0x25b57560fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57560000"
filename = ""
Region:
id = 1899
start_va = 0x7ff9b2210000
end_va = 0x7ff9b22f5fff
monitored = 0
entry_point = 0x7ff9b222cf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 1900
start_va = 0x7ff9b4420000
end_va = 0x7ff9b4555fff
monitored = 0
entry_point = 0x7ff9b444f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1901
start_va = 0x7ff9b2130000
end_va = 0x7ff9b2145fff
monitored = 0
entry_point = 0x7ff9b2131b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1902
start_va = 0x7ff9b2100000
end_va = 0x7ff9b212efff
monitored = 0
entry_point = 0x7ff9b2108910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 1903
start_va = 0x7ff9b20f0000
end_va = 0x7ff9b20fcfff
monitored = 0
entry_point = 0x7ff9b20f2ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 1904
start_va = 0x6e37c00000
end_va = 0x6e37c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37c00000"
filename = ""
Region:
id = 1905
start_va = 0x7ff9b8210000
end_va = 0x7ff9b826bfff
monitored = 0
entry_point = 0x7ff9b8226f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1906
start_va = 0x25b57580000
end_va = 0x25b57580fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57580000"
filename = ""
Region:
id = 1907
start_va = 0x25b57590000
end_va = 0x25b57590fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57590000"
filename = ""
Region:
id = 1908
start_va = 0x7ff9b70d0000
end_va = 0x7ff9b70e2fff
monitored = 0
entry_point = 0x7ff9b70d2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1909
start_va = 0x7ff9b61b0000
end_va = 0x7ff9b61b7fff
monitored = 0
entry_point = 0x7ff9b61b13e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 1910
start_va = 0x7ff9b20c0000
end_va = 0x7ff9b20edfff
monitored = 0
entry_point = 0x7ff9b20c7550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 1911
start_va = 0x7ff9b8420000
end_va = 0x7ff9b8440fff
monitored = 0
entry_point = 0x7ff9b8430250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 1912
start_va = 0x6e37c80000
end_va = 0x6e37d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37c80000"
filename = ""
Region:
id = 1913
start_va = 0x25b57590000
end_va = 0x25b57590fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57590000"
filename = ""
Region:
id = 1914
start_va = 0x25b57590000
end_va = 0x25b57590fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57590000"
filename = ""
Region:
id = 1915
start_va = 0x7ff9b1f60000
end_va = 0x7ff9b1fa0fff
monitored = 0
entry_point = 0x7ff9b1f64840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 1916
start_va = 0x7ff9b7070000
end_va = 0x7ff9b708bfff
monitored = 0
entry_point = 0x7ff9b70737a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 1917
start_va = 0x25b57590000
end_va = 0x25b5759cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 1918
start_va = 0x6e37d80000
end_va = 0x6e37dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37d80000"
filename = ""
Region:
id = 1919
start_va = 0x7ff9b1f40000
end_va = 0x7ff9b1f5ffff
monitored = 0
entry_point = 0x7ff9b1f439a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 1920
start_va = 0x7ff9b7320000
end_va = 0x7ff9b7346fff
monitored = 0
entry_point = 0x7ff9b7327940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1921
start_va = 0x25b575a0000
end_va = 0x25b575a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b575a0000"
filename = ""
Region:
id = 1922
start_va = 0x7ff9b1e20000
end_va = 0x7ff9b1e56fff
monitored = 0
entry_point = 0x7ff9b1e26020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 1923
start_va = 0x7ff9b1dc0000
end_va = 0x7ff9b1e14fff
monitored = 0
entry_point = 0x7ff9b1dc3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 1924
start_va = 0x25b58240000
end_va = 0x25b5833ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58240000"
filename = ""
Region:
id = 1925
start_va = 0x25b58380000
end_va = 0x25b58386fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58380000"
filename = ""
Region:
id = 1926
start_va = 0x7ff9b2b10000
end_va = 0x7ff9b2b1bfff
monitored = 0
entry_point = 0x7ff9b2b12830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 1927
start_va = 0x25b58500000
end_va = 0x25b586fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58500000"
filename = ""
Region:
id = 1928
start_va = 0x25b58500000
end_va = 0x25b585fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58500000"
filename = ""
Region:
id = 1929
start_va = 0x7ff9b1d90000
end_va = 0x7ff9b1da9fff
monitored = 0
entry_point = 0x7ff9b1d92cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 1930
start_va = 0x7ff9ba2c0000
end_va = 0x7ff9ba402fff
monitored = 0
entry_point = 0x7ff9ba2e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1931
start_va = 0x7ff9b1d70000
end_va = 0x7ff9b1d80fff
monitored = 0
entry_point = 0x7ff9b1d77ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 1932
start_va = 0x7ff9b1d40000
end_va = 0x7ff9b1d64fff
monitored = 0
entry_point = 0x7ff9b1d52f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 1933
start_va = 0x7ff9b1d00000
end_va = 0x7ff9b1d38fff
monitored = 0
entry_point = 0x7ff9b1d09c90
region_type = mapped_file
name = "aepic.dll"
filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll")
Region:
id = 1934
start_va = 0x7ff9b1ce0000
end_va = 0x7ff9b1cf0fff
monitored = 0
entry_point = 0x7ff9b1ce3e10
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")
Region:
id = 1935
start_va = 0x7ff9b4090000
end_va = 0x7ff9b4411fff
monitored = 0
entry_point = 0x7ff9b40e1220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1936
start_va = 0x7ff9b1c00000
end_va = 0x7ff9b1cb0fff
monitored = 0
entry_point = 0x7ff9b1c788b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 1939
start_va = 0x7ff9b1be0000
end_va = 0x7ff9b1bf1fff
monitored = 0
entry_point = 0x7ff9b1be9260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 1940
start_va = 0x7ff9b1b30000
end_va = 0x7ff9b1bddfff
monitored = 0
entry_point = 0x7ff9b1b480c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 1941
start_va = 0x7ff9b2aa0000
end_va = 0x7ff9b2b03fff
monitored = 0
entry_point = 0x7ff9b2ab5ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1942
start_va = 0x7ff9b83e0000
end_va = 0x7ff9b83eafff
monitored = 0
entry_point = 0x7ff9b83e19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1943
start_va = 0x7ff9b6ee0000
end_va = 0x7ff9b7065fff
monitored = 0
entry_point = 0x7ff9b6f2d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1944
start_va = 0x25b575b0000
end_va = 0x25b575b3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1945
start_va = 0x25b57be0000
end_va = 0x25b57c24fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 1946
start_va = 0x25b575c0000
end_va = 0x25b575c3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1947
start_va = 0x25b57c30000
end_va = 0x25b57cbdfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 1948
start_va = 0x25b575d0000
end_va = 0x25b575e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 1949
start_va = 0x25b58600000
end_va = 0x25b587fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58600000"
filename = ""
Region:
id = 1950
start_va = 0x25b58600000
end_va = 0x25b586fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b58600000"
filename = ""
Region:
id = 1963
start_va = 0x6e37e00000
end_va = 0x6e37e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37e00000"
filename = ""
Region:
id = 1964
start_va = 0x6e37e80000
end_va = 0x6e37f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37e80000"
filename = ""
Region:
id = 1965
start_va = 0x7ff9b10b0000
end_va = 0x7ff9b1149fff
monitored = 0
entry_point = 0x7ff9b10cada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 1966
start_va = 0x7ff9b0fe0000
end_va = 0x7ff9b0fedfff
monitored = 0
entry_point = 0x7ff9b0fe1460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2072
start_va = 0x7ff9b0ff0000
end_va = 0x7ff9b10affff
monitored = 0
entry_point = 0x7ff9b101fd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 2084
start_va = 0x25b57cd0000
end_va = 0x25b57cd0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000025b57cd0000"
filename = ""
Region:
id = 2089
start_va = 0x7ff9b7090000
end_va = 0x7ff9b70c1fff
monitored = 0
entry_point = 0x7ff9b709b0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 2090
start_va = 0x7ff9b0e20000
end_va = 0x7ff9b0ebafff
monitored = 0
entry_point = 0x7ff9b0e27220
region_type = mapped_file
name = "settingsync.dll"
filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll")
Region:
id = 2091
start_va = 0x25b57cd0000
end_va = 0x25b57cd1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57cd0000"
filename = ""
Region:
id = 2092
start_va = 0x25b58700000
end_va = 0x25b587dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2093
start_va = 0x7ff9b0dc0000
end_va = 0x7ff9b0e11fff
monitored = 0
entry_point = 0x7ff9b0dc38e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 2094
start_va = 0x7ff9b0d90000
end_va = 0x7ff9b0dbcfff
monitored = 0
entry_point = 0x7ff9b0d92290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 2095
start_va = 0x7ff9b0d80000
end_va = 0x7ff9b0d88fff
monitored = 0
entry_point = 0x7ff9b0d81ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 2096
start_va = 0x7ff9b1e60000
end_va = 0x7ff9b1e97fff
monitored = 0
entry_point = 0x7ff9b1e78cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2097
start_va = 0x6e37f80000
end_va = 0x6e3807ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e37f80000"
filename = ""
Region:
id = 2098
start_va = 0x6e38080000
end_va = 0x6e380fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e38080000"
filename = ""
Region:
id = 2099
start_va = 0x7ff9b0d70000
end_va = 0x7ff9b0d7ffff
monitored = 0
entry_point = 0x7ff9b0d71700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 2100
start_va = 0x7ff9b8a30000
end_va = 0x7ff9b8ab5fff
monitored = 0
entry_point = 0x7ff9b8a3d8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 2101
start_va = 0x7ff9b7760000
end_va = 0x7ff9b7791fff
monitored = 0
entry_point = 0x7ff9b7772340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 2106
start_va = 0x7ff9b0cb0000
end_va = 0x7ff9b0cc0fff
monitored = 0
entry_point = 0x7ff9b0cb28d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 2109
start_va = 0x7ff9b78d0000
end_va = 0x7ff9b78dbfff
monitored = 0
entry_point = 0x7ff9b78d2790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 2111
start_va = 0x6e38100000
end_va = 0x6e381fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e38100000"
filename = ""
Region:
id = 2131
start_va = 0x6e38200000
end_va = 0x6e3827ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e38200000"
filename = ""
Region:
id = 2132
start_va = 0x7ff9b26f0000
end_va = 0x7ff9b2769fff
monitored = 0
entry_point = 0x7ff9b2717630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2133
start_va = 0x7ff9b87a0000
end_va = 0x7ff9b8838fff
monitored = 0
entry_point = 0x7ff9b87cf4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 2134
start_va = 0x25b57ce0000
end_va = 0x25b57ce1fff
monitored = 0
entry_point = 0x25b57ce5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2135
start_va = 0x25b57cf0000
end_va = 0x25b57cf4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2136
start_va = 0x25b58340000
end_va = 0x25b58340fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b58340000"
filename = ""
Region:
id = 2206
start_va = 0x25b57ce0000
end_va = 0x25b57ce0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57ce0000"
filename = ""
Region:
id = 2234
start_va = 0x25b57ce0000
end_va = 0x25b57ce1fff
monitored = 0
entry_point = 0x25b57ce5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2235
start_va = 0x25b57cf0000
end_va = 0x25b57cf4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2236
start_va = 0x25b57ce0000
end_va = 0x25b57ce1fff
monitored = 0
entry_point = 0x25b57ce5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2237
start_va = 0x25b57cf0000
end_va = 0x25b57cf4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2249
start_va = 0x7ff9b0250000
end_va = 0x7ff9b0293fff
monitored = 0
entry_point = 0x7ff9b025c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2250
start_va = 0x7ff9b61c0000
end_va = 0x7ff9b627dfff
monitored = 0
entry_point = 0x7ff9b6202d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2254
start_va = 0x6e38380000
end_va = 0x6e3847ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e38380000"
filename = ""
Region:
id = 2256
start_va = 0x25b57ce0000
end_va = 0x25b57ce0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57ce0000"
filename = ""
Region:
id = 2257
start_va = 0x6e38480000
end_va = 0x6e3857ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e38480000"
filename = ""
Region:
id = 2260
start_va = 0x25b57ce0000
end_va = 0x25b57ce0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000025b57ce0000"
filename = ""
Region:
id = 2261
start_va = 0x7ff9b6980000
end_va = 0x7ff9b6e12fff
monitored = 0
entry_point = 0x7ff9b698f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2736
start_va = 0x7ff9af570000
end_va = 0x7ff9af812fff
monitored = 0
entry_point = 0x7ff9af596190
region_type = mapped_file
name = "windows.staterepository.dll"
filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")
Region:
id = 2739
start_va = 0x7ff9ae3b0000
end_va = 0x7ff9ae443fff
monitored = 0
entry_point = 0x7ff9ae3e9210
region_type = mapped_file
name = "staterepository.core.dll"
filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")
Region:
id = 2825
start_va = 0x7ff9b7130000
end_va = 0x7ff9b7143fff
monitored = 0
entry_point = 0x7ff9b7135080
region_type = mapped_file
name = "windows.staterepositorybroker.dll"
filename = "\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll")
Region:
id = 2826
start_va = 0x6e38580000
end_va = 0x6e385fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000006e38580000"
filename = ""
Region:
id = 2954
start_va = 0x7ff9b5650000
end_va = 0x7ff9b575dfff
monitored = 0
entry_point = 0x7ff9b569eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 2955
start_va = 0x7ff9b4090000
end_va = 0x7ff9b4411fff
monitored = 0
entry_point = 0x7ff9b40e1220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 2964
start_va = 0x7ff9b55a0000
end_va = 0x7ff9b5648fff
monitored = 0
entry_point = 0x7ff9b55c9010
region_type = mapped_file
name = "windows.ui.dll"
filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")
Region:
id = 2965
start_va = 0x7ff9b6e20000
end_va = 0x7ff9b6e86fff
monitored = 0
entry_point = 0x7ff9b6e3e710
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")
Thread:
id = 114
os_tid = 0x35c
Thread:
id = 115
os_tid = 0x374
Thread:
id = 116
os_tid = 0x3c0
Thread:
id = 117
os_tid = 0x158
Thread:
id = 118
os_tid = 0x1b0
Thread:
id = 119
os_tid = 0x16c
Thread:
id = 120
os_tid = 0x20c
Thread:
id = 121
os_tid = 0x28c
Thread:
id = 122
os_tid = 0x2cc
Thread:
id = 123
os_tid = 0x2c4
Thread:
id = 124
os_tid = 0x3d0
Thread:
id = 125
os_tid = 0x154
Thread:
id = 126
os_tid = 0x404
Thread:
id = 127
os_tid = 0x408
Thread:
id = 128
os_tid = 0x40c
Thread:
id = 129
os_tid = 0x410
Thread:
id = 130
os_tid = 0x414
Thread:
id = 131
os_tid = 0x418
Thread:
id = 132
os_tid = 0x41c
Thread:
id = 133
os_tid = 0x420
Thread:
id = 134
os_tid = 0x444
Thread:
id = 135
os_tid = 0x45c
Thread:
id = 136
os_tid = 0x46c
Thread:
id = 137
os_tid = 0x4d8
Thread:
id = 138
os_tid = 0x50c
Thread:
id = 156
os_tid = 0x570
Thread:
id = 157
os_tid = 0x574
Thread:
id = 159
os_tid = 0x5c0
Thread:
id = 167
os_tid = 0x5c8
Thread:
id = 174
os_tid = 0x63c
Thread:
id = 176
os_tid = 0x64c
Thread:
id = 178
os_tid = 0x664
Thread:
id = 267
os_tid = 0x7bc
Process:
id = "9"
image_name = "taskhostw.exe"
filename = "c:\\windows\\system32\\taskhostw.exe"
page_root = "0x4849c000"
os_pid = "0x4d0"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "8"
os_parent_pid = "0x358"
cmd_line = "taskhostw.exe SYSTEM"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b257" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1951
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1952
start_va = 0xf946ae0000
end_va = 0xf946b5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000f946ae0000"
filename = ""
Region:
id = 1953
start_va = 0xf946c00000
end_va = 0xf946dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000f946c00000"
filename = ""
Region:
id = 1954
start_va = 0x27bc1140000
end_va = 0x27bc115ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc1140000"
filename = ""
Region:
id = 1955
start_va = 0x27bc1160000
end_va = 0x27bc1174fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc1160000"
filename = ""
Region:
id = 1956
start_va = 0x27bc1180000
end_va = 0x27bc1183fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc1180000"
filename = ""
Region:
id = 1957
start_va = 0x27bc1190000
end_va = 0x27bc1190fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc1190000"
filename = ""
Region:
id = 1958
start_va = 0x27bc11a0000
end_va = 0x27bc11a1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc11a0000"
filename = ""
Region:
id = 1959
start_va = 0x7df5ff230000
end_va = 0x7ff5ff22ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff230000"
filename = ""
Region:
id = 1960
start_va = 0x7ff7508a0000
end_va = 0x7ff7508c2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7508a0000"
filename = ""
Region:
id = 1961
start_va = 0x7ff751480000
end_va = 0x7ff751498fff
monitored = 0
entry_point = 0x7ff7514859b0
region_type = mapped_file
name = "taskhostw.exe"
filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")
Region:
id = 1962
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2073
start_va = 0x27bc11b0000
end_va = 0x27bc13bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc11b0000"
filename = ""
Region:
id = 2074
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2075
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2076
start_va = 0x27bc1140000
end_va = 0x27bc114ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc1140000"
filename = ""
Region:
id = 2077
start_va = 0x7ff7507a0000
end_va = 0x7ff75089ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7507a0000"
filename = ""
Region:
id = 2078
start_va = 0x27bc11b0000
end_va = 0x27bc126dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2079
start_va = 0x27bc12c0000
end_va = 0x27bc13bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc12c0000"
filename = ""
Region:
id = 2080
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2081
start_va = 0xf946b60000
end_va = 0xf946bdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000f946b60000"
filename = ""
Region:
id = 2082
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2083
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2117
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2118
start_va = 0x7ff9bbf30000
end_va = 0x7ff9bbff0fff
monitored = 0
entry_point = 0x7ff9bbf50da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2119
start_va = 0x27bc13c0000
end_va = 0x27bc151ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc13c0000"
filename = ""
Region:
id = 2120
start_va = 0x27bc1150000
end_va = 0x27bc1156fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc1150000"
filename = ""
Region:
id = 2121
start_va = 0x27bc13c0000
end_va = 0x27bc1502fff
monitored = 0
entry_point = 0x27bc13e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2122
start_va = 0x27bc1510000
end_va = 0x27bc151ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc1510000"
filename = ""
Region:
id = 2123
start_va = 0x27bc13c0000
end_va = 0x27bc149cfff
monitored = 0
entry_point = 0x27bc141e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2124
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2125
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2126
start_va = 0x27bc1270000
end_va = 0x27bc1276fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc1270000"
filename = ""
Region:
id = 2127
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2128
start_va = 0x27bc13c0000
end_va = 0x27bc147ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc13c0000"
filename = ""
Region:
id = 2129
start_va = 0x27bc1520000
end_va = 0x27bc16a7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc1520000"
filename = ""
Region:
id = 2130
start_va = 0x27bc16b0000
end_va = 0x27bc1830fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc16b0000"
filename = ""
Region:
id = 2212
start_va = 0x27bc1280000
end_va = 0x27bc1280fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskhostw.exe.mui"
filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui")
Region:
id = 2213
start_va = 0x27bc1290000
end_va = 0x27bc1290fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc1290000"
filename = ""
Region:
id = 2214
start_va = 0x27bc12a0000
end_va = 0x27bc12a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000027bc12a0000"
filename = ""
Region:
id = 2220
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2592
start_va = 0xf946e00000
end_va = 0xf946e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000f946e00000"
filename = ""
Region:
id = 2593
start_va = 0xf946e80000
end_va = 0xf946efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000f946e80000"
filename = ""
Region:
id = 2594
start_va = 0x27bc12b0000
end_va = 0x27bc12b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc12b0000"
filename = ""
Region:
id = 2595
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2596
start_va = 0x27bc1480000
end_va = 0x27bc1480fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000027bc1480000"
filename = ""
Region:
id = 2597
start_va = 0x7ff9addc0000
end_va = 0x7ff9addd0fff
monitored = 0
entry_point = 0x7ff9addc6710
region_type = mapped_file
name = "tpmtasks.dll"
filename = "\\Windows\\System32\\TpmTasks.dll" (normalized: "c:\\windows\\system32\\tpmtasks.dll")
Region:
id = 2734
start_va = 0x7ff9bbd80000
end_va = 0x7ff9bbe26fff
monitored = 0
entry_point = 0x7ff9bbd958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2735
start_va = 0x7ff9b71d0000
end_va = 0x7ff9b723dfff
monitored = 0
entry_point = 0x7ff9b721e6c0
region_type = mapped_file
name = "tpmcoreprovisioning.dll"
filename = "\\Windows\\System32\\TpmCoreProvisioning.dll" (normalized: "c:\\windows\\system32\\tpmcoreprovisioning.dll")
Region:
id = 2956
start_va = 0x7ff9b9170000
end_va = 0x7ff9b9336fff
monitored = 0
entry_point = 0x7ff9b91cdb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2957
start_va = 0x7ff9b8960000
end_va = 0x7ff9b896ffff
monitored = 0
entry_point = 0x7ff9b89656e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2958
start_va = 0x7ff9b84b0000
end_va = 0x7ff9b84d6fff
monitored = 0
entry_point = 0x7ff9b84c0aa0
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 2959
start_va = 0x7ff9b27d0000
end_va = 0x7ff9b2897fff
monitored = 0
entry_point = 0x7ff9b28113f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2960
start_va = 0x7ff9b2680000
end_va = 0x7ff9b26bdfff
monitored = 0
entry_point = 0x7ff9b268a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2961
start_va = 0x7ff9b7d50000
end_va = 0x7ff9b7d5bfff
monitored = 0
entry_point = 0x7ff9b7d527e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2962
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2963
start_va = 0x7ff9b8470000
end_va = 0x7ff9b84a9fff
monitored = 0
entry_point = 0x7ff9b8478d20
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Thread:
id = 155
os_tid = 0x4d4
Thread:
id = 161
os_tid = 0x558
Thread:
id = 233
os_tid = 0x6f8
Thread:
id = 234
os_tid = 0x6f4
Process:
id = "10"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x76202000"
os_pid = "0x3a0"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "8"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xe], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cfbc" [0xc000000f], "LOCAL" [0x7]
Region:
id = 1967
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1968
start_va = 0x3873aa0000
end_va = 0x3873b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003873aa0000"
filename = ""
Region:
id = 1969
start_va = 0x3873b20000
end_va = 0x3873b9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003873b20000"
filename = ""
Region:
id = 1970
start_va = 0x3873c00000
end_va = 0x3873dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003873c00000"
filename = ""
Region:
id = 1971
start_va = 0x3873f00000
end_va = 0x3873ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003873f00000"
filename = ""
Region:
id = 1972
start_va = 0x3874000000
end_va = 0x38740fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874000000"
filename = ""
Region:
id = 1973
start_va = 0x3874100000
end_va = 0x38741fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874100000"
filename = ""
Region:
id = 1974
start_va = 0x3874300000
end_va = 0x38743fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874300000"
filename = ""
Region:
id = 1975
start_va = 0x3874400000
end_va = 0x38744fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874400000"
filename = ""
Region:
id = 1976
start_va = 0x3874500000
end_va = 0x38745fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874500000"
filename = ""
Region:
id = 1977
start_va = 0x3874700000
end_va = 0x387477ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874700000"
filename = ""
Region:
id = 1978
start_va = 0x3874880000
end_va = 0x387497ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874880000"
filename = ""
Region:
id = 1979
start_va = 0x3874a80000
end_va = 0x3874b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874a80000"
filename = ""
Region:
id = 1980
start_va = 0x3874b80000
end_va = 0x3874c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874b80000"
filename = ""
Region:
id = 1981
start_va = 0x3874c80000
end_va = 0x3874d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874c80000"
filename = ""
Region:
id = 1982
start_va = 0x3874d80000
end_va = 0x3874e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874d80000"
filename = ""
Region:
id = 1983
start_va = 0x3874e80000
end_va = 0x3874f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874e80000"
filename = ""
Region:
id = 1984
start_va = 0x3874f80000
end_va = 0x387507ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003874f80000"
filename = ""
Region:
id = 1985
start_va = 0x14abb630000
end_va = 0x14abb63ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb630000"
filename = ""
Region:
id = 1986
start_va = 0x14abb640000
end_va = 0x14abb640fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 1987
start_va = 0x14abb650000
end_va = 0x14abb664fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb650000"
filename = ""
Region:
id = 1988
start_va = 0x14abb670000
end_va = 0x14abb673fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb670000"
filename = ""
Region:
id = 1989
start_va = 0x14abb680000
end_va = 0x14abb680fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb680000"
filename = ""
Region:
id = 1990
start_va = 0x14abb690000
end_va = 0x14abb691fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abb690000"
filename = ""
Region:
id = 1991
start_va = 0x14abb6a0000
end_va = 0x14abb75dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1992
start_va = 0x14abb760000
end_va = 0x14abb760fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abb760000"
filename = ""
Region:
id = 1993
start_va = 0x14abb770000
end_va = 0x14abb770fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abb770000"
filename = ""
Region:
id = 1994
start_va = 0x14abb780000
end_va = 0x14abb780fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb780000"
filename = ""
Region:
id = 1995
start_va = 0x14abb790000
end_va = 0x14abb790fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb790000"
filename = ""
Region:
id = 1996
start_va = 0x14abb7a0000
end_va = 0x14abb7a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb7a0000"
filename = ""
Region:
id = 1997
start_va = 0x14abb7b0000
end_va = 0x14abb7b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abb7b0000"
filename = ""
Region:
id = 1998
start_va = 0x14abb7c0000
end_va = 0x14abb7c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netprofmsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui")
Region:
id = 1999
start_va = 0x14abb800000
end_va = 0x14abb8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abb800000"
filename = ""
Region:
id = 2000
start_va = 0x14abb900000
end_va = 0x14abb9bffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb900000"
filename = ""
Region:
id = 2001
start_va = 0x14abba10000
end_va = 0x14abba58fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 2002
start_va = 0x14abba70000
end_va = 0x14abba76fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abba70000"
filename = ""
Region:
id = 2003
start_va = 0x14abbb00000
end_va = 0x14abbbfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abbb00000"
filename = ""
Region:
id = 2004
start_va = 0x14abbc00000
end_va = 0x14abbd87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abbc00000"
filename = ""
Region:
id = 2005
start_va = 0x14abbd90000
end_va = 0x14abbf10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abbd90000"
filename = ""
Region:
id = 2006
start_va = 0x14abbf20000
end_va = 0x14abbff3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuil.ttf"
filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf")
Region:
id = 2007
start_va = 0x14abc0a0000
end_va = 0x14abc0a6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abc0a0000"
filename = ""
Region:
id = 2008
start_va = 0x14abc100000
end_va = 0x14abc1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abc100000"
filename = ""
Region:
id = 2009
start_va = 0x14abc200000
end_va = 0x14abd1fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 2010
start_va = 0x14abd200000
end_va = 0x14abd536fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2011
start_va = 0x14abd540000
end_va = 0x14abd603fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuisl.ttf"
filename = "\\Windows\\Fonts\\segoeuisl.ttf" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf")
Region:
id = 2012
start_va = 0x14abd740000
end_va = 0x14abd83ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abd740000"
filename = ""
Region:
id = 2013
start_va = 0x14abd900000
end_va = 0x14abd9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abd900000"
filename = ""
Region:
id = 2014
start_va = 0x14abda00000
end_va = 0x14abdafffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abda00000"
filename = ""
Region:
id = 2015
start_va = 0x14abe200000
end_va = 0x14abe2fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abe200000"
filename = ""
Region:
id = 2016
start_va = 0x14abe300000
end_va = 0x14abeafffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-s-1-5-18.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-18.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-18.dat")
Region:
id = 2017
start_va = 0x7df5ff4c0000
end_va = 0x7ff5ff4bffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff4c0000"
filename = ""
Region:
id = 2018
start_va = 0x7ff715750000
end_va = 0x7ff71584ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff715750000"
filename = ""
Region:
id = 2019
start_va = 0x7ff715850000
end_va = 0x7ff715872fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff715850000"
filename = ""
Region:
id = 2020
start_va = 0x7ff716750000
end_va = 0x7ff71675cfff
monitored = 0
entry_point = 0x7ff716753980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2021
start_va = 0x7ff9b0fe0000
end_va = 0x7ff9b0fedfff
monitored = 0
entry_point = 0x7ff9b0fe1460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2022
start_va = 0x7ff9b1150000
end_va = 0x7ff9b11dafff
monitored = 0
entry_point = 0x7ff9b116d2a0
region_type = mapped_file
name = "netprofmsvc.dll"
filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll")
Region:
id = 2023
start_va = 0x7ff9b1db0000
end_va = 0x7ff9b1dbcfff
monitored = 0
entry_point = 0x7ff9b1db2650
region_type = mapped_file
name = "nsisvc.dll"
filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")
Region:
id = 2024
start_va = 0x7ff9b2640000
end_va = 0x7ff9b264bfff
monitored = 0
entry_point = 0x7ff9b26414d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 2025
start_va = 0x7ff9b26f0000
end_va = 0x7ff9b2769fff
monitored = 0
entry_point = 0x7ff9b2717630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2026
start_va = 0x7ff9b2ce0000
end_va = 0x7ff9b2d08fff
monitored = 0
entry_point = 0x7ff9b2cf24d0
region_type = mapped_file
name = "fontprovider.dll"
filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll")
Region:
id = 2027
start_va = 0x7ff9b2d10000
end_va = 0x7ff9b2eb1fff
monitored = 0
entry_point = 0x7ff9b2d5c2d0
region_type = mapped_file
name = "fntcache.dll"
filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")
Region:
id = 2028
start_va = 0x7ff9b3040000
end_va = 0x7ff9b3089fff
monitored = 0
entry_point = 0x7ff9b304ac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 2029
start_va = 0x7ff9b3090000
end_va = 0x7ff9b30c2fff
monitored = 0
entry_point = 0x7ff9b309d5a0
region_type = mapped_file
name = "biwinrt.dll"
filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")
Region:
id = 2030
start_va = 0x7ff9b30d0000
end_va = 0x7ff9b3161fff
monitored = 0
entry_point = 0x7ff9b311a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2031
start_va = 0x7ff9b3170000
end_va = 0x7ff9b31e8fff
monitored = 0
entry_point = 0x7ff9b3187800
region_type = mapped_file
name = "geolocation.dll"
filename = "\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll")
Region:
id = 2032
start_va = 0x7ff9b3e70000
end_va = 0x7ff9b3ea5fff
monitored = 0
entry_point = 0x7ff9b3e80070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2033
start_va = 0x7ff9b3eb0000
end_va = 0x7ff9b3ec9fff
monitored = 0
entry_point = 0x7ff9b3ebb670
region_type = mapped_file
name = "tzautoupdate.dll"
filename = "\\Windows\\System32\\tzautoupdate.dll" (normalized: "c:\\windows\\system32\\tzautoupdate.dll")
Region:
id = 2034
start_va = 0x7ff9b5a80000
end_va = 0x7ff9b5a97fff
monitored = 0
entry_point = 0x7ff9b5a85910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2035
start_va = 0x7ff9b7400000
end_va = 0x7ff9b74fffff
monitored = 0
entry_point = 0x7ff9b7440f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2036
start_va = 0x7ff9b7a80000
end_va = 0x7ff9b7b73fff
monitored = 0
entry_point = 0x7ff9b7a8a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2037
start_va = 0x7ff9b80a0000
end_va = 0x7ff9b80befff
monitored = 0
entry_point = 0x7ff9b80a5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2038
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2039
start_va = 0x7ff9b88e0000
end_va = 0x7ff9b88f3fff
monitored = 0
entry_point = 0x7ff9b88e52e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2040
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2041
start_va = 0x7ff9b8970000
end_va = 0x7ff9b8a24fff
monitored = 0
entry_point = 0x7ff9b89b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2042
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2043
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2044
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2045
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2046
start_va = 0x7ff9b9df0000
end_va = 0x7ff9b9df7fff
monitored = 0
entry_point = 0x7ff9b9df1ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2047
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2048
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2049
start_va = 0x7ff9ba2c0000
end_va = 0x7ff9ba402fff
monitored = 0
entry_point = 0x7ff9ba2e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2050
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2051
start_va = 0x7ff9bbd80000
end_va = 0x7ff9bbe26fff
monitored = 0
entry_point = 0x7ff9bbd958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2052
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2053
start_va = 0x7ff9bbf30000
end_va = 0x7ff9bbff0fff
monitored = 0
entry_point = 0x7ff9bbf50da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2054
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2055
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2056
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2057
start_va = 0x14abb7d0000
end_va = 0x14abb7fdfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000014abb7d0000"
filename = ""
Region:
id = 2063
start_va = 0x14abd610000
end_va = 0x14abd6effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2064
start_va = 0x7ff9b0fc0000
end_va = 0x7ff9b0fd3fff
monitored = 0
entry_point = 0x7ff9b0fc1a50
region_type = mapped_file
name = "wlanradiomanager.dll"
filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll")
Region:
id = 2065
start_va = 0x7ff9b1e60000
end_va = 0x7ff9b1e97fff
monitored = 0
entry_point = 0x7ff9b1e78cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2066
start_va = 0x7ff9b28a0000
end_va = 0x7ff9b2900fff
monitored = 0
entry_point = 0x7ff9b28a4b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 2067
start_va = 0x7ff9b0fa0000
end_va = 0x7ff9b0fb8fff
monitored = 0
entry_point = 0x7ff9b0fa2180
region_type = mapped_file
name = "bthradiomedia.dll"
filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll")
Region:
id = 2068
start_va = 0x7ff9b9360000
end_va = 0x7ff9b93a2fff
monitored = 0
entry_point = 0x7ff9b9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2069
start_va = 0x7ff9b7320000
end_va = 0x7ff9b7346fff
monitored = 0
entry_point = 0x7ff9b7327940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2070
start_va = 0x7ff9b0f20000
end_va = 0x7ff9b0f3dfff
monitored = 0
entry_point = 0x7ff9b0f21690
region_type = mapped_file
name = "bluetoothapis.dll"
filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll")
Region:
id = 2071
start_va = 0x7ff9b1a60000
end_va = 0x7ff9b1a6afff
monitored = 0
entry_point = 0x7ff9b1a61d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2085
start_va = 0x7ff9ba210000
end_va = 0x7ff9ba27afff
monitored = 0
entry_point = 0x7ff9ba2290c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2086
start_va = 0x7ff9b8210000
end_va = 0x7ff9b826bfff
monitored = 0
entry_point = 0x7ff9b8226f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2087
start_va = 0x14abdb00000
end_va = 0x14abdcfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abdb00000"
filename = ""
Region:
id = 2088
start_va = 0x14abdb00000
end_va = 0x14abdbfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000014abdb00000"
filename = ""
Region:
id = 2104
start_va = 0x7ff9b78e0000
end_va = 0x7ff9b7903fff
monitored = 0
entry_point = 0x7ff9b78e3260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2107
start_va = 0x3875080000
end_va = 0x387517ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003875080000"
filename = ""
Region:
id = 2108
start_va = 0x7ff9b27d0000
end_va = 0x7ff9b2897fff
monitored = 0
entry_point = 0x7ff9b28113f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2110
start_va = 0x7ff9b8910000
end_va = 0x7ff9b895afff
monitored = 0
entry_point = 0x7ff9b89135f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2112
start_va = 0x3875180000
end_va = 0x387527ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000003875180000"
filename = ""
Region:
id = 2113
start_va = 0x7ff9b1ce0000
end_va = 0x7ff9b1cf5fff
monitored = 0
entry_point = 0x7ff9b1ce19f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 2114
start_va = 0x7ff9b1cc0000
end_va = 0x7ff9b1cd9fff
monitored = 0
entry_point = 0x7ff9b1cc2430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 2115
start_va = 0x7ff9b7350000
end_va = 0x7ff9b73f9fff
monitored = 0
entry_point = 0x7ff9b7377910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 2116
start_va = 0x7ff9b3ec0000
end_va = 0x7ff9b3ec9fff
monitored = 0
entry_point = 0x7ff9b3ec14c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Thread:
id = 139
os_tid = 0x52c
Thread:
id = 140
os_tid = 0x528
Thread:
id = 141
os_tid = 0x524
Thread:
id = 142
os_tid = 0x520
Thread:
id = 143
os_tid = 0x51c
Thread:
id = 144
os_tid = 0x510
Thread:
id = 145
os_tid = 0x4b8
Thread:
id = 146
os_tid = 0x3d4
Thread:
id = 147
os_tid = 0x1b4
Thread:
id = 148
os_tid = 0x1c8
Thread:
id = 149
os_tid = 0x170
Thread:
id = 150
os_tid = 0x3f8
Thread:
id = 151
os_tid = 0x3f4
Thread:
id = 152
os_tid = 0x3f0
Thread:
id = 153
os_tid = 0x3ac
Thread:
id = 154
os_tid = 0x3a4
Thread:
id = 158
os_tid = 0x5bc
Thread:
id = 160
os_tid = 0x5c4
Process:
id = "11"
image_name = "sihost.exe"
filename = "c:\\windows\\system32\\sihost.exe"
page_root = "0x3901f000"
os_pid = "0x5e8"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "8"
os_parent_pid = "0x358"
cmd_line = "sihost.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00011ac1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2137
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2138
start_va = 0x2c602a0000
end_va = 0x2c6031ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c602a0000"
filename = ""
Region:
id = 2139
start_va = 0x2c60400000
end_va = 0x2c605fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60400000"
filename = ""
Region:
id = 2140
start_va = 0x1807f7f0000
end_va = 0x1807f80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807f7f0000"
filename = ""
Region:
id = 2141
start_va = 0x1807f810000
end_va = 0x1807f824fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001807f810000"
filename = ""
Region:
id = 2142
start_va = 0x1807f830000
end_va = 0x1807f833fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001807f830000"
filename = ""
Region:
id = 2143
start_va = 0x1807f840000
end_va = 0x1807f841fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807f840000"
filename = ""
Region:
id = 2144
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2145
start_va = 0x7ff7018b0000
end_va = 0x7ff7018d2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7018b0000"
filename = ""
Region:
id = 2146
start_va = 0x7ff702810000
end_va = 0x7ff702825fff
monitored = 0
entry_point = 0x7ff702815190
region_type = mapped_file
name = "sihost.exe"
filename = "\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe")
Region:
id = 2147
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2148
start_va = 0x1807f850000
end_va = 0x1807faaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807f850000"
filename = ""
Region:
id = 2149
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2150
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2151
start_va = 0x1807f7f0000
end_va = 0x1807f7fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001807f7f0000"
filename = ""
Region:
id = 2152
start_va = 0x7ff7017b0000
end_va = 0x7ff7018affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7017b0000"
filename = ""
Region:
id = 2153
start_va = 0x1807f850000
end_va = 0x1807f90dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2154
start_va = 0x1807f9b0000
end_va = 0x1807faaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807f9b0000"
filename = ""
Region:
id = 2155
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2156
start_va = 0x2c60320000
end_va = 0x2c6039ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60320000"
filename = ""
Region:
id = 2157
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2158
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2159
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2160
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2161
start_va = 0x7ff9bbd80000
end_va = 0x7ff9bbe26fff
monitored = 0
entry_point = 0x7ff9bbd958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2162
start_va = 0x1807f800000
end_va = 0x1807f806fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807f800000"
filename = ""
Region:
id = 2163
start_va = 0x7ff9b7e30000
end_va = 0x7ff9b7e60fff
monitored = 0
entry_point = 0x7ff9b7e37d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2164
start_va = 0x7ff9b61c0000
end_va = 0x7ff9b627dfff
monitored = 0
entry_point = 0x7ff9b6202d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2165
start_va = 0x7ff9b0510000
end_va = 0x7ff9b0797fff
monitored = 0
entry_point = 0x7ff9b056f670
region_type = mapped_file
name = "coreuicomponents.dll"
filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")
Region:
id = 2166
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2167
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2168
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2169
start_va = 0x7ff9b8970000
end_va = 0x7ff9b8a24fff
monitored = 0
entry_point = 0x7ff9b89b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2170
start_va = 0x7ff9b4420000
end_va = 0x7ff9b4555fff
monitored = 0
entry_point = 0x7ff9b444f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2171
start_va = 0x1807fab0000
end_va = 0x1807fc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807fab0000"
filename = ""
Region:
id = 2172
start_va = 0x1807f910000
end_va = 0x1807f916fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807f910000"
filename = ""
Region:
id = 2173
start_va = 0x1807f920000
end_va = 0x1807f958fff
monitored = 0
entry_point = 0x1807f9212f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2174
start_va = 0x1807fab0000
end_va = 0x1807fc37fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001807fab0000"
filename = ""
Region:
id = 2175
start_va = 0x1807fc70000
end_va = 0x1807fc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807fc70000"
filename = ""
Region:
id = 2176
start_va = 0x7ff9ba280000
end_va = 0x7ff9ba2bafff
monitored = 0
entry_point = 0x7ff9ba2812f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2177
start_va = 0x18000000000
end_va = 0x180013fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000018000000000"
filename = ""
Region:
id = 2178
start_va = 0x1807fc80000
end_va = 0x1807fe00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001807fc80000"
filename = ""
Region:
id = 2179
start_va = 0x1807f920000
end_va = 0x1807f920fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807f920000"
filename = ""
Region:
id = 2180
start_va = 0x1807f930000
end_va = 0x1807f930fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807f930000"
filename = ""
Region:
id = 2181
start_va = 0x1807fe10000
end_va = 0x1807feecfff
monitored = 0
entry_point = 0x1807fe6e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2182
start_va = 0x1807f940000
end_va = 0x1807f940fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001807f940000"
filename = ""
Region:
id = 2183
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2184
start_va = 0x1807f950000
end_va = 0x1807f950fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001807f950000"
filename = ""
Region:
id = 2185
start_va = 0x7ff9b04c0000
end_va = 0x7ff9b04ddfff
monitored = 0
entry_point = 0x7ff9b04c5340
region_type = mapped_file
name = "desktopshellext.dll"
filename = "\\Windows\\System32\\DesktopShellExt.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll")
Region:
id = 2186
start_va = 0x7ff9b04a0000
end_va = 0x7ff9b04b1fff
monitored = 0
entry_point = 0x7ff9b04a5110
region_type = mapped_file
name = "windows.shell.servicehostbuilder.dll"
filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll")
Region:
id = 2187
start_va = 0x1807fe10000
end_va = 0x1807ff0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001807fe10000"
filename = ""
Region:
id = 2188
start_va = 0x1807ff10000
end_va = 0x1807ffecfff
monitored = 0
entry_point = 0x1807ff6e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2189
start_va = 0x2c60600000
end_va = 0x2c6067ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60600000"
filename = ""
Region:
id = 2190
start_va = 0x2c60680000
end_va = 0x2c606fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60680000"
filename = ""
Region:
id = 2191
start_va = 0x2c60700000
end_va = 0x2c6077ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60700000"
filename = ""
Region:
id = 2192
start_va = 0x7ff9b6980000
end_va = 0x7ff9b6e12fff
monitored = 0
entry_point = 0x7ff9b698f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2193
start_va = 0x7ff9b03c0000
end_va = 0x7ff9b0499fff
monitored = 0
entry_point = 0x7ff9b04103b0
region_type = mapped_file
name = "modernexecserver.dll"
filename = "\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll")
Region:
id = 2194
start_va = 0x7ff9bbf30000
end_va = 0x7ff9bbff0fff
monitored = 0
entry_point = 0x7ff9bbf50da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2195
start_va = 0x7ff9b8910000
end_va = 0x7ff9b895afff
monitored = 0
entry_point = 0x7ff9b89135f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2196
start_va = 0x7ff9b7660000
end_va = 0x7ff9b7689fff
monitored = 0
entry_point = 0x7ff9b7668b90
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 2197
start_va = 0x7ff9b0370000
end_va = 0x7ff9b03bafff
monitored = 0
entry_point = 0x7ff9b0387b70
region_type = mapped_file
name = "veeventdispatcher.dll"
filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")
Region:
id = 2198
start_va = 0x7ff9b7400000
end_va = 0x7ff9b74fffff
monitored = 0
entry_point = 0x7ff9b7440f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2199
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2200
start_va = 0x7ff9b30d0000
end_va = 0x7ff9b3161fff
monitored = 0
entry_point = 0x7ff9b311a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2201
start_va = 0x18001400000
end_va = 0x18001542fff
monitored = 0
entry_point = 0x18001428210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2202
start_va = 0x18001400000
end_va = 0x180014dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2203
start_va = 0x2c60780000
end_va = 0x2c607fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60780000"
filename = ""
Region:
id = 2204
start_va = 0x7ff9b7260000
end_va = 0x7ff9b72f5fff
monitored = 0
entry_point = 0x7ff9b7285570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2205
start_va = 0x180014e0000
end_va = 0x1800157ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000180014e0000"
filename = ""
Region:
id = 2207
start_va = 0x7ff9b0330000
end_va = 0x7ff9b0360fff
monitored = 0
entry_point = 0x7ff9b0333400
region_type = mapped_file
name = "clipboardserver.dll"
filename = "\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll")
Region:
id = 2208
start_va = 0x7ff9b02d0000
end_va = 0x7ff9b032cfff
monitored = 0
entry_point = 0x7ff9b02e0080
region_type = mapped_file
name = "activationmanager.dll"
filename = "\\Windows\\System32\\ActivationManager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll")
Region:
id = 2209
start_va = 0x7ff9b02a0000
end_va = 0x7ff9b02c2fff
monitored = 0
entry_point = 0x7ff9b02a3020
region_type = mapped_file
name = "appointmentactivation.dll"
filename = "\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll")
Region:
id = 2210
start_va = 0x2c60800000
end_va = 0x2c6087ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60800000"
filename = ""
Region:
id = 2211
start_va = 0x7ff9ba2c0000
end_va = 0x7ff9ba402fff
monitored = 0
entry_point = 0x7ff9ba2e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2215
start_va = 0x7ff9b1f60000
end_va = 0x7ff9b1fa0fff
monitored = 0
entry_point = 0x7ff9b1f64840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 2216
start_va = 0x2c60880000
end_va = 0x2c608fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60880000"
filename = ""
Region:
id = 2217
start_va = 0x7ff9b2670000
end_va = 0x7ff9b267ffff
monitored = 0
entry_point = 0x7ff9b2672c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 2218
start_va = 0x18001580000
end_va = 0x1800167ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000018001580000"
filename = ""
Region:
id = 2219
start_va = 0x18001680000
end_va = 0x18001e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000018001680000"
filename = ""
Region:
id = 2221
start_va = 0x2c60900000
end_va = 0x2c6097ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60900000"
filename = ""
Region:
id = 2222
start_va = 0x2c60980000
end_va = 0x2c609fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60980000"
filename = ""
Region:
id = 2223
start_va = 0x2c60a00000
end_va = 0x2c60a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60a00000"
filename = ""
Region:
id = 2224
start_va = 0x7ff9b0250000
end_va = 0x7ff9b0293fff
monitored = 0
entry_point = 0x7ff9b025c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2225
start_va = 0x7ff9b0240000
end_va = 0x7ff9b024dfff
monitored = 0
entry_point = 0x7ff9b0242690
region_type = mapped_file
name = "notificationplatformcomponent.dll"
filename = "\\Windows\\System32\\notificationplatformcomponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll")
Region:
id = 2226
start_va = 0x7ff9b01a0000
end_va = 0x7ff9b0236fff
monitored = 0
entry_point = 0x7ff9b01b4fd0
region_type = mapped_file
name = "appcontracts.dll"
filename = "\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll")
Region:
id = 2227
start_va = 0x7ff9b00f0000
end_va = 0x7ff9b0191fff
monitored = 0
entry_point = 0x7ff9b00f2b20
region_type = mapped_file
name = "sharehost.dll"
filename = "\\Windows\\System32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll")
Region:
id = 2228
start_va = 0x7ff9bbed0000
end_va = 0x7ff9bbf21fff
monitored = 0
entry_point = 0x7ff9bbedf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2229
start_va = 0x7ff9b8b20000
end_va = 0x7ff9b9163fff
monitored = 0
entry_point = 0x7ff9b8ce64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2230
start_va = 0x7ff9b9360000
end_va = 0x7ff9b93a2fff
monitored = 0
entry_point = 0x7ff9b9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2231
start_va = 0x7ff9b88e0000
end_va = 0x7ff9b88f3fff
monitored = 0
entry_point = 0x7ff9b88e52e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2232
start_va = 0x7ff9b00e0000
end_va = 0x7ff9b00e8fff
monitored = 0
entry_point = 0x7ff9b00e1480
region_type = mapped_file
name = "wpportinglibrary.dll"
filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")
Region:
id = 2233
start_va = 0x7ff9afe70000
end_va = 0x7ff9b00ccfff
monitored = 0
entry_point = 0x7ff9afef8610
region_type = mapped_file
name = "twinui.appcore.dll"
filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")
Region:
id = 2247
start_va = 0x7ff9afde0000
end_va = 0x7ff9afdf4fff
monitored = 0
entry_point = 0x7ff9afde1ab0
region_type = mapped_file
name = "execmodelproxy.dll"
filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")
Region:
id = 2248
start_va = 0x2c60a80000
end_va = 0x2c60afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60a80000"
filename = ""
Region:
id = 2255
start_va = 0x2c60b00000
end_va = 0x2c60b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60b00000"
filename = ""
Region:
id = 2258
start_va = 0x2c60b80000
end_va = 0x2c60bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60b80000"
filename = ""
Region:
id = 2259
start_va = 0x2c60c00000
end_va = 0x2c60c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60c00000"
filename = ""
Region:
id = 2632
start_va = 0x180014e0000
end_va = 0x180014e0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep"
filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.shellexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep")
Region:
id = 2633
start_va = 0x18001570000
end_va = 0x1800157ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000018001570000"
filename = ""
Region:
id = 2634
start_va = 0x180014e0000
end_va = 0x1800150dfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000180014e0000"
filename = ""
Region:
id = 2737
start_va = 0x7ff9af570000
end_va = 0x7ff9af812fff
monitored = 0
entry_point = 0x7ff9af596190
region_type = mapped_file
name = "windows.staterepository.dll"
filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")
Region:
id = 2738
start_va = 0x7ff9ae3b0000
end_va = 0x7ff9ae443fff
monitored = 0
entry_point = 0x7ff9ae3e9210
region_type = mapped_file
name = "staterepository.core.dll"
filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")
Region:
id = 2794
start_va = 0x7ff9b82c0000
end_va = 0x7ff9b82d6fff
monitored = 0
entry_point = 0x7ff9b82c79d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2795
start_va = 0x7ff9b7f50000
end_va = 0x7ff9b7f83fff
monitored = 0
entry_point = 0x7ff9b7f6ae70
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2796
start_va = 0x18001e80000
end_va = 0x180021b6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2797
start_va = 0x7ff9b83e0000
end_va = 0x7ff9b83eafff
monitored = 0
entry_point = 0x7ff9b83e19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2805
start_va = 0x2c60c80000
end_va = 0x2c60cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000002c60c80000"
filename = ""
Region:
id = 2806
start_va = 0x18001510000
end_va = 0x18001510fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep"
filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.shellexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep")
Region:
id = 2809
start_va = 0x18001510000
end_va = 0x18001510fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep"
filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.shellexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep")
Region:
id = 2810
start_va = 0x7ff9b71b0000
end_va = 0x7ff9b71c0fff
monitored = 0
entry_point = 0x7ff9b71b5e90
region_type = mapped_file
name = "licensemanagerapi.dll"
filename = "\\Windows\\System32\\LicenseManagerApi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll")
Region:
id = 2823
start_va = 0x7ff9b6160000
end_va = 0x7ff9b6181fff
monitored = 0
entry_point = 0x7ff9b6161a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2824
start_va = 0x18001510000
end_va = 0x18001510fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep"
filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.shellexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep")
Thread:
id = 162
os_tid = 0x5ec
Thread:
id = 163
os_tid = 0x5f4
Thread:
id = 164
os_tid = 0x600
Thread:
id = 165
os_tid = 0x604
Thread:
id = 166
os_tid = 0x608
Thread:
id = 168
os_tid = 0x60c
Thread:
id = 169
os_tid = 0x610
Thread:
id = 170
os_tid = 0x618
Thread:
id = 171
os_tid = 0x620
Thread:
id = 172
os_tid = 0x624
Thread:
id = 173
os_tid = 0x628
Thread:
id = 175
os_tid = 0x640
Thread:
id = 177
os_tid = 0x654
Thread:
id = 179
os_tid = 0x668
Thread:
id = 180
os_tid = 0x66c
Thread:
id = 264
os_tid = 0x7b0
Process:
id = "12"
image_name = "explorer.exe"
filename = "c:\\windows\\explorer.exe"
page_root = "0x3963b000"
os_pid = "0x658"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "11"
os_parent_pid = "0x644"
cmd_line = "C:\\Windows\\Explorer.EXE"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00011ac1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2262
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2263
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2264
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2265
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2266
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2267
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2268
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2269
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2270
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2271
start_va = 0x1d0000
end_va = 0x1d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "explorer.exe.mui"
filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui")
Region:
id = 2272
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2273
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2274
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2275
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2276
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 2277
start_va = 0x490000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 2278
start_va = 0x4a0000
end_va = 0x4a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 2279
start_va = 0x4b0000
end_va = 0x4b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004b0000"
filename = ""
Region:
id = 2280
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 2281
start_va = 0x4d0000
end_va = 0x4d3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 2282
start_va = 0x4e0000
end_va = 0x4f5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000019.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000019.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000019.db")
Region:
id = 2283
start_va = 0x500000
end_va = 0x500fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 2284
start_va = 0x510000
end_va = 0x511fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 2285
start_va = 0x520000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 2286
start_va = 0x620000
end_va = 0x7a7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 2287
start_va = 0x7b0000
end_va = 0x7b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007b0000"
filename = ""
Region:
id = 2288
start_va = 0x7c0000
end_va = 0x7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 2289
start_va = 0x7d0000
end_va = 0x950fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007d0000"
filename = ""
Region:
id = 2290
start_va = 0x960000
end_va = 0x1d5ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000960000"
filename = ""
Region:
id = 2291
start_va = 0x1d60000
end_va = 0x2096fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2292
start_va = 0x20a0000
end_va = 0x20b8fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000018.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000018.db")
Region:
id = 2293
start_va = 0x20c0000
end_va = 0x20edfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000020c0000"
filename = ""
Region:
id = 2294
start_va = 0x20f0000
end_va = 0x20f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000020f0000"
filename = ""
Region:
id = 2295
start_va = 0x2100000
end_va = 0x2101fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002100000"
filename = ""
Region:
id = 2296
start_va = 0x2110000
end_va = 0x2111fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 2297
start_va = 0x2120000
end_va = 0x219ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 2298
start_va = 0x21a0000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 2299
start_va = 0x2220000
end_va = 0x229ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002220000"
filename = ""
Region:
id = 2300
start_va = 0x22a0000
end_va = 0x231ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 2301
start_va = 0x2320000
end_va = 0x2380fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shell32.dll.mui"
filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui")
Region:
id = 2302
start_va = 0x2390000
end_va = 0x246ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2303
start_va = 0x2470000
end_va = 0x24effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002470000"
filename = ""
Region:
id = 2304
start_va = 0x24f0000
end_va = 0x256ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024f0000"
filename = ""
Region:
id = 2305
start_va = 0x2570000
end_va = 0x25effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002570000"
filename = ""
Region:
id = 2306
start_va = 0x25f0000
end_va = 0x25f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll.mui"
filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui")
Region:
id = 2307
start_va = 0x2600000
end_va = 0x26bbfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002600000"
filename = ""
Region:
id = 2308
start_va = 0x26c0000
end_va = 0x26c3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000026c0000"
filename = ""
Region:
id = 2309
start_va = 0x26d0000
end_va = 0x27cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 2310
start_va = 0x27d0000
end_va = 0x27d6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 2311
start_va = 0x27e0000
end_va = 0x27e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000027e0000"
filename = ""
Region:
id = 2312
start_va = 0x27f0000
end_va = 0x382ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 2313
start_va = 0x3830000
end_va = 0x3830fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003830000"
filename = ""
Region:
id = 2314
start_va = 0x3840000
end_va = 0x3840fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003840000"
filename = ""
Region:
id = 2315
start_va = 0x3850000
end_va = 0x3850fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003850000"
filename = ""
Region:
id = 2316
start_va = 0x3860000
end_va = 0x3861fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003860000"
filename = ""
Region:
id = 2317
start_va = 0x3870000
end_va = 0x38effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003870000"
filename = ""
Region:
id = 2318
start_va = 0x38f0000
end_va = 0x38f1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000038f0000"
filename = ""
Region:
id = 2319
start_va = 0x3900000
end_va = 0x3900fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 2320
start_va = 0x3910000
end_va = 0x3910fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003910000"
filename = ""
Region:
id = 2321
start_va = 0x3920000
end_va = 0x3920fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003920000"
filename = ""
Region:
id = 2322
start_va = 0x3930000
end_va = 0x3a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003930000"
filename = ""
Region:
id = 2323
start_va = 0x3a30000
end_va = 0x3a30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a30000"
filename = ""
Region:
id = 2324
start_va = 0x3a40000
end_va = 0x3a4ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003a40000"
filename = ""
Region:
id = 2325
start_va = 0x3a50000
end_va = 0x3a5ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003a50000"
filename = ""
Region:
id = 2326
start_va = 0x3a60000
end_va = 0x3a6ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003a60000"
filename = ""
Region:
id = 2327
start_va = 0x3a70000
end_va = 0x3a70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a70000"
filename = ""
Region:
id = 2328
start_va = 0x3a80000
end_va = 0x3a80fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a80000"
filename = ""
Region:
id = 2329
start_va = 0x3a90000
end_va = 0x3a90fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a90000"
filename = ""
Region:
id = 2330
start_va = 0x3aa0000
end_va = 0x3aa3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 2331
start_va = 0x3ab0000
end_va = 0x3ab0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ab0000"
filename = ""
Region:
id = 2332
start_va = 0x3ac0000
end_va = 0x3ac0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ac0000"
filename = ""
Region:
id = 2333
start_va = 0x3ad0000
end_va = 0x3ad0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ad0000"
filename = ""
Region:
id = 2334
start_va = 0x3ae0000
end_va = 0x3ae1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ae0000"
filename = ""
Region:
id = 2335
start_va = 0x3af0000
end_va = 0x3b28fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003af0000"
filename = ""
Region:
id = 2336
start_va = 0x3b30000
end_va = 0x3b30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b30000"
filename = ""
Region:
id = 2337
start_va = 0x3b40000
end_va = 0x3b40fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b40000"
filename = ""
Region:
id = 2338
start_va = 0x3b60000
end_va = 0x3b83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b60000"
filename = ""
Region:
id = 2339
start_va = 0x3b90000
end_va = 0x3bb3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b90000"
filename = ""
Region:
id = 2340
start_va = 0x3bc0000
end_va = 0x3bc1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003bc0000"
filename = ""
Region:
id = 2341
start_va = 0x3bd0000
end_va = 0x3bd3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2342
start_va = 0x3be0000
end_va = 0x3c24fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db")
Region:
id = 2343
start_va = 0x3c30000
end_va = 0x3c33fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2344
start_va = 0x3c40000
end_va = 0x3ccdfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 2345
start_va = 0x3cd0000
end_va = 0x3ce0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 2346
start_va = 0x3cf0000
end_va = 0x3d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003cf0000"
filename = ""
Region:
id = 2347
start_va = 0x3d70000
end_va = 0x3deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d70000"
filename = ""
Region:
id = 2348
start_va = 0x3df0000
end_va = 0x3df0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003df0000"
filename = ""
Region:
id = 2349
start_va = 0x3e70000
end_va = 0x3eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e70000"
filename = ""
Region:
id = 2350
start_va = 0x3ef0000
end_va = 0x3f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ef0000"
filename = ""
Region:
id = 2351
start_va = 0x3f70000
end_va = 0x3feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f70000"
filename = ""
Region:
id = 2352
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2353
start_va = 0x7df5ff860000
end_va = 0x7ff5ff85ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff860000"
filename = ""
Region:
id = 2354
start_va = 0x7ff780be0000
end_va = 0x7ff780cdffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff780be0000"
filename = ""
Region:
id = 2355
start_va = 0x7ff780ce0000
end_va = 0x7ff780d02fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff780ce0000"
filename = ""
Region:
id = 2356
start_va = 0x7ff781110000
end_va = 0x7ff781557fff
monitored = 0
entry_point = 0x7ff7811ae090
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")
Region:
id = 2357
start_va = 0x7ff9ae450000
end_va = 0x7ff9ae45bfff
monitored = 0
entry_point = 0x7ff9ae4518b0
region_type = mapped_file
name = "wldp.dll"
filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll")
Region:
id = 2358
start_va = 0x7ff9ae460000
end_va = 0x7ff9ae4acfff
monitored = 0
entry_point = 0x7ff9ae46d180
region_type = mapped_file
name = "windows.immersiveshell.serviceprovider.dll"
filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll")
Region:
id = 2359
start_va = 0x7ff9ae4b0000
end_va = 0x7ff9aefbafff
monitored = 0
entry_point = 0x7ff9ae5fa540
region_type = mapped_file
name = "twinui.dll"
filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll")
Region:
id = 2360
start_va = 0x7ff9aefc0000
end_va = 0x7ff9af00ffff
monitored = 0
entry_point = 0x7ff9aefc2580
region_type = mapped_file
name = "edputil.dll"
filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")
Region:
id = 2361
start_va = 0x7ff9af010000
end_va = 0x7ff9af4affff
monitored = 0
entry_point = 0x7ff9af0a8740
region_type = mapped_file
name = "explorerframe.dll"
filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")
Region:
id = 2362
start_va = 0x7ff9af4b0000
end_va = 0x7ff9af4f9fff
monitored = 0
entry_point = 0x7ff9af4b5800
region_type = mapped_file
name = "dataexchange.dll"
filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")
Region:
id = 2363
start_va = 0x7ff9af500000
end_va = 0x7ff9af569fff
monitored = 0
entry_point = 0x7ff9af515e90
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 2364
start_va = 0x7ff9af820000
end_va = 0x7ff9af884fff
monitored = 0
entry_point = 0x7ff9af824c50
region_type = mapped_file
name = "sndvolsso.dll"
filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll")
Region:
id = 2365
start_va = 0x7ff9af890000
end_va = 0x7ff9afb03fff
monitored = 0
entry_point = 0x7ff9af900400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 2366
start_va = 0x7ff9afb10000
end_va = 0x7ff9afbddfff
monitored = 0
entry_point = 0x7ff9afb414c0
region_type = mapped_file
name = "tokenbroker.dll"
filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")
Region:
id = 2367
start_va = 0x7ff9afbe0000
end_va = 0x7ff9afcd8fff
monitored = 0
entry_point = 0x7ff9afc28000
region_type = mapped_file
name = "settingsynccore.dll"
filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll")
Region:
id = 2368
start_va = 0x7ff9afce0000
end_va = 0x7ff9afcf4fff
monitored = 0
entry_point = 0x7ff9afce2c90
region_type = mapped_file
name = "settingsyncpolicy.dll"
filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll")
Region:
id = 2369
start_va = 0x7ff9afd00000
end_va = 0x7ff9afdb0fff
monitored = 0
entry_point = 0x7ff9afd108f0
region_type = mapped_file
name = "twinapi.dll"
filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")
Region:
id = 2370
start_va = 0x7ff9b12f0000
end_va = 0x7ff9b1317fff
monitored = 0
entry_point = 0x7ff9b12f8c10
region_type = mapped_file
name = "idstore.dll"
filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")
Region:
id = 2371
start_va = 0x7ff9b1dc0000
end_va = 0x7ff9b1e14fff
monitored = 0
entry_point = 0x7ff9b1dc3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 2372
start_va = 0x7ff9b2150000
end_va = 0x7ff9b21bffff
monitored = 0
entry_point = 0x7ff9b2172960
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 2373
start_va = 0x7ff9b30d0000
end_va = 0x7ff9b3161fff
monitored = 0
entry_point = 0x7ff9b311a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2374
start_va = 0x7ff9b3ed0000
end_va = 0x7ff9b408cfff
monitored = 0
entry_point = 0x7ff9b3efaf90
region_type = mapped_file
name = "windows.ui.immersive.dll"
filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll")
Region:
id = 2375
start_va = 0x7ff9b4420000
end_va = 0x7ff9b4555fff
monitored = 0
entry_point = 0x7ff9b444f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2376
start_va = 0x7ff9b5650000
end_va = 0x7ff9b575dfff
monitored = 0
entry_point = 0x7ff9b569eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 2377
start_va = 0x7ff9b5c40000
end_va = 0x7ff9b5df0fff
monitored = 0
entry_point = 0x7ff9b5cd61a0
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")
Region:
id = 2378
start_va = 0x7ff9b5e00000
end_va = 0x7ff9b5ea1fff
monitored = 0
entry_point = 0x7ff9b5e20a40
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")
Region:
id = 2379
start_va = 0x7ff9b5eb0000
end_va = 0x7ff9b6157fff
monitored = 0
entry_point = 0x7ff9b5f43250
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")
Region:
id = 2380
start_va = 0x7ff9b6160000
end_va = 0x7ff9b6181fff
monitored = 0
entry_point = 0x7ff9b6161a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2381
start_va = 0x7ff9b6280000
end_va = 0x7ff9b6362fff
monitored = 0
entry_point = 0x7ff9b62b7da0
region_type = mapped_file
name = "dcomp.dll"
filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")
Region:
id = 2382
start_va = 0x7ff9b6750000
end_va = 0x7ff9b67c8fff
monitored = 0
entry_point = 0x7ff9b676fb90
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 2383
start_va = 0x7ff9b6980000
end_va = 0x7ff9b6e12fff
monitored = 0
entry_point = 0x7ff9b698f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2384
start_va = 0x7ff9b6e20000
end_va = 0x7ff9b6e86fff
monitored = 0
entry_point = 0x7ff9b6e3e710
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")
Region:
id = 2385
start_va = 0x7ff9b6ee0000
end_va = 0x7ff9b7065fff
monitored = 0
entry_point = 0x7ff9b6f2d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2386
start_va = 0x7ff9b7070000
end_va = 0x7ff9b708bfff
monitored = 0
entry_point = 0x7ff9b70737a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2387
start_va = 0x7ff9b70d0000
end_va = 0x7ff9b70e2fff
monitored = 0
entry_point = 0x7ff9b70d2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2388
start_va = 0x7ff9b70f0000
end_va = 0x7ff9b7114fff
monitored = 0
entry_point = 0x7ff9b70f2300
region_type = mapped_file
name = "sppc.dll"
filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")
Region:
id = 2389
start_va = 0x7ff9b7150000
end_va = 0x7ff9b7174fff
monitored = 0
entry_point = 0x7ff9b7165220
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 2390
start_va = 0x7ff9b7260000
end_va = 0x7ff9b72f5fff
monitored = 0
entry_point = 0x7ff9b7285570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2391
start_va = 0x7ff9b7320000
end_va = 0x7ff9b7346fff
monitored = 0
entry_point = 0x7ff9b7327940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2392
start_va = 0x7ff9b7400000
end_va = 0x7ff9b74fffff
monitored = 0
entry_point = 0x7ff9b7440f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2393
start_va = 0x7ff9b7bd0000
end_va = 0x7ff9b7c25fff
monitored = 0
entry_point = 0x7ff9b7be0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2394
start_va = 0x7ff9b80a0000
end_va = 0x7ff9b80befff
monitored = 0
entry_point = 0x7ff9b80a5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2395
start_va = 0x7ff9b82c0000
end_va = 0x7ff9b82d6fff
monitored = 0
entry_point = 0x7ff9b82c79d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2396
start_va = 0x7ff9b85c0000
end_va = 0x7ff9b85ecfff
monitored = 0
entry_point = 0x7ff9b85d9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2397
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2398
start_va = 0x7ff9b88e0000
end_va = 0x7ff9b88f3fff
monitored = 0
entry_point = 0x7ff9b88e52e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2399
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2400
start_va = 0x7ff9b8910000
end_va = 0x7ff9b895afff
monitored = 0
entry_point = 0x7ff9b89135f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2401
start_va = 0x7ff9b8960000
end_va = 0x7ff9b896ffff
monitored = 0
entry_point = 0x7ff9b89656e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2402
start_va = 0x7ff9b8970000
end_va = 0x7ff9b8a24fff
monitored = 0
entry_point = 0x7ff9b89b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2403
start_va = 0x7ff9b8ac0000
end_va = 0x7ff9b8b14fff
monitored = 0
entry_point = 0x7ff9b8ad7970
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2404
start_va = 0x7ff9b8b20000
end_va = 0x7ff9b9163fff
monitored = 0
entry_point = 0x7ff9b8ce64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2405
start_va = 0x7ff9b9170000
end_va = 0x7ff9b9336fff
monitored = 0
entry_point = 0x7ff9b91cdb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2406
start_va = 0x7ff9b9360000
end_va = 0x7ff9b93a2fff
monitored = 0
entry_point = 0x7ff9b9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2407
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2408
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2409
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2410
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2411
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2412
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2413
start_va = 0x7ff9ba280000
end_va = 0x7ff9ba2bafff
monitored = 0
entry_point = 0x7ff9ba2812f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2414
start_va = 0x7ff9ba2c0000
end_va = 0x7ff9ba402fff
monitored = 0
entry_point = 0x7ff9ba2e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2415
start_va = 0x7ff9ba410000
end_va = 0x7ff9ba47efff
monitored = 0
entry_point = 0x7ff9ba435f70
region_type = mapped_file
name = "coml2.dll"
filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")
Region:
id = 2416
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2417
start_va = 0x7ff9ba640000
end_va = 0x7ff9ba799fff
monitored = 0
entry_point = 0x7ff9ba6838e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2418
start_va = 0x7ff9ba7a0000
end_va = 0x7ff9bbcfefff
monitored = 0
entry_point = 0x7ff9ba9011f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2419
start_va = 0x7ff9bbd80000
end_va = 0x7ff9bbe26fff
monitored = 0
entry_point = 0x7ff9bbd958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2420
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2421
start_va = 0x7ff9bbed0000
end_va = 0x7ff9bbf21fff
monitored = 0
entry_point = 0x7ff9bbedf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2422
start_va = 0x7ff9bbf30000
end_va = 0x7ff9bbff0fff
monitored = 0
entry_point = 0x7ff9bbf50da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2423
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2424
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2425
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2469
start_va = 0x3ff0000
end_va = 0x406ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ff0000"
filename = ""
Region:
id = 2475
start_va = 0x7ff9afe70000
end_va = 0x7ff9b00ccfff
monitored = 0
entry_point = 0x7ff9afef8610
region_type = mapped_file
name = "twinui.appcore.dll"
filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")
Region:
id = 2476
start_va = 0x7ff9b61c0000
end_va = 0x7ff9b627dfff
monitored = 0
entry_point = 0x7ff9b6202d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2477
start_va = 0x7ff9b0510000
end_va = 0x7ff9b0797fff
monitored = 0
entry_point = 0x7ff9b056f670
region_type = mapped_file
name = "coreuicomponents.dll"
filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")
Region:
id = 2478
start_va = 0x7ff9ae290000
end_va = 0x7ff9ae3affff
monitored = 0
entry_point = 0x7ff9ae2c8310
region_type = mapped_file
name = "applicationframe.dll"
filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll")
Region:
id = 2479
start_va = 0x7ff9b36a0000
end_va = 0x7ff9b3be4fff
monitored = 0
entry_point = 0x7ff9b383a450
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")
Region:
id = 2480
start_va = 0x4070000
end_va = 0x40effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004070000"
filename = ""
Region:
id = 2481
start_va = 0x40f0000
end_va = 0x48effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040f0000"
filename = ""
Region:
id = 2483
start_va = 0x3e00000
end_va = 0x3e12fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "transcodedwallpaper"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper")
Region:
id = 2484
start_va = 0x48f0000
end_va = 0x4de1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000048f0000"
filename = ""
Region:
id = 2485
start_va = 0x3e00000
end_va = 0x3e13fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cachedimage_1440_900_pos4.jpg"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg")
Region:
id = 2486
start_va = 0x4df0000
end_va = 0x4eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 2487
start_va = 0x7ff9b11e0000
end_va = 0x7ff9b124cfff
monitored = 0
entry_point = 0x7ff9b11ed750
region_type = mapped_file
name = "photometadatahandler.dll"
filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll")
Region:
id = 2488
start_va = 0x4ef0000
end_va = 0x53e1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ef0000"
filename = ""
Region:
id = 2489
start_va = 0x7ff9ae1b0000
end_va = 0x7ff9ae28afff
monitored = 0
entry_point = 0x7ff9ae1c28b0
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")
Region:
id = 2490
start_va = 0x7ff9ae180000
end_va = 0x7ff9ae1a5fff
monitored = 0
entry_point = 0x7ff9ae181cf0
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2497
start_va = 0x53f0000
end_va = 0x546ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000053f0000"
filename = ""
Region:
id = 2498
start_va = 0x7ff9ae0a0000
end_va = 0x7ff9ae179fff
monitored = 0
entry_point = 0x7ff9ae0d3c00
region_type = mapped_file
name = "wpncore.dll"
filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll")
Region:
id = 2499
start_va = 0x7ff9b27d0000
end_va = 0x7ff9b2897fff
monitored = 0
entry_point = 0x7ff9b28113f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2500
start_va = 0x7ff9ae010000
end_va = 0x7ff9ae095fff
monitored = 0
entry_point = 0x7ff9ae031e10
region_type = mapped_file
name = "notificationcontroller.dll"
filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll")
Region:
id = 2501
start_va = 0x7ff9b0370000
end_va = 0x7ff9b03bafff
monitored = 0
entry_point = 0x7ff9b0387b70
region_type = mapped_file
name = "veeventdispatcher.dll"
filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")
Region:
id = 2502
start_va = 0x7ff9b1f60000
end_va = 0x7ff9b1fa0fff
monitored = 0
entry_point = 0x7ff9b1f64840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 2503
start_va = 0x5470000
end_va = 0x54effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005470000"
filename = ""
Region:
id = 2504
start_va = 0x3b50000
end_va = 0x3b98fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b50000"
filename = ""
Region:
id = 2505
start_va = 0x5470000
end_va = 0x77f1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "appdb.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat")
Region:
id = 2506
start_va = 0x7ff9adfe0000
end_va = 0x7ff9ae00afff
monitored = 0
entry_point = 0x7ff9adfe4240
region_type = mapped_file
name = "abovelockapphost.dll"
filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll")
Region:
id = 2507
start_va = 0x7800000
end_va = 0x787ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007800000"
filename = ""
Region:
id = 2508
start_va = 0x7ff9adfb0000
end_va = 0x7ff9adfd5fff
monitored = 0
entry_point = 0x7ff9adfc5cb0
region_type = mapped_file
name = "npsm.dll"
filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll")
Region:
id = 2509
start_va = 0x7880000
end_va = 0x78fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007880000"
filename = ""
Region:
id = 2510
start_va = 0x7900000
end_va = 0x797ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007900000"
filename = ""
Region:
id = 2511
start_va = 0x7ff9afde0000
end_va = 0x7ff9afdf4fff
monitored = 0
entry_point = 0x7ff9afde1ab0
region_type = mapped_file
name = "execmodelproxy.dll"
filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")
Region:
id = 2512
start_va = 0x3ba0000
end_va = 0x3baffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ba0000"
filename = ""
Region:
id = 2513
start_va = 0x3ba0000
end_va = 0x3baffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ba0000"
filename = ""
Region:
id = 2514
start_va = 0x3ba0000
end_va = 0x3baffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ba0000"
filename = ""
Region:
id = 2515
start_va = 0x7980000
end_va = 0x79fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007980000"
filename = ""
Region:
id = 2516
start_va = 0x7a00000
end_va = 0x7a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a00000"
filename = ""
Region:
id = 2517
start_va = 0x7a80000
end_va = 0x7afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a80000"
filename = ""
Region:
id = 2518
start_va = 0x7b00000
end_va = 0x7b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b00000"
filename = ""
Region:
id = 2519
start_va = 0x7b80000
end_va = 0x7bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b80000"
filename = ""
Region:
id = 2520
start_va = 0x7ff9adfa0000
end_va = 0x7ff9adfabfff
monitored = 0
entry_point = 0x7ff9adfa14b0
region_type = mapped_file
name = "notificationcontrollerps.dll"
filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll")
Region:
id = 2521
start_va = 0x7ff9b0a40000
end_va = 0x7ff9b0a51fff
monitored = 0
entry_point = 0x7ff9b0a43580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 2522
start_va = 0x7c00000
end_va = 0x7c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c00000"
filename = ""
Region:
id = 2523
start_va = 0x7c80000
end_va = 0x7cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c80000"
filename = ""
Region:
id = 2524
start_va = 0x7ff9adf00000
end_va = 0x7ff9adf96fff
monitored = 0
entry_point = 0x7ff9adf0ddc0
region_type = mapped_file
name = "wlidprov.dll"
filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll")
Region:
id = 2525
start_va = 0x7d00000
end_va = 0x7d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d00000"
filename = ""
Region:
id = 2526
start_va = 0x7ff9b1b30000
end_va = 0x7ff9b1bddfff
monitored = 0
entry_point = 0x7ff9b1b480c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 2527
start_va = 0x7d80000
end_va = 0x7dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d80000"
filename = ""
Region:
id = 2528
start_va = 0x7ff9adea0000
end_va = 0x7ff9adefbfff
monitored = 0
entry_point = 0x7ff9adeb7190
region_type = mapped_file
name = "ninput.dll"
filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll")
Region:
id = 2529
start_va = 0x7ff9b7660000
end_va = 0x7ff9b7689fff
monitored = 0
entry_point = 0x7ff9b7668b90
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 2530
start_va = 0x7ff9b3bf0000
end_va = 0x7ff9b3e5efff
monitored = 0
entry_point = 0x7ff9b3ca22b0
region_type = mapped_file
name = "d3d10warp.dll"
filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")
Region:
id = 2531
start_va = 0x3ba0000
end_va = 0x3ba0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ba0000"
filename = ""
Region:
id = 2532
start_va = 0x3bb0000
end_va = 0x3bb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bb0000"
filename = ""
Region:
id = 2533
start_va = 0x3e00000
end_va = 0x3e00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e00000"
filename = ""
Region:
id = 2534
start_va = 0x7e00000
end_va = 0x7e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e00000"
filename = ""
Region:
id = 2535
start_va = 0x7ff9b5bf0000
end_va = 0x7ff9b5c3afff
monitored = 0
entry_point = 0x7ff9b5c072b0
region_type = mapped_file
name = "uianimation.dll"
filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll")
Region:
id = 2536
start_va = 0x7e80000
end_va = 0x7efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e80000"
filename = ""
Region:
id = 2537
start_va = 0x3e10000
end_va = 0x3e10fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e10000"
filename = ""
Region:
id = 2538
start_va = 0x3e20000
end_va = 0x3e43fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e20000"
filename = ""
Region:
id = 2539
start_va = 0x7f00000
end_va = 0x7f23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f00000"
filename = ""
Region:
id = 2540
start_va = 0x7f30000
end_va = 0x7faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f30000"
filename = ""
Region:
id = 2541
start_va = 0x3b30000
end_va = 0x3b33fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2542
start_va = 0x3e50000
end_va = 0x3e51fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003e50000"
filename = ""
Region:
id = 2543
start_va = 0x7fb0000
end_va = 0x7fd3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007fb0000"
filename = ""
Region:
id = 2544
start_va = 0x3e60000
end_va = 0x3e68fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e60000"
filename = ""
Region:
id = 2545
start_va = 0x7fe0000
end_va = 0x8003fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007fe0000"
filename = ""
Region:
id = 2546
start_va = 0x8010000
end_va = 0x8010fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008010000"
filename = ""
Region:
id = 2547
start_va = 0x8020000
end_va = 0x8028fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008020000"
filename = ""
Region:
id = 2548
start_va = 0x8030000
end_va = 0x812ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008030000"
filename = ""
Region:
id = 2549
start_va = 0x7ff9ade50000
end_va = 0x7ff9ade9cfff
monitored = 0
entry_point = 0x7ff9ade67de0
region_type = mapped_file
name = "thumbcache.dll"
filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")
Region:
id = 2550
start_va = 0x8130000
end_va = 0x8131fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008130000"
filename = ""
Region:
id = 2551
start_va = 0x8140000
end_va = 0x8141fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 2552
start_va = 0x8150000
end_va = 0x8150fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 2553
start_va = 0x8140000
end_va = 0xad5ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll")
Region:
id = 2554
start_va = 0xad60000
end_va = 0xad60fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll.mui"
filename = "\\Windows\\System32\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\imageres.dll.mui")
Region:
id = 2555
start_va = 0x8140000
end_va = 0x8141fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 2556
start_va = 0x8150000
end_va = 0x8150fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 2557
start_va = 0x7fe0000
end_va = 0x7fe1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 2558
start_va = 0x8140000
end_va = 0x8187fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008140000"
filename = ""
Region:
id = 2559
start_va = 0x7ff0000
end_va = 0x7ff0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 2560
start_va = 0x7fe0000
end_va = 0x7fe0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll.mui"
filename = "\\Windows\\System32\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\imageres.dll.mui")
Region:
id = 2561
start_va = 0x8190000
end_va = 0xadaffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll")
Region:
id = 2562
start_va = 0x7fe0000
end_va = 0x7fe1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 2563
start_va = 0x3e20000
end_va = 0x3e20fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 2564
start_va = 0x3e20000
end_va = 0x3e21fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 2565
start_va = 0x3e30000
end_va = 0x3e30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 2566
start_va = 0x3e20000
end_va = 0x3e20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll.mui"
filename = "\\Windows\\System32\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\imageres.dll.mui")
Region:
id = 2567
start_va = 0x8190000
end_va = 0xadaffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll")
Region:
id = 2568
start_va = 0x3e20000
end_va = 0x3e21fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 2569
start_va = 0x3e30000
end_va = 0x3e30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 2570
start_va = 0x3e20000
end_va = 0x3e23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e20000"
filename = ""
Region:
id = 2571
start_va = 0x8190000
end_va = 0x81d7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008190000"
filename = ""
Region:
id = 2572
start_va = 0x81e0000
end_va = 0x83dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000081e0000"
filename = ""
Region:
id = 2573
start_va = 0x83e0000
end_va = 0x845ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000083e0000"
filename = ""
Region:
id = 2574
start_va = 0x3e30000
end_va = 0x3e3ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003e30000"
filename = ""
Region:
id = 2575
start_va = 0x8460000
end_va = 0x84dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008460000"
filename = ""
Region:
id = 2576
start_va = 0x3e30000
end_va = 0x3e43fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cachedimage_1440_900_pos4.jpg"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg")
Region:
id = 2577
start_va = 0x4ef0000
end_va = 0x53e1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ef0000"
filename = ""
Region:
id = 2578
start_va = 0x84e0000
end_va = 0x855ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000084e0000"
filename = ""
Region:
id = 2579
start_va = 0x8560000
end_va = 0x85dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008560000"
filename = ""
Region:
id = 2580
start_va = 0x85e0000
end_va = 0x865ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085e0000"
filename = ""
Region:
id = 2581
start_va = 0x8660000
end_va = 0x86dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008660000"
filename = ""
Region:
id = 2582
start_va = 0x86e0000
end_va = 0x875ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000086e0000"
filename = ""
Region:
id = 2583
start_va = 0x8760000
end_va = 0x87dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008760000"
filename = ""
Region:
id = 2584
start_va = 0x87e0000
end_va = 0x885ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000087e0000"
filename = ""
Region:
id = 2585
start_va = 0x8860000
end_va = 0x88dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008860000"
filename = ""
Region:
id = 2586
start_va = 0x88e0000
end_va = 0x895ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000088e0000"
filename = ""
Region:
id = 2587
start_va = 0x3e30000
end_va = 0x3e31fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 2588
start_va = 0x3e40000
end_va = 0x3e40fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 2589
start_va = 0x7f00000
end_va = 0x7f00fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll.mui"
filename = "\\Windows\\System32\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\imageres.dll.mui")
Region:
id = 2590
start_va = 0x8960000
end_va = 0xb57ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll")
Region:
id = 2591
start_va = 0x7ff9b4090000
end_va = 0x7ff9b4411fff
monitored = 0
entry_point = 0x7ff9b40e1220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 2598
start_va = 0x8960000
end_va = 0x8a23fff
monitored = 1
entry_point = 0x8a1cd7e
region_type = mapped_file
name = "221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe")
Region:
id = 2599
start_va = 0x7ff9addb0000
end_va = 0x7ff9addb8fff
monitored = 0
entry_point = 0x7ff9addb1b60
region_type = mapped_file
name = "iconcodecservice.dll"
filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll")
Region:
id = 2600
start_va = 0x8960000
end_va = 0x9252fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmploc.dll"
filename = "\\Windows\\System32\\wmploc.DLL" (normalized: "c:\\windows\\system32\\wmploc.dll")
Region:
id = 2601
start_va = 0x9260000
end_va = 0x92b7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmploc.dll.mui"
filename = "\\Windows\\System32\\en-US\\wmploc.DLL.mui" (normalized: "c:\\windows\\system32\\en-us\\wmploc.dll.mui")
Region:
id = 2602
start_va = 0x8960000
end_va = 0x9252fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmploc.dll"
filename = "\\Windows\\System32\\wmploc.DLL" (normalized: "c:\\windows\\system32\\wmploc.dll")
Region:
id = 2603
start_va = 0x9260000
end_va = 0x92b7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmploc.dll.mui"
filename = "\\Windows\\System32\\en-US\\wmploc.DLL.mui" (normalized: "c:\\windows\\system32\\en-us\\wmploc.dll.mui")
Region:
id = 2604
start_va = 0x8960000
end_va = 0x9252fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmploc.dll"
filename = "\\Windows\\System32\\wmploc.DLL" (normalized: "c:\\windows\\system32\\wmploc.dll")
Region:
id = 2605
start_va = 0x9260000
end_va = 0x92b7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wmploc.dll.mui"
filename = "\\Windows\\System32\\en-US\\wmploc.DLL.mui" (normalized: "c:\\windows\\system32\\en-us\\wmploc.dll.mui")
Region:
id = 2606
start_va = 0x7ff9b55a0000
end_va = 0x7ff9b5648fff
monitored = 0
entry_point = 0x7ff9b55c9010
region_type = mapped_file
name = "windows.ui.dll"
filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")
Region:
id = 2607
start_va = 0x7ff9adc00000
end_va = 0x7ff9adda8fff
monitored = 0
entry_point = 0x7ff9adc54060
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll")
Region:
id = 2608
start_va = 0x7f00000
end_va = 0x7f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f00000"
filename = ""
Region:
id = 2609
start_va = 0x8960000
end_va = 0x89dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008960000"
filename = ""
Region:
id = 2610
start_va = 0x7f00000
end_va = 0x7f01fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")
Region:
id = 2611
start_va = 0x8960000
end_va = 0x8a5ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")
Region:
id = 2612
start_va = 0x8a60000
end_va = 0x8adffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008a60000"
filename = ""
Region:
id = 2613
start_va = 0x7ff9ad9e0000
end_va = 0x7ff9adbf3fff
monitored = 0
entry_point = 0x7ff9ad9e1000
region_type = mapped_file
name = "grooveex.dll"
filename = "\\PROGRA~1\\MICROS~1\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\micros~1\\office16\\grooveex.dll")
Region:
id = 2614
start_va = 0x7f10000
end_va = 0x7f11fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007f10000"
filename = ""
Region:
id = 2615
start_va = 0x7ff9ad9c0000
end_va = 0x7ff9ad9d8fff
monitored = 0
entry_point = 0x7ff9ad9cee50
region_type = mapped_file
name = "vcruntime140.dll"
filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll")
Region:
id = 2616
start_va = 0x7ff9b7a80000
end_va = 0x7ff9b7b73fff
monitored = 0
entry_point = 0x7ff9b7a8a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2617
start_va = 0x7ff9ad920000
end_va = 0x7ff9ad9b0fff
monitored = 0
entry_point = 0x7ff9ad972430
region_type = mapped_file
name = "msvcp140.dll"
filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll")
Region:
id = 2618
start_va = 0x7ff9ad910000
end_va = 0x7ff9ad91bfff
monitored = 0
entry_point = 0x7ff9ad914150
region_type = mapped_file
name = "vcruntime140_1.dll"
filename = "\\Windows\\System32\\vcruntime140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll")
Region:
id = 2619
start_va = 0x7f20000
end_va = 0x7f20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f20000"
filename = ""
Region:
id = 2620
start_va = 0x7ff9ad5d0000
end_va = 0x7ff9ad909fff
monitored = 0
entry_point = 0x7ff9ad5d8520
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")
Region:
id = 2621
start_va = 0x7fe0000
end_va = 0x7fe1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007fe0000"
filename = ""
Region:
id = 2622
start_va = 0x8ae0000
end_va = 0x8c98fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 2623
start_va = 0x8ca0000
end_va = 0x951dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "grooveintlresource.dll"
filename = "\\PROGRA~1\\MICROS~1\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\micros~1\\office16\\1033\\grooveintlresource.dll")
Region:
id = 2624
start_va = 0x7ff9ad590000
end_va = 0x7ff9ad5c6fff
monitored = 0
entry_point = 0x7ff9ad5920a0
region_type = mapped_file
name = "ehstorshell.dll"
filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")
Region:
id = 2625
start_va = 0x7ff9b98a0000
end_va = 0x7ff9b9cc8fff
monitored = 0
entry_point = 0x7ff9b98c8740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2626
start_va = 0x7ff9ad4c0000
end_va = 0x7ff9ad585fff
monitored = 0
entry_point = 0x7ff9ad4c3ac0
region_type = mapped_file
name = "cscui.dll"
filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll")
Region:
id = 2627
start_va = 0x7ff0000
end_va = 0x7ff1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007ff0000"
filename = ""
Region:
id = 2628
start_va = 0x9520000
end_va = 0x959ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009520000"
filename = ""
Region:
id = 2629
start_va = 0x95a0000
end_va = 0x971ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000095a0000"
filename = ""
Region:
id = 2630
start_va = 0x95a0000
end_va = 0x961ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000095a0000"
filename = ""
Region:
id = 2631
start_va = 0x9710000
end_va = 0x971ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009710000"
filename = ""
Region:
id = 2635
start_va = 0x7ff9b0930000
end_va = 0x7ff9b098efff
monitored = 0
entry_point = 0x7ff9b095bce0
region_type = mapped_file
name = "dsreg.dll"
filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll")
Region:
id = 2636
start_va = 0x7ff9b7d50000
end_va = 0x7ff9b7d5bfff
monitored = 0
entry_point = 0x7ff9b7d527e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2637
start_va = 0x7ff9b2130000
end_va = 0x7ff9b2145fff
monitored = 0
entry_point = 0x7ff9b2131b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2638
start_va = 0x7ff9b7f90000
end_va = 0x7ff9b7f99fff
monitored = 0
entry_point = 0x7ff9b7f91830
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 2639
start_va = 0x9620000
end_va = 0x969ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009620000"
filename = ""
Region:
id = 2732
start_va = 0x8000000
end_va = 0x8001fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008000000"
filename = ""
Region:
id = 2733
start_va = 0x96a0000
end_va = 0x971ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000096a0000"
filename = ""
Region:
id = 2807
start_va = 0x9720000
end_va = 0x979ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009720000"
filename = ""
Region:
id = 2808
start_va = 0x7ff9b7660000
end_va = 0x7ff9b7689fff
monitored = 0
entry_point = 0x7ff9b7668b90
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 2811
start_va = 0x97a0000
end_va = 0x981ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000097a0000"
filename = ""
Region:
id = 2812
start_va = 0x7ff9b57c0000
end_va = 0x7ff9b5a5ffff
monitored = 0
entry_point = 0x7ff9b57c51e0
region_type = mapped_file
name = "gameux.dll"
filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll")
Region:
id = 2813
start_va = 0x8000000
end_va = 0x8001fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008000000"
filename = ""
Region:
id = 2814
start_va = 0x9820000
end_va = 0xa21ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009820000"
filename = ""
Region:
id = 2815
start_va = 0x7ff9b71a0000
end_va = 0x7ff9b71a9fff
monitored = 0
entry_point = 0x7ff9b71a2e50
region_type = mapped_file
name = "msiltcfg.dll"
filename = "\\Windows\\System32\\msiltcfg.dll" (normalized: "c:\\windows\\system32\\msiltcfg.dll")
Region:
id = 2816
start_va = 0x7ff9b7190000
end_va = 0x7ff9b7199fff
monitored = 0
entry_point = 0x7ff9b7191350
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2817
start_va = 0xa220000
end_va = 0xa29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a220000"
filename = ""
Region:
id = 2818
start_va = 0x7ff9b7e30000
end_va = 0x7ff9b7e60fff
monitored = 0
entry_point = 0x7ff9b7e37d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2819
start_va = 0x88e0000
end_va = 0x88e3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 2820
start_va = 0x88f0000
end_va = 0x88f3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 2821
start_va = 0x8900000
end_va = 0x8919fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000019.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000019.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000019.db")
Region:
id = 2822
start_va = 0x88e0000
end_va = 0x88f9fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000019.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000019.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000019.db")
Region:
id = 2966
start_va = 0x4ef0000
end_va = 0x4f03fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cachedimage_1440_900_pos4.jpg"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg")
Thread:
id = 181
os_tid = 0x6b8
Thread:
id = 182
os_tid = 0x6b4
Thread:
id = 183
os_tid = 0x6b0
Thread:
id = 184
os_tid = 0x6a8
Thread:
id = 185
os_tid = 0x6a4
Thread:
id = 186
os_tid = 0x6a0
Thread:
id = 187
os_tid = 0x698
Thread:
id = 188
os_tid = 0x69c
Thread:
id = 189
os_tid = 0x694
Thread:
id = 190
os_tid = 0x680
Thread:
id = 191
os_tid = 0x67c
Thread:
id = 192
os_tid = 0x678
Thread:
id = 193
os_tid = 0x674
Thread:
id = 194
os_tid = 0x670
Thread:
id = 195
os_tid = 0x660
Thread:
id = 196
os_tid = 0x65c
Thread:
id = 203
os_tid = 0x6e8
Thread:
id = 204
os_tid = 0x6ec
Thread:
id = 205
os_tid = 0x6f0
Thread:
id = 206
os_tid = 0x6fc
Thread:
id = 207
os_tid = 0x700
Thread:
id = 208
os_tid = 0x708
Thread:
id = 209
os_tid = 0x710
Thread:
id = 210
os_tid = 0x714
Thread:
id = 211
os_tid = 0x718
Thread:
id = 212
os_tid = 0x71c
Thread:
id = 213
os_tid = 0x720
Thread:
id = 214
os_tid = 0x724
Thread:
id = 215
os_tid = 0x728
Thread:
id = 216
os_tid = 0x72c
Thread:
id = 217
os_tid = 0x730
Thread:
id = 218
os_tid = 0x734
Thread:
id = 219
os_tid = 0x738
Thread:
id = 220
os_tid = 0x73c
Thread:
id = 221
os_tid = 0x740
Thread:
id = 222
os_tid = 0x744
Thread:
id = 223
os_tid = 0x748
Thread:
id = 224
os_tid = 0x74c
Thread:
id = 225
os_tid = 0x750
Thread:
id = 226
os_tid = 0x75c
Thread:
id = 227
os_tid = 0x760
Thread:
id = 228
os_tid = 0x764
Thread:
id = 229
os_tid = 0x768
Thread:
id = 230
os_tid = 0x76c
Thread:
id = 231
os_tid = 0x770
Thread:
id = 232
os_tid = 0x774
Thread:
id = 235
os_tid = 0x778
Thread:
id = 236
os_tid = 0x77c
Thread:
id = 237
os_tid = 0x780
Thread:
id = 238
os_tid = 0x784
Thread:
id = 239
os_tid = 0x794
Thread:
id = 253
os_tid = 0x79c
Thread:
id = 263
os_tid = 0x7ac
Thread:
id = 265
os_tid = 0x7b4
Thread:
id = 266
os_tid = 0x7b8
Process:
id = "13"
image_name = "runtimebroker.exe"
filename = "c:\\windows\\system32\\runtimebroker.exe"
page_root = "0x372cd000"
os_pid = "0x6bc"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "12"
os_parent_pid = "0x270"
cmd_line = "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00011ac1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2426
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2427
start_va = 0xd595f60000
end_va = 0xd595fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000d595f60000"
filename = ""
Region:
id = 2428
start_va = 0xd596000000
end_va = 0xd5961fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000d596000000"
filename = ""
Region:
id = 2429
start_va = 0xd596200000
end_va = 0xd59627ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000d596200000"
filename = ""
Region:
id = 2430
start_va = 0xd596280000
end_va = 0xd5962fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000d596280000"
filename = ""
Region:
id = 2431
start_va = 0xd596300000
end_va = 0xd59637ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000d596300000"
filename = ""
Region:
id = 2432
start_va = 0xd596380000
end_va = 0xd5963fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000d596380000"
filename = ""
Region:
id = 2433
start_va = 0xd596400000
end_va = 0xd59647ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000d596400000"
filename = ""
Region:
id = 2434
start_va = 0x21af3a10000
end_va = 0x21af3a1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af3a10000"
filename = ""
Region:
id = 2435
start_va = 0x21af3a20000
end_va = 0x21af3a20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000021af3a20000"
filename = ""
Region:
id = 2436
start_va = 0x21af3a30000
end_va = 0x21af3a44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af3a30000"
filename = ""
Region:
id = 2437
start_va = 0x21af3a50000
end_va = 0x21af3a53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af3a50000"
filename = ""
Region:
id = 2438
start_va = 0x21af3a60000
end_va = 0x21af3a61fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af3a60000"
filename = ""
Region:
id = 2439
start_va = 0x21af3a70000
end_va = 0x21af3a71fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000021af3a70000"
filename = ""
Region:
id = 2440
start_va = 0x21af3a80000
end_va = 0x21af3b3dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2441
start_va = 0x21af3b40000
end_va = 0x21af3b40fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000021af3b40000"
filename = ""
Region:
id = 2442
start_va = 0x21af3b50000
end_va = 0x21af3b56fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000021af3b50000"
filename = ""
Region:
id = 2443
start_va = 0x21af3b60000
end_va = 0x21af3b60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af3b60000"
filename = ""
Region:
id = 2444
start_va = 0x21af3c00000
end_va = 0x21af3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000021af3c00000"
filename = ""
Region:
id = 2445
start_va = 0x21af3de0000
end_va = 0x21af3de6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000021af3de0000"
filename = ""
Region:
id = 2446
start_va = 0x21af3e00000
end_va = 0x21af3efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000021af3e00000"
filename = ""
Region:
id = 2447
start_va = 0x21af3f00000
end_va = 0x21af4087fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af3f00000"
filename = ""
Region:
id = 2448
start_va = 0x21af4090000
end_va = 0x21af4210fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af4090000"
filename = ""
Region:
id = 2449
start_va = 0x21af4220000
end_va = 0x21af561ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af4220000"
filename = ""
Region:
id = 2450
start_va = 0x7df5ff0a0000
end_va = 0x7ff5ff09ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff0a0000"
filename = ""
Region:
id = 2451
start_va = 0x7ff66ddc0000
end_va = 0x7ff66debffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff66ddc0000"
filename = ""
Region:
id = 2452
start_va = 0x7ff66dec0000
end_va = 0x7ff66dee2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff66dec0000"
filename = ""
Region:
id = 2453
start_va = 0x7ff66e4b0000
end_va = 0x7ff66e4c6fff
monitored = 0
entry_point = 0x7ff66e4b44f0
region_type = mapped_file
name = "runtimebroker.exe"
filename = "\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe")
Region:
id = 2454
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2455
start_va = 0x7ff9b8910000
end_va = 0x7ff9b895afff
monitored = 0
entry_point = 0x7ff9b89135f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2456
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2457
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2458
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2459
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2460
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2461
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2462
start_va = 0x7ff9ba280000
end_va = 0x7ff9ba2bafff
monitored = 0
entry_point = 0x7ff9ba2812f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2463
start_va = 0x7ff9ba2c0000
end_va = 0x7ff9ba402fff
monitored = 0
entry_point = 0x7ff9ba2e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2464
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2465
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2466
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2467
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2468
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2470
start_va = 0x7ff9afb10000
end_va = 0x7ff9afbddfff
monitored = 0
entry_point = 0x7ff9afb414c0
region_type = mapped_file
name = "tokenbroker.dll"
filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")
Region:
id = 2471
start_va = 0x7ff9bbf30000
end_va = 0x7ff9bbff0fff
monitored = 0
entry_point = 0x7ff9bbf50da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2472
start_va = 0x7ff9b8970000
end_va = 0x7ff9b8a24fff
monitored = 0
entry_point = 0x7ff9b89b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2473
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2474
start_va = 0x7ff9b4420000
end_va = 0x7ff9b4555fff
monitored = 0
entry_point = 0x7ff9b444f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2482
start_va = 0x7ff9b6980000
end_va = 0x7ff9b6e12fff
monitored = 0
entry_point = 0x7ff9b698f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2491
start_va = 0x7ff9b70d0000
end_va = 0x7ff9b70e2fff
monitored = 0
entry_point = 0x7ff9b70d2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2492
start_va = 0x21af3b70000
end_va = 0x21af3b70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af3b70000"
filename = ""
Region:
id = 2493
start_va = 0x7ff9b12f0000
end_va = 0x7ff9b1317fff
monitored = 0
entry_point = 0x7ff9b12f8c10
region_type = mapped_file
name = "idstore.dll"
filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")
Region:
id = 2494
start_va = 0x7ff9bbd80000
end_va = 0x7ff9bbe26fff
monitored = 0
entry_point = 0x7ff9bbd958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2495
start_va = 0x7ff9b7070000
end_va = 0x7ff9b708bfff
monitored = 0
entry_point = 0x7ff9b70737a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2496
start_va = 0x21af3b80000
end_va = 0x21af3badfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000021af3b80000"
filename = ""
Thread:
id = 197
os_tid = 0x6e4
Thread:
id = 198
os_tid = 0x6d8
Thread:
id = 199
os_tid = 0x6d4
Thread:
id = 200
os_tid = 0x6c8
Thread:
id = 201
os_tid = 0x6c4
Thread:
id = 202
os_tid = 0x6c0
Process:
id = "14"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x4114a000"
os_pid = "0x8"
os_integrity_level = "0x4000"
os_privileges = "0x60b16080"
monitor_reason = "rpc_server"
parent_id = "10"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalSystemNetworkRestricted"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xa], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\DeviceAssociationService" [0xa], "NT SERVICE\\DevQueryBroker" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\DsSvc" [0xa], "NT SERVICE\\fhsvc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\NcbService" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\NgcSvc" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\ScDeviceEnum" [0xa], "NT SERVICE\\SensorService" [0xa], "NT SERVICE\\SmsRouter" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\svsvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\vmicguestinterface" [0xa], "NT SERVICE\\vmickvpexchange" [0xa], "NT SERVICE\\vmicshutdown" [0xa], "NT SERVICE\\vmicvmsession" [0xa], "NT SERVICE\\vmicvss" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\WiaRpc" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xe], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e032" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2640
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2641
start_va = 0xe0bae50000
end_va = 0xe0baecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bae50000"
filename = ""
Region:
id = 2642
start_va = 0xe0baed0000
end_va = 0xe0baf4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0baed0000"
filename = ""
Region:
id = 2643
start_va = 0xe0baf50000
end_va = 0xe0bafcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0baf50000"
filename = ""
Region:
id = 2644
start_va = 0xe0bb000000
end_va = 0xe0bb1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bb000000"
filename = ""
Region:
id = 2645
start_va = 0xe0bb400000
end_va = 0xe0bb4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bb400000"
filename = ""
Region:
id = 2646
start_va = 0xe0bb500000
end_va = 0xe0bb5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bb500000"
filename = ""
Region:
id = 2647
start_va = 0xe0bb600000
end_va = 0xe0bb6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bb600000"
filename = ""
Region:
id = 2648
start_va = 0xe0bb800000
end_va = 0xe0bb8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bb800000"
filename = ""
Region:
id = 2649
start_va = 0xe0bb900000
end_va = 0xe0bb9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bb900000"
filename = ""
Region:
id = 2650
start_va = 0xe0bbb00000
end_va = 0xe0bbbfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bbb00000"
filename = ""
Region:
id = 2651
start_va = 0xe0bbc00000
end_va = 0xe0bbc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bbc00000"
filename = ""
Region:
id = 2652
start_va = 0xe0bbc80000
end_va = 0xe0bbcfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bbc80000"
filename = ""
Region:
id = 2653
start_va = 0xe0bbd00000
end_va = 0xe0bbdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bbd00000"
filename = ""
Region:
id = 2654
start_va = 0xe0bbe00000
end_va = 0xe0bbefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e0bbe00000"
filename = ""
Region:
id = 2655
start_va = 0x1e6ca850000
end_va = 0x1e6ca85ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6ca850000"
filename = ""
Region:
id = 2656
start_va = 0x1e6ca860000
end_va = 0x1e6ca860fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2657
start_va = 0x1e6ca870000
end_va = 0x1e6ca884fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6ca870000"
filename = ""
Region:
id = 2658
start_va = 0x1e6ca890000
end_va = 0x1e6ca893fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6ca890000"
filename = ""
Region:
id = 2659
start_va = 0x1e6ca8a0000
end_va = 0x1e6ca8a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6ca8a0000"
filename = ""
Region:
id = 2660
start_va = 0x1e6ca8b0000
end_va = 0x1e6ca8b1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6ca8b0000"
filename = ""
Region:
id = 2661
start_va = 0x1e6ca8c0000
end_va = 0x1e6ca97dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2662
start_va = 0x1e6ca980000
end_va = 0x1e6ca980fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6ca980000"
filename = ""
Region:
id = 2663
start_va = 0x1e6ca990000
end_va = 0x1e6ca990fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6ca990000"
filename = ""
Region:
id = 2664
start_va = 0x1e6ca9a0000
end_va = 0x1e6ca9a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6ca9a0000"
filename = ""
Region:
id = 2665
start_va = 0x1e6ca9b0000
end_va = 0x1e6ca9b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6ca9b0000"
filename = ""
Region:
id = 2666
start_va = 0x1e6ca9c0000
end_va = 0x1e6ca9c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6ca9c0000"
filename = ""
Region:
id = 2667
start_va = 0x1e6ca9d0000
end_va = 0x1e6ca9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6ca9d0000"
filename = ""
Region:
id = 2668
start_va = 0x1e6ca9e0000
end_va = 0x1e6ca9e6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6ca9e0000"
filename = ""
Region:
id = 2669
start_va = 0x1e6ca9f0000
end_va = 0x1e6ca9f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mmdevapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui")
Region:
id = 2670
start_va = 0x1e6caa00000
end_va = 0x1e6caafffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6caa00000"
filename = ""
Region:
id = 2671
start_va = 0x1e6cab00000
end_va = 0x1e6cab00fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "audioendpointbuilder.dll.mui"
filename = "\\Windows\\System32\\en-US\\AudioEndpointBuilder.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\audioendpointbuilder.dll.mui")
Region:
id = 2672
start_va = 0x1e6cabb0000
end_va = 0x1e6cabb6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6cabb0000"
filename = ""
Region:
id = 2673
start_va = 0x1e6cac00000
end_va = 0x1e6cacfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6cac00000"
filename = ""
Region:
id = 2674
start_va = 0x1e6cad00000
end_va = 0x1e6cae87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6cad00000"
filename = ""
Region:
id = 2675
start_va = 0x1e6cae90000
end_va = 0x1e6cb010fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6cae90000"
filename = ""
Region:
id = 2676
start_va = 0x1e6cb020000
end_va = 0x1e6cb0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000001e6cb020000"
filename = ""
Region:
id = 2677
start_va = 0x1e6cb2b0000
end_va = 0x1e6cb2b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6cb2b0000"
filename = ""
Region:
id = 2678
start_va = 0x1e6cb300000
end_va = 0x1e6cb3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000001e6cb300000"
filename = ""
Region:
id = 2679
start_va = 0x1e6cb400000
end_va = 0x1e6cb736fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2680
start_va = 0x7df5ffa90000
end_va = 0x7ff5ffa8ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffa90000"
filename = ""
Region:
id = 2681
start_va = 0x7ff715d60000
end_va = 0x7ff715e5ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff715d60000"
filename = ""
Region:
id = 2682
start_va = 0x7ff715e60000
end_va = 0x7ff715e82fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff715e60000"
filename = ""
Region:
id = 2683
start_va = 0x7ff716750000
end_va = 0x7ff71675cfff
monitored = 0
entry_point = 0x7ff716753980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2684
start_va = 0x7ff9ad480000
end_va = 0x7ff9ad4bffff
monitored = 0
entry_point = 0x7ff9ad496c60
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 2685
start_va = 0x7ff9adde0000
end_va = 0x7ff9adde8fff
monitored = 0
entry_point = 0x7ff9adde21d0
region_type = mapped_file
name = "httpprxc.dll"
filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")
Region:
id = 2686
start_va = 0x7ff9addf0000
end_va = 0x7ff9ade47fff
monitored = 0
entry_point = 0x7ff9ade07f80
region_type = mapped_file
name = "ncbservice.dll"
filename = "\\Windows\\System32\\ncbservice.dll" (normalized: "c:\\windows\\system32\\ncbservice.dll")
Region:
id = 2687
start_va = 0x7ff9b0250000
end_va = 0x7ff9b0293fff
monitored = 0
entry_point = 0x7ff9b025c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2688
start_va = 0x7ff9b0f40000
end_va = 0x7ff9b0f75fff
monitored = 0
entry_point = 0x7ff9b0f486d0
region_type = mapped_file
name = "wudfplatform.dll"
filename = "\\Windows\\System32\\WUDFPlatform.dll" (normalized: "c:\\windows\\system32\\wudfplatform.dll")
Region:
id = 2689
start_va = 0x7ff9b0f80000
end_va = 0x7ff9b0f9dfff
monitored = 0
entry_point = 0x7ff9b0f83ce0
region_type = mapped_file
name = "wudfsvc.dll"
filename = "\\Windows\\System32\\WUDFSvc.dll" (normalized: "c:\\windows\\system32\\wudfsvc.dll")
Region:
id = 2690
start_va = 0x7ff9b0fe0000
end_va = 0x7ff9b0fedfff
monitored = 0
entry_point = 0x7ff9b0fe1460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2691
start_va = 0x7ff9b1e60000
end_va = 0x7ff9b1e97fff
monitored = 0
entry_point = 0x7ff9b1e78cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2692
start_va = 0x7ff9b2150000
end_va = 0x7ff9b21bffff
monitored = 0
entry_point = 0x7ff9b2172960
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 2693
start_va = 0x7ff9b21c0000
end_va = 0x7ff9b2209fff
monitored = 0
entry_point = 0x7ff9b21d1450
region_type = mapped_file
name = "audioendpointbuilder.dll"
filename = "\\Windows\\System32\\AudioEndpointBuilder.dll" (normalized: "c:\\windows\\system32\\audioendpointbuilder.dll")
Region:
id = 2694
start_va = 0x7ff9b2300000
end_va = 0x7ff9b2316fff
monitored = 0
entry_point = 0x7ff9b23025d0
region_type = mapped_file
name = "portabledeviceconnectapi.dll"
filename = "\\Windows\\System32\\PortableDeviceConnectApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll")
Region:
id = 2695
start_va = 0x7ff9b2320000
end_va = 0x7ff9b23c0fff
monitored = 0
entry_point = 0x7ff9b2323db0
region_type = mapped_file
name = "portabledeviceapi.dll"
filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")
Region:
id = 2696
start_va = 0x7ff9b24b0000
end_va = 0x7ff9b24c9fff
monitored = 0
entry_point = 0x7ff9b24b4620
region_type = mapped_file
name = "wpdbusenum.dll"
filename = "\\Windows\\System32\\wpdbusenum.dll" (normalized: "c:\\windows\\system32\\wpdbusenum.dll")
Region:
id = 2697
start_va = 0x7ff9b2b10000
end_va = 0x7ff9b2b1bfff
monitored = 0
entry_point = 0x7ff9b2b12830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 2698
start_va = 0x7ff9b61c0000
end_va = 0x7ff9b627dfff
monitored = 0
entry_point = 0x7ff9b6202d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2699
start_va = 0x7ff9b66a0000
end_va = 0x7ff9b66dffff
monitored = 0
entry_point = 0x7ff9b66b1960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 2700
start_va = 0x7ff9b6ee0000
end_va = 0x7ff9b7065fff
monitored = 0
entry_point = 0x7ff9b6f2d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2701
start_va = 0x7ff9b70d0000
end_va = 0x7ff9b70e2fff
monitored = 0
entry_point = 0x7ff9b70d2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2702
start_va = 0x7ff9b7320000
end_va = 0x7ff9b7346fff
monitored = 0
entry_point = 0x7ff9b7327940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2703
start_va = 0x7ff9b7a80000
end_va = 0x7ff9b7b73fff
monitored = 0
entry_point = 0x7ff9b7a8a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2704
start_va = 0x7ff9b7bd0000
end_va = 0x7ff9b7c25fff
monitored = 0
entry_point = 0x7ff9b7be0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2705
start_va = 0x7ff9b8210000
end_va = 0x7ff9b826bfff
monitored = 0
entry_point = 0x7ff9b8226f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2706
start_va = 0x7ff9b85c0000
end_va = 0x7ff9b85ecfff
monitored = 0
entry_point = 0x7ff9b85d9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2707
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2708
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2709
start_va = 0x7ff9b8910000
end_va = 0x7ff9b895afff
monitored = 0
entry_point = 0x7ff9b89135f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2710
start_va = 0x7ff9b8960000
end_va = 0x7ff9b896ffff
monitored = 0
entry_point = 0x7ff9b89656e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2711
start_va = 0x7ff9b8970000
end_va = 0x7ff9b8a24fff
monitored = 0
entry_point = 0x7ff9b89b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2712
start_va = 0x7ff9b8ac0000
end_va = 0x7ff9b8b14fff
monitored = 0
entry_point = 0x7ff9b8ad7970
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2713
start_va = 0x7ff9b9170000
end_va = 0x7ff9b9336fff
monitored = 0
entry_point = 0x7ff9b91cdb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2714
start_va = 0x7ff9b9360000
end_va = 0x7ff9b93a2fff
monitored = 0
entry_point = 0x7ff9b9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2715
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2716
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2717
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2718
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2719
start_va = 0x7ff9b98a0000
end_va = 0x7ff9b9cc8fff
monitored = 0
entry_point = 0x7ff9b98c8740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2720
start_va = 0x7ff9b9df0000
end_va = 0x7ff9b9df7fff
monitored = 0
entry_point = 0x7ff9b9df1ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2721
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2722
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2723
start_va = 0x7ff9ba210000
end_va = 0x7ff9ba27afff
monitored = 0
entry_point = 0x7ff9ba2290c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2724
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2725
start_va = 0x7ff9bbd80000
end_va = 0x7ff9bbe26fff
monitored = 0
entry_point = 0x7ff9bbd958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2726
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2727
start_va = 0x7ff9bbed0000
end_va = 0x7ff9bbf21fff
monitored = 0
entry_point = 0x7ff9bbedf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2728
start_va = 0x7ff9bbf30000
end_va = 0x7ff9bbff0fff
monitored = 0
entry_point = 0x7ff9bbf50da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2729
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2730
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2731
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Thread:
id = 240
os_tid = 0x798
Thread:
id = 241
os_tid = 0x754
Thread:
id = 242
os_tid = 0x560
Thread:
id = 243
os_tid = 0x55c
Thread:
id = 244
os_tid = 0x550
Thread:
id = 245
os_tid = 0x440
Thread:
id = 246
os_tid = 0x43c
Thread:
id = 247
os_tid = 0x438
Thread:
id = 248
os_tid = 0x430
Thread:
id = 249
os_tid = 0x42c
Thread:
id = 250
os_tid = 0x428
Thread:
id = 251
os_tid = 0x280
Thread:
id = 252
os_tid = 0x27c
Process:
id = "15"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x379aa000"
os_pid = "0x684"
os_integrity_level = "0x4000"
os_privileges = "0x260814080"
monitor_reason = "rpc_server"
parent_id = "8"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k appmodel"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:00015159" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2740
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2741
start_va = 0xe4804c0000
end_va = 0xe48053ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e4804c0000"
filename = ""
Region:
id = 2742
start_va = 0xe480540000
end_va = 0xe4805bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480540000"
filename = ""
Region:
id = 2743
start_va = 0xe480600000
end_va = 0xe4807fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480600000"
filename = ""
Region:
id = 2744
start_va = 0xe480800000
end_va = 0xe4808fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480800000"
filename = ""
Region:
id = 2745
start_va = 0xe480900000
end_va = 0xe4809fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480900000"
filename = ""
Region:
id = 2746
start_va = 0xe480a00000
end_va = 0xe480afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480a00000"
filename = ""
Region:
id = 2747
start_va = 0xe480b00000
end_va = 0xe480bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480b00000"
filename = ""
Region:
id = 2748
start_va = 0xe480c00000
end_va = 0xe480cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480c00000"
filename = ""
Region:
id = 2749
start_va = 0x20f7b960000
end_va = 0x20f7b96ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7b960000"
filename = ""
Region:
id = 2750
start_va = 0x20f7b970000
end_va = 0x20f7b970fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2751
start_va = 0x20f7b980000
end_va = 0x20f7b994fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7b980000"
filename = ""
Region:
id = 2752
start_va = 0x20f7b9a0000
end_va = 0x20f7b9a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7b9a0000"
filename = ""
Region:
id = 2753
start_va = 0x20f7b9b0000
end_va = 0x20f7b9b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7b9b0000"
filename = ""
Region:
id = 2754
start_va = 0x20f7b9c0000
end_va = 0x20f7b9c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7b9c0000"
filename = ""
Region:
id = 2755
start_va = 0x20f7b9d0000
end_va = 0x20f7ba8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2756
start_va = 0x20f7ba90000
end_va = 0x20f7ba90fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7ba90000"
filename = ""
Region:
id = 2757
start_va = 0x20f7baa0000
end_va = 0x20f7baa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7baa0000"
filename = ""
Region:
id = 2758
start_va = 0x20f7bab0000
end_va = 0x20f7bab6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7bab0000"
filename = ""
Region:
id = 2759
start_va = 0x20f7bac0000
end_va = 0x20f7bac7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "staterepository-deployment.srd-shm"
filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Deployment.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-deployment.srd-shm")
Region:
id = 2760
start_va = 0x20f7bad0000
end_va = 0x20f7bad7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "staterepository-machine.srd-shm"
filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Machine.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-machine.srd-shm")
Region:
id = 2761
start_va = 0x20f7bae0000
end_va = 0x20f7bae0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7bae0000"
filename = ""
Region:
id = 2762
start_va = 0x20f7baf0000
end_va = 0x20f7baf1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7baf0000"
filename = ""
Region:
id = 2763
start_va = 0x20f7bb00000
end_va = 0x20f7bbfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7bb00000"
filename = ""
Region:
id = 2764
start_va = 0x20f7bc00000
end_va = 0x20f7bd87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7bc00000"
filename = ""
Region:
id = 2765
start_va = 0x20f7bd90000
end_va = 0x20f7bd96fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7bd90000"
filename = ""
Region:
id = 2766
start_va = 0x20f7be00000
end_va = 0x20f7befffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7be00000"
filename = ""
Region:
id = 2767
start_va = 0x20f7bf00000
end_va = 0x20f7c080fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7bf00000"
filename = ""
Region:
id = 2768
start_va = 0x20f7c090000
end_va = 0x20f7c14ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7c090000"
filename = ""
Region:
id = 2769
start_va = 0x20f7c340000
end_va = 0x20f7c346fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7c340000"
filename = ""
Region:
id = 2770
start_va = 0x20f7c400000
end_va = 0x20f7c4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7c400000"
filename = ""
Region:
id = 2771
start_va = 0x7df5ff1b0000
end_va = 0x7ff5ff1affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ff1b0000"
filename = ""
Region:
id = 2772
start_va = 0x7ff715ac0000
end_va = 0x7ff715bbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff715ac0000"
filename = ""
Region:
id = 2773
start_va = 0x7ff715bc0000
end_va = 0x7ff715be2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff715bc0000"
filename = ""
Region:
id = 2774
start_va = 0x7ff716750000
end_va = 0x7ff71675cfff
monitored = 0
entry_point = 0x7ff716753980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2775
start_va = 0x7ff9ae3b0000
end_va = 0x7ff9ae443fff
monitored = 0
entry_point = 0x7ff9ae3e9210
region_type = mapped_file
name = "staterepository.core.dll"
filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")
Region:
id = 2776
start_va = 0x7ff9af570000
end_va = 0x7ff9af812fff
monitored = 0
entry_point = 0x7ff9af596190
region_type = mapped_file
name = "windows.staterepository.dll"
filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")
Region:
id = 2777
start_va = 0x7ff9b7a80000
end_va = 0x7ff9b7b73fff
monitored = 0
entry_point = 0x7ff9b7a8a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2778
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2779
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2780
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2781
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2782
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2783
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2784
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2785
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2786
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2787
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2788
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2789
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2790
start_va = 0xe480d00000
end_va = 0xe480dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480d00000"
filename = ""
Region:
id = 2791
start_va = 0x20f7c500000
end_va = 0x20f7c6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7c500000"
filename = ""
Region:
id = 2792
start_va = 0x20f7c500000
end_va = 0x20f7c5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000020f7c500000"
filename = ""
Region:
id = 2793
start_va = 0xe480e00000
end_va = 0xe480efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000e480e00000"
filename = ""
Region:
id = 2798
start_va = 0x7ff9b4420000
end_va = 0x7ff9b4555fff
monitored = 0
entry_point = 0x7ff9b444f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2799
start_va = 0x7ff9b82c0000
end_va = 0x7ff9b82d6fff
monitored = 0
entry_point = 0x7ff9b82c79d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2800
start_va = 0x7ff9b7f50000
end_va = 0x7ff9b7f83fff
monitored = 0
entry_point = 0x7ff9b7f6ae70
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2801
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2802
start_va = 0x20f7c600000
end_va = 0x20f7c936fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2803
start_va = 0x7ff9b83e0000
end_va = 0x7ff9b83eafff
monitored = 0
entry_point = 0x7ff9b83e19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2804
start_va = 0x20f7bac0000
end_va = 0x20f7bac0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000020f7bac0000"
filename = ""
Thread:
id = 254
os_tid = 0x7a0
Thread:
id = 255
os_tid = 0x6e0
Thread:
id = 256
os_tid = 0x6dc
Thread:
id = 257
os_tid = 0x6d0
Thread:
id = 258
os_tid = 0x690
Thread:
id = 259
os_tid = 0x68c
Thread:
id = 260
os_tid = 0x688
Thread:
id = 261
os_tid = 0x7a4
Thread:
id = 262
os_tid = 0x7a8
Process:
id = "16"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x766ed000"
os_pid = "0x270"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "11"
os_parent_pid = "0x210"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BrokerInfrastructure" [0xa], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\DeviceInstall" [0xa], "NT SERVICE\\LSM" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT SERVICE\\SystemEventsBroker" [0xa], "NT AUTHORITY\\Logon Session 00000000:00005c94" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2827
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2828
start_va = 0x5562e70000
end_va = 0x5562eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005562e70000"
filename = ""
Region:
id = 2829
start_va = 0x5562ef0000
end_va = 0x5562f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005562ef0000"
filename = ""
Region:
id = 2830
start_va = 0x5562f70000
end_va = 0x5562feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005562f70000"
filename = ""
Region:
id = 2831
start_va = 0x5563000000
end_va = 0x55631fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563000000"
filename = ""
Region:
id = 2832
start_va = 0x5563400000
end_va = 0x55634fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563400000"
filename = ""
Region:
id = 2833
start_va = 0x5563600000
end_va = 0x556367ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563600000"
filename = ""
Region:
id = 2834
start_va = 0x5563680000
end_va = 0x55636fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563680000"
filename = ""
Region:
id = 2835
start_va = 0x5563700000
end_va = 0x55637fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563700000"
filename = ""
Region:
id = 2836
start_va = 0x5563800000
end_va = 0x55638fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563800000"
filename = ""
Region:
id = 2837
start_va = 0x5563b00000
end_va = 0x5563bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563b00000"
filename = ""
Region:
id = 2838
start_va = 0x5563c00000
end_va = 0x5563cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563c00000"
filename = ""
Region:
id = 2839
start_va = 0x5563e00000
end_va = 0x5563e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563e00000"
filename = ""
Region:
id = 2840
start_va = 0x5563e80000
end_va = 0x5563f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563e80000"
filename = ""
Region:
id = 2841
start_va = 0x5563f80000
end_va = 0x5563ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005563f80000"
filename = ""
Region:
id = 2842
start_va = 0x5564000000
end_va = 0x55640fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005564000000"
filename = ""
Region:
id = 2843
start_va = 0x5564100000
end_va = 0x55641fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005564100000"
filename = ""
Region:
id = 2844
start_va = 0x5564200000
end_va = 0x55642fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005564200000"
filename = ""
Region:
id = 2845
start_va = 0x5564300000
end_va = 0x55643fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005564300000"
filename = ""
Region:
id = 2846
start_va = 0x5564400000
end_va = 0x55644fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005564400000"
filename = ""
Region:
id = 2847
start_va = 0x5564500000
end_va = 0x556457ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005564500000"
filename = ""
Region:
id = 2848
start_va = 0x5564580000
end_va = 0x55645fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000005564580000"
filename = ""
Region:
id = 2849
start_va = 0x16fe7380000
end_va = 0x16fe738ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe7380000"
filename = ""
Region:
id = 2850
start_va = 0x16fe7390000
end_va = 0x16fe7394fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7390000"
filename = ""
Region:
id = 2851
start_va = 0x16fe73a0000
end_va = 0x16fe73b4fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe73a0000"
filename = ""
Region:
id = 2852
start_va = 0x16fe73c0000
end_va = 0x16fe73c3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe73c0000"
filename = ""
Region:
id = 2853
start_va = 0x16fe73d0000
end_va = 0x16fe73d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe73d0000"
filename = ""
Region:
id = 2854
start_va = 0x16fe73e0000
end_va = 0x16fe73e1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe73e0000"
filename = ""
Region:
id = 2855
start_va = 0x16fe73f0000
end_va = 0x16fe74adfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2856
start_va = 0x16fe74b0000
end_va = 0x16fe74b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe74b0000"
filename = ""
Region:
id = 2857
start_va = 0x16fe74c0000
end_va = 0x16fe74c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe74c0000"
filename = ""
Region:
id = 2858
start_va = 0x16fe74d0000
end_va = 0x16fe74d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe74d0000"
filename = ""
Region:
id = 2859
start_va = 0x16fe74e0000
end_va = 0x16fe74e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe74e0000"
filename = ""
Region:
id = 2860
start_va = 0x16fe74f0000
end_va = 0x16fe74f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe74f0000"
filename = ""
Region:
id = 2861
start_va = 0x16fe7500000
end_va = 0x16fe7500fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe7500000"
filename = ""
Region:
id = 2862
start_va = 0x16fe7510000
end_va = 0x16fe7516fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7510000"
filename = ""
Region:
id = 2863
start_va = 0x16fe7520000
end_va = 0x16fe7520fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe7520000"
filename = ""
Region:
id = 2864
start_va = 0x16fe7530000
end_va = 0x16fe7532fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsm.dll.mui"
filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui")
Region:
id = 2865
start_va = 0x16fe7540000
end_va = 0x16fe7540fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2866
start_va = 0x16fe7550000
end_va = 0x16fe7556fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7550000"
filename = ""
Region:
id = 2867
start_va = 0x16fe7560000
end_va = 0x16fe7560fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7560000"
filename = ""
Region:
id = 2868
start_va = 0x16fe7570000
end_va = 0x16fe7570fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7570000"
filename = ""
Region:
id = 2869
start_va = 0x16fe7580000
end_va = 0x16fe7580fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe7580000"
filename = ""
Region:
id = 2870
start_va = 0x16fe7590000
end_va = 0x16fe7590fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe7590000"
filename = ""
Region:
id = 2871
start_va = 0x16fe75a0000
end_va = 0x16fe75a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe75a0000"
filename = ""
Region:
id = 2872
start_va = 0x16fe75c0000
end_va = 0x16fe75c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe75c0000"
filename = ""
Region:
id = 2873
start_va = 0x16fe7600000
end_va = 0x16fe76fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7600000"
filename = ""
Region:
id = 2874
start_va = 0x16fe7700000
end_va = 0x16fe77fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7700000"
filename = ""
Region:
id = 2875
start_va = 0x16fe7800000
end_va = 0x16fe78bffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe7800000"
filename = ""
Region:
id = 2876
start_va = 0x16fe78f0000
end_va = 0x16fe78f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe78f0000"
filename = ""
Region:
id = 2877
start_va = 0x16fe7900000
end_va = 0x16fe79fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7900000"
filename = ""
Region:
id = 2878
start_va = 0x16fe7a00000
end_va = 0x16fe7b87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe7a00000"
filename = ""
Region:
id = 2879
start_va = 0x16fe7bc0000
end_va = 0x16fe7bc6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7bc0000"
filename = ""
Region:
id = 2880
start_va = 0x16fe7c00000
end_va = 0x16fe7cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7c00000"
filename = ""
Region:
id = 2881
start_va = 0x16fe7d00000
end_va = 0x16fe7dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe7d00000"
filename = ""
Region:
id = 2882
start_va = 0x16fe7e00000
end_va = 0x16fe8136fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2883
start_va = 0x16fe8200000
end_va = 0x16fe82fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe8200000"
filename = ""
Region:
id = 2884
start_va = 0x16fe8300000
end_va = 0x16fe8480fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000016fe8300000"
filename = ""
Region:
id = 2885
start_va = 0x16fe8490000
end_va = 0x16fe858ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000016fe8490000"
filename = ""
Region:
id = 2886
start_va = 0x16fe8590000
end_va = 0x16fe866ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2887
start_va = 0x7df5ffbc0000
end_va = 0x7ff5ffbbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffbc0000"
filename = ""
Region:
id = 2888
start_va = 0x7ff7158e0000
end_va = 0x7ff7159dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7158e0000"
filename = ""
Region:
id = 2889
start_va = 0x7ff7159e0000
end_va = 0x7ff715a02fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007ff7159e0000"
filename = ""
Region:
id = 2890
start_va = 0x7ff716750000
end_va = 0x7ff71675cfff
monitored = 0
entry_point = 0x7ff716753980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2891
start_va = 0x7ff9afde0000
end_va = 0x7ff9afdf4fff
monitored = 0
entry_point = 0x7ff9afde1ab0
region_type = mapped_file
name = "execmodelproxy.dll"
filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")
Region:
id = 2892
start_va = 0x7ff9afe00000
end_va = 0x7ff9afe0dfff
monitored = 0
entry_point = 0x7ff9afe022f0
region_type = mapped_file
name = "sebbackgroundmanagerpolicy.dll"
filename = "\\Windows\\System32\\SebBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\sebbackgroundmanagerpolicy.dll")
Region:
id = 2893
start_va = 0x7ff9afe10000
end_va = 0x7ff9afe27fff
monitored = 0
entry_point = 0x7ff9afe13f00
region_type = mapped_file
name = "windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll"
filename = "\\Windows\\System32\\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll")
Region:
id = 2894
start_va = 0x7ff9afe30000
end_va = 0x7ff9afe3bfff
monitored = 0
entry_point = 0x7ff9afe34b50
region_type = mapped_file
name = "cbtbackgroundmanagerpolicy.dll"
filename = "\\Windows\\System32\\CbtBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\cbtbackgroundmanagerpolicy.dll")
Region:
id = 2895
start_va = 0x7ff9afe40000
end_va = 0x7ff9afe65fff
monitored = 0
entry_point = 0x7ff9afe47a80
region_type = mapped_file
name = "acpbackgroundmanagerpolicy.dll"
filename = "\\Windows\\System32\\ACPBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\acpbackgroundmanagerpolicy.dll")
Region:
id = 2896
start_va = 0x7ff9b00d0000
end_va = 0x7ff9b00dffff
monitored = 0
entry_point = 0x7ff9b00d23f0
region_type = mapped_file
name = "backgroundmediapolicy.dll"
filename = "\\Windows\\System32\\BackgroundMediaPolicy.dll" (normalized: "c:\\windows\\system32\\backgroundmediapolicy.dll")
Region:
id = 2897
start_va = 0x7ff9b0250000
end_va = 0x7ff9b0293fff
monitored = 0
entry_point = 0x7ff9b025c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2898
start_va = 0x7ff9b2670000
end_va = 0x7ff9b267ffff
monitored = 0
entry_point = 0x7ff9b2672c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 2899
start_va = 0x7ff9b2b10000
end_va = 0x7ff9b2b1bfff
monitored = 0
entry_point = 0x7ff9b2b12830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 2900
start_va = 0x7ff9b30d0000
end_va = 0x7ff9b3161fff
monitored = 0
entry_point = 0x7ff9b311a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2901
start_va = 0x7ff9b61c0000
end_va = 0x7ff9b627dfff
monitored = 0
entry_point = 0x7ff9b6202d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2902
start_va = 0x7ff9b6670000
end_va = 0x7ff9b6690fff
monitored = 0
entry_point = 0x7ff9b66792a0
region_type = mapped_file
name = "dab.dll"
filename = "\\Windows\\System32\\dab.dll" (normalized: "c:\\windows\\system32\\dab.dll")
Region:
id = 2903
start_va = 0x7ff9b66a0000
end_va = 0x7ff9b66dffff
monitored = 0
entry_point = 0x7ff9b66b1960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 2904
start_va = 0x7ff9b66e0000
end_va = 0x7ff9b6742fff
monitored = 0
entry_point = 0x7ff9b66fc010
region_type = mapped_file
name = "systemeventsbrokerserver.dll"
filename = "\\Windows\\System32\\SystemEventsBrokerServer.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerserver.dll")
Region:
id = 2905
start_va = 0x7ff9b6980000
end_va = 0x7ff9b6e12fff
monitored = 0
entry_point = 0x7ff9b698f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2906
start_va = 0x7ff9b6ec0000
end_va = 0x7ff9b6edafff
monitored = 0
entry_point = 0x7ff9b6ecaf40
region_type = mapped_file
name = "capauthz.dll"
filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll")
Region:
id = 2907
start_va = 0x7ff9b70d0000
end_va = 0x7ff9b70e2fff
monitored = 0
entry_point = 0x7ff9b70d2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2908
start_va = 0x7ff9b71b0000
end_va = 0x7ff9b71c0fff
monitored = 0
entry_point = 0x7ff9b71b5e90
region_type = mapped_file
name = "licensemanagerapi.dll"
filename = "\\Windows\\System32\\LicenseManagerApi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll")
Region:
id = 2909
start_va = 0x7ff9b7320000
end_va = 0x7ff9b7346fff
monitored = 0
entry_point = 0x7ff9b7327940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2910
start_va = 0x7ff9b7400000
end_va = 0x7ff9b74fffff
monitored = 0
entry_point = 0x7ff9b7440f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2911
start_va = 0x7ff9b7500000
end_va = 0x7ff9b758cfff
monitored = 0
entry_point = 0x7ff9b752ac70
region_type = mapped_file
name = "psmserviceexthost.dll"
filename = "\\Windows\\System32\\PsmServiceExtHost.dll" (normalized: "c:\\windows\\system32\\psmserviceexthost.dll")
Region:
id = 2912
start_va = 0x7ff9b7590000
end_va = 0x7ff9b759bfff
monitored = 0
entry_point = 0x7ff9b7592480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 2913
start_va = 0x7ff9b75a0000
end_va = 0x7ff9b765bfff
monitored = 0
entry_point = 0x7ff9b75dc480
region_type = mapped_file
name = "lsm.dll"
filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll")
Region:
id = 2914
start_va = 0x7ff9b7660000
end_va = 0x7ff9b7689fff
monitored = 0
entry_point = 0x7ff9b7668b90
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 2915
start_va = 0x7ff9b7690000
end_va = 0x7ff9b76bffff
monitored = 0
entry_point = 0x7ff9b769f7c0
region_type = mapped_file
name = "psmsrv.dll"
filename = "\\Windows\\System32\\psmsrv.dll" (normalized: "c:\\windows\\system32\\psmsrv.dll")
Region:
id = 2916
start_va = 0x7ff9b76c0000
end_va = 0x7ff9b7754fff
monitored = 0
entry_point = 0x7ff9b76f36c0
region_type = mapped_file
name = "bisrv.dll"
filename = "\\Windows\\System32\\bisrv.dll" (normalized: "c:\\windows\\system32\\bisrv.dll")
Region:
id = 2917
start_va = 0x7ff9b77e0000
end_va = 0x7ff9b78c2fff
monitored = 0
entry_point = 0x7ff9b783e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2918
start_va = 0x7ff9b78d0000
end_va = 0x7ff9b78dbfff
monitored = 0
entry_point = 0x7ff9b78d2790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 2919
start_va = 0x7ff9b78e0000
end_va = 0x7ff9b7903fff
monitored = 0
entry_point = 0x7ff9b78e3260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2920
start_va = 0x7ff9b7910000
end_va = 0x7ff9b7a07fff
monitored = 0
entry_point = 0x7ff9b791d580
region_type = mapped_file
name = "tdh.dll"
filename = "\\Windows\\System32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll")
Region:
id = 2921
start_va = 0x7ff9b7a10000
end_va = 0x7ff9b7a25fff
monitored = 0
entry_point = 0x7ff9b7a13630
region_type = mapped_file
name = "umpoext.dll"
filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll")
Region:
id = 2922
start_va = 0x7ff9b7a30000
end_va = 0x7ff9b7a51fff
monitored = 0
entry_point = 0x7ff9b7a375f0
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 2923
start_va = 0x7ff9b7a60000
end_va = 0x7ff9b7a7ffff
monitored = 0
entry_point = 0x7ff9b7a61920
region_type = mapped_file
name = "umpnpmgr.dll"
filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll")
Region:
id = 2924
start_va = 0x7ff9b7a80000
end_va = 0x7ff9b7b73fff
monitored = 0
entry_point = 0x7ff9b7a8a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2925
start_va = 0x7ff9b7bd0000
end_va = 0x7ff9b7c25fff
monitored = 0
entry_point = 0x7ff9b7be0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2926
start_va = 0x7ff9b7e30000
end_va = 0x7ff9b7e60fff
monitored = 0
entry_point = 0x7ff9b7e37d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2927
start_va = 0x7ff9b80a0000
end_va = 0x7ff9b80befff
monitored = 0
entry_point = 0x7ff9b80a5d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2928
start_va = 0x7ff9b83e0000
end_va = 0x7ff9b83eafff
monitored = 0
entry_point = 0x7ff9b83e19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2929
start_va = 0x7ff9b85c0000
end_va = 0x7ff9b85ecfff
monitored = 0
entry_point = 0x7ff9b85d9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2930
start_va = 0x7ff9b8750000
end_va = 0x7ff9b8768fff
monitored = 0
entry_point = 0x7ff9b8755e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 2931
start_va = 0x7ff9b8770000
end_va = 0x7ff9b8798fff
monitored = 0
entry_point = 0x7ff9b8784530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2932
start_va = 0x7ff9b88e0000
end_va = 0x7ff9b88f3fff
monitored = 0
entry_point = 0x7ff9b88e52e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2933
start_va = 0x7ff9b8900000
end_va = 0x7ff9b890efff
monitored = 0
entry_point = 0x7ff9b8903210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2934
start_va = 0x7ff9b8910000
end_va = 0x7ff9b895afff
monitored = 0
entry_point = 0x7ff9b89135f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2935
start_va = 0x7ff9b8970000
end_va = 0x7ff9b8a24fff
monitored = 0
entry_point = 0x7ff9b89b22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2936
start_va = 0x7ff9b8b20000
end_va = 0x7ff9b9163fff
monitored = 0
entry_point = 0x7ff9b8ce64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2937
start_va = 0x7ff9b9360000
end_va = 0x7ff9b93a2fff
monitored = 0
entry_point = 0x7ff9b9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2938
start_va = 0x7ff9b93b0000
end_va = 0x7ff9b9597fff
monitored = 0
entry_point = 0x7ff9b93dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2939
start_va = 0x7ff9b9650000
end_va = 0x7ff9b96b9fff
monitored = 0
entry_point = 0x7ff9b9686d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2940
start_va = 0x7ff9b96c0000
end_va = 0x7ff9b9766fff
monitored = 0
entry_point = 0x7ff9b96cb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2941
start_va = 0x7ff9b9780000
end_va = 0x7ff9b989bfff
monitored = 0
entry_point = 0x7ff9b97c02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2942
start_va = 0x7ff9b9e00000
end_va = 0x7ff9ba07cfff
monitored = 0
entry_point = 0x7ff9b9ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2943
start_va = 0x7ff9ba080000
end_va = 0x7ff9ba205fff
monitored = 0
entry_point = 0x7ff9ba0cffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2944
start_va = 0x7ff9ba2c0000
end_va = 0x7ff9ba402fff
monitored = 0
entry_point = 0x7ff9ba2e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2945
start_va = 0x7ff9ba410000
end_va = 0x7ff9ba47efff
monitored = 0
entry_point = 0x7ff9ba435f70
region_type = mapped_file
name = "coml2.dll"
filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")
Region:
id = 2946
start_va = 0x7ff9ba4e0000
end_va = 0x7ff9ba635fff
monitored = 0
entry_point = 0x7ff9ba4ea8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2947
start_va = 0x7ff9bbd80000
end_va = 0x7ff9bbe26fff
monitored = 0
entry_point = 0x7ff9bbd958d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2948
start_va = 0x7ff9bbe30000
end_va = 0x7ff9bbeccfff
monitored = 0
entry_point = 0x7ff9bbe378a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2949
start_va = 0x7ff9bbed0000
end_va = 0x7ff9bbf21fff
monitored = 0
entry_point = 0x7ff9bbedf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2950
start_va = 0x7ff9bbf30000
end_va = 0x7ff9bbff0fff
monitored = 0
entry_point = 0x7ff9bbf50da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2951
start_va = 0x7ff9bc1b0000
end_va = 0x7ff9bc20afff
monitored = 0
entry_point = 0x7ff9bc1c38b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2952
start_va = 0x7ff9bc210000
end_va = 0x7ff9bc2bcfff
monitored = 0
entry_point = 0x7ff9bc2281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2953
start_va = 0x7ff9bc2c0000
end_va = 0x7ff9bc480fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Thread:
id = 268
os_tid = 0x638
Thread:
id = 269
os_tid = 0x634
Thread:
id = 270
os_tid = 0x630
Thread:
id = 271
os_tid = 0x178
Thread:
id = 272
os_tid = 0x2e0
Thread:
id = 273
os_tid = 0x254
Thread:
id = 274
os_tid = 0x368
Thread:
id = 275
os_tid = 0x360
Thread:
id = 276
os_tid = 0x330
Thread:
id = 277
os_tid = 0x32c
Thread:
id = 278
os_tid = 0x2d8
Thread:
id = 279
os_tid = 0x2d4
Thread:
id = 280
os_tid = 0x2c0
Thread:
id = 281
os_tid = 0x2b0
Thread:
id = 282
os_tid = 0x2a4
Thread:
id = 283
os_tid = 0x29c
Thread:
id = 284
os_tid = 0x298
Thread:
id = 285
os_tid = 0x284
Thread:
id = 286
os_tid = 0x278
Thread:
id = 287
os_tid = 0x274